Russian! spies! 'brains! behind!' Yahoo! mega-hack! – four! charged!
Two FSB agents and two stooges fingered for 2014's 500m webmail account raid
The net widens
When the FSB saw that some of their targets had other webmail accounts besides the ones on Yahoo!, the FSB hired Baratov to crack them, the indictment states. Baratov was hired on a commission basis and the US authorities claim he successfully broke into 80 million accounts – many of them at Google, which has also been helping the FBI with its inquiries.
Yahoo! has since said that it called in the government in 2014 when it became aware of the hacking. Around the same time, it hired security guru Alex Stamos as chief security officer, although he jumped ship to Facebook less than two years later after reportedly getting frustrated at the lack of attention Yahoo!'s senior management were giving to security.
Two years later, the web giant decided to go public and admitted it had been thoroughly hacked, sparking a mass panic. CEO Marissa Mayer had to forgo her annual bonus, and the value of her business dropped for potential suitor Verizon. Yahoo! said today's charges are unrelated to a separate break-in of its email system that led to the theft of more than a billion webmail account records in 2013.
Baratov was identified by the FBI over the course of their investigation into the Yahoo! hacks and a warrant was issued for his arrest on March 7. The Canadian police caught him seven days later and he's currently in custody.
The indictment states that Dokuchaev, 33, is an officer in the FSB Center for Information Security and resident in Russia, while his boss Sushchin has a cover position as CSO for a Russian investment bank. Belan is also thought to be in Russia, and Interpol (of which Russia is a member) has put out a Red Notice calling for his immediate arrest and extradition to the US.
"Once again, the Department and the FBI have demonstrated that hackers around the world can and will be exposed and held accountable," said Acting Assistant Attorney General of the Department of Justice, Mary McCord.
"State actors may be using common criminals to access the data they want, but the indictment shows that our companies do not have to stand alone against this threat. We commend Yahoo! and Google for their sustained and invaluable cooperation in the investigation aimed at obtaining justice for, and protecting the privacy of, their users."
The list of charges is extensive: they range from conspiring to commit computer fraud and abuse to conspiring to engage in economic espionage and theft of trade secrets. ®
Sponsored: Becoming a Pragmatic Security Leader