Two Russian intelligence officials are amongst four charged by the DOJ on March 15 for the attack on Yahoo. (AP Photo/Marcio Jose Sanchez)
Prosecutors today unsealed an indictment charging four men, including two Russian intelligence officials, with a 2014 hack of Yahoo that affected 500 million accounts. The U.S. claimed the FSB agents – Dmitry Dokuchaev and Igor Sushchin – conspired with an FBI Most Wanted hacker Alexey Belan to carry out the attack. Canadian police arrested a fourth individual, Kazakh national Karim Baratov, for his alleged involvement in the breach.
Yahoo first blamed the 2014 attack on a nation state in December 2016, when it admitted a separate breach hit an astonishing 1 billion customer accounts in 2013. In both attacks, the leaked data included emails, encrypted passwords, addresses and other contact details, but no credit cards, according to Yahoo.
But today’s announcement revealed the astonishing breadth of the Yahoo attack, including the news that Google accounts were also targeted by the hackers and that the Mountain View giant helped with the investigation. The conspirators were alleged to have taken stolen information from Yahoo to steal email content from Google and other webmail providers, the Department of Justice said. That included credit card data.
The DOJ claimed that Dokuchaev and Sushchin, working from the FSB’s Center for Information Security in Moscow, recruited alleged cybercriminals Belan and Baratov, who took the opportunity to “line their own pockets” for further attacks using the information they stole. According to prosecutors, Belan, already accused of hacks of three major American e-commerce companies in Nevada and California, worked with Dokuchaev and his superior Sushchin to access 6,500 Yahoo accounts by crafting authentication cookies — slices of code designed to allow easy access to authorized users.
Multiple specific targets were highlighted by the DOJ, including Russian journalists, Russian and U.S. government officials, employees of a major Russian cybersecurity company, a French transportation company, U.S. financial services and private equity firms, and an American airline.
Belan was given special treatment by the FSB, who gave him information that would have allowed him to avoid arrest, prosecutors alleged. He also used his access to Yahoo accounts for further crimes, stealing financial information such as gift and credit card numbers and hacking more than 30 million accounts whose contacts were stolen for a massive spam campaign, according to the indictment.
Department of Justice
Alexey Belan is accused of hacking Yahoo. He’s already on the FBI’s Most Wanted list.
Baratov was asked to break into more than 80 accounts in exchange for commissions, the DOJ said. He was arrested by Montreal police on March 14, while the others remain at large.
The FBI’s Paul Abbate said the U.S. asked Russia to send Belan to face charges back in 2014, but hadn’t received a response. He was first arrested in Europe on a request from the U.S. in June 2013, but managed to escape. Belan was also one of two cybercriminals sanctioned by Obama for the DNC hacks, though it’s unclear what role, if any, he played in that attack.
Dokuchaev may have been the subject of a separate Russian investigation. An FSB officer of the same name was one of a handful believed to have been arrested in Russia in January as part of an apparent corruption probe, alongside other FSB officers and a Kaspersky Lab security researcher.
Sushchin, meanwhile, appears to have been acting undercover for the FSB. The DOJ said he “was embedded as a purported employee and head of information security at a Russian investment bank.”
Why Russia targeted Yahoo
The charges mark the second time in a matter of months that the U.S. government has accused Moscow spies of involvement in hacks of American organizations, following the FBI and DHS assessment that Putin played a direct role in the cyberattack on the Democratic National Committee. The Yahoo breach indictment was not linked to the DNC attack, said acting assistant attorney general Mary McCord.
For Russia’s intelligence agencies, it’s likely Yahoo represented a “massive treasure trove of information on users that range from current and future U.S. government officials to business leaders,” said Peter Singer, strategist and senior fellow at think tank New America.
He compared the Yahoo hack to that of health insurance provider Anthem, an attack that was also linked to state actors and saw nearly 80 million individuals’ names, birthdays, medical IDs, social security numbers, street addresses, emails and employment information leaked. That included data on government officials. “Information is gold not just in modern economy but modern espionage,” said Singer.
As for Yahoo, the multiple hacks have already had a significant impact: its $4.83 billion acquisition by Verizon was cut by $350 million as a result of the breaches.
Got a tip? Email at TFox-Brewster@forbes.com or email@example.com for PGP mail. Get me on Signal on +447837496820 or firstname.lastname@example.org on Jabber for encrypted chat.