Yahoo was the victim of a massive, state-sponsored Russian cyber hack in 2014 that exposed some 500 million email accounts, the Department of Justice said on Wednesday.
In announcing the indictments of two Kremlin spies and a pair of hackers — who pulled off one of the biggest data breaches in history — acting Assistant Attorney General Mary McCord said, “The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI’s point of contact in Moscow on cybercrime matters, is beyond the pale.”
The Russian officers at the FSB — a successor intelligence agency to the KGB — were identified as Dmitry Dokuchaev, 33, and his superior, Igor Sushchin, 43, she said.
The hacks were carried out by Alexsey Belan, 29, a Russian national who is on the FBI’s list of most-wanted cyber criminals, and Karim Baratov, 22, who was born in Kazakhstan but has Canadian citizenship, the feds said.
The four men engineered the intrusion into Yahoo beginning in January 2014 that compromised 500 million email accounts, the federal complaint alleges and together face 47 criminal charges, including conspiracy, computer fraud, economic espionage, theft of trade secrets and aggravated identity theft.
Baratov has been taken into custody in Canada. It’s not clear whether Belan, Dokuchaev or Sushchin will ever step foot in an American courtroom since there’s no extradition treaty with Russia.
Dokuchaev, according to reports in Russian media, had been accused of treason for cooperating with the CIA. The reports identified Dokuchaev as a hacker who worked under the alias “Forb” before joining the FSB.
McCord noted that Belan, who was also know as “Magg,” had been indicted in the U.S. before, in Sept. 2012 and June 2013, for “notorious criminal conduct.” He had been arrested in Europe in 2013, but escaped before he could be extradited to the US, the indictment says.
Named one of the FBI’s “Cyber Most Wanted” criminals in November 2013, Belan was subject to a “Red Notice” alerting any Interpol member — including Russia — to nab him on sight.
“FSB officers, instead of detaining him, used him to break into Yahoo’s networks” — a twist that “makes this that much more egregious,” McCord said.
Along with the cyber-espionage operation, Belan turned the enterprise into his own cash cow.
After infiltrating Yahoo email accounts with various ploys including “spear phishing” emails, Belan “lined his pockets” by stealing gift cards and credit-card numbers, McCord said.
He also created an online marketing scheme that redirected Yahoo search results for erectile dysfunction drugs to another online website so he could earn commissions. On another occasion, he used his access to the contacts in 30 million accounts to create a spam campaign, the feds say.
“They targeted Yahoo accounts. Russian and US government officials and cyber security, diplomatic and military personnel,” she said. “They also targeted Russian journalists, numerous employees of other providers, whose networks the conspirators sought to exploit and employees of financial services and other commercial entities.”
The two Moscow spies aided Belan by giving him sensitive FSB intel that would have helped him avoid detection by U.S. and other law enforcement agencies outside Russia, according to the indictment.
Belan and Baratov used the high-tech gadgets to gain access to executives and managers of a prominent Russian investment and banking firm, a French transportation company, a US financial services firm and a US airline, the indictment says. They were not identified in court documents.
When Sushchin and Dokuchaev learned that “targets of interest” had emails addresses at other sites than Yahoo they unleashed Baratov to find their accounts, paying him a bounty for each one. Through this they uncovered the emails for an assistant to the deputy chairman of the Russian Federation and an officer of the Russian Ministry of Internal Affairs, the charging document says.
The indictment of the Russian comes amid investigations into Moscow’s efforts to sway the 2016 presidential election, including the hacking of the Democratic National Committee last summer.
The breach shook Yahoo, which didn’t disclose the cyberattacks until last year, to the core and eroded the credibility of CEO Marissa Mayer who lost her 2016 bonus and 2017 stock compensation worth millions of dollars.
In a written statement, Yahoo’s assistant general counsel Chris Madsen said the indictment “unequivocally shows the attacks on Yahoo were state-sponsored. We are deeply grateful to the FBI for investigating these crimes and the DOJ for bringing charges against those responsible.”