Russian Spies Indicted in Massive 2014 Yahoo Hack
By VOA News March 15, 2017
The U.S. Department of Justice on Wednesday announced indictments for two Russian spies and two other people suspected of stealing personal information from hundreds of millions of people in the 2014 hack of Yahoo.
Assistant Attorney General Mary McCord said the four indictments include two officers from the Russian Federal Security Service (FSB) and two hackers who helped them in the intrusion.
The FSB officers, identified as Dmitry Dokuchaev and Igor Sushchin, "protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the United States and elsewhere," she said.
She said the hackers targeted the accounts of government officials from both Russia and the U.S., as well as journalists, financial services employees and military personnel.
One of the co-conspirators, Alexsey Belan, has been indicted twice before by the U.S. for similar hacking exploits, and has been on the FBI's most wanted cyber criminals list for more than three years.
The other hacker, Karim Baratov, was arrested Tuesday in Canada, McCord said.
The FSB is Russia's intelligence agency. The unit within the FSB where the two defendants work, known as Center 18, is the main FBI "point of contact in Moscow for cyber-crime matters," according to McCord.
"The involvement and direction of FSB officers with law enforcement responsibilities makes this conduct that much more egregious," she said. "There are no free passes for foreign state-sponsored criminal behavior."
In 2014, Yahoo's security team uncovered evidence that a hacker backed by an unnamed foreign government had pried into user accounts, but executives "failed to act sufficiently" on that knowledge, according to the results of an internal investigation. At that time, Yahoo only notified 26 people that their accounts had been breached.
That breach affected at least 500 million users whose email addresses, birth dates, answers to security questions, and other personal information may have been stolen.
Three months later, Yahoo revealed it had uncovered a separate hack in 2013 affecting about 1 billion accounts, including some that were also hit in 2014.
The company's investigation into the mishandled hack led to the loss of an annual bonus for CEO Marissa Mayer and the resignation of Yahoo's general counsel, Ronald Bell.
|Join the GlobalSecurity.org mailing list|