The US Department of Justice has brought in accusations against two Russian FSB officers as well as two criminal hackers of being behind the massive Yahoo data breach, that saw over 500 million accounts hacked. The DOJ has also claimed that the group began attempting to use the illegally obtained data from as early as January 2014, and continued the misuse until December 2016.
A grand jury in the Northern District of California, today announced that it was indicting four defendants under charges of computer hacking, economic espionage and other criminal offenses. The court says that the aim of this groups was to access Yahoo’s network and the contents of its webmail accounts.
The four defendants have been identified as:
- Dmitry Aleksandrovich Dokuchaev, 33, a Russian national and resident
(An Officer in the FSB Center for Information Security, or “Center 18”)- Igor Anatolyevich Sushchin, 43, a Russian national and resident (An FSB officer, a superior to Dokuchaev within the FSB)
- Alexsey Alexseyevich Belan, aka “Magg,” 29, a Russian national and resident.
(Indicted twice before, Been upon FBI’s “Cyber Most Wanted” list, Currently the subject of a pending “Red Notice”)- Karim Baratov, aka “Kay,” “Karim Taloverov” and “Karim Akehmet Tokbergenov,” 22, a Canadian and Kazakh national and a resident of Canada.
The court says:
The defendants used unauthorized access to Yahoo’s systems to steal information from about at least 500 million Yahoo accounts and then used some of that stolen information to obtain unauthorized access to the contents of accounts at Yahoo, Google and other webmail providers, including accounts of Russian journalists, U.S. and Russian government officials and private-sector employees of financial, transportation and other companies.
Apparently, one of the aforementioned defendants was of a more entrepreneurial mindset and also used his access to Yahoo’s network for personal financial gains. For example, he searched Yahoo user communications for credit card and gift card account numbers. He also managed to redirect a subset of Yahoo search engine web traffic to make commission and finally, enabled the theft of the contacts of at least 30 million Yahoo accounts so as to kick off a spam campaign.
While Baratov has been arrested in Canada, it is highly unlikely that any of the other three will present themselves before US courts, considering that they are Russian nationals. However, the fact that they were FSB officers puts a new turn on things while also vindicating Yahoo.
Speaking on the topic, Chris Madsen, Assistant General Counsel, Head of Global Law Enforcement, Security & Safety, said:
The indictment unequivocally shows the attacks on Yahoo were state-sponsored. We are deeply grateful to the FBI for investigating these crimes and the DOJ for bringing charges against those responsible.
You can read more about the DOJ’s take on the matter, right here.