Four charged, including 2 Russian intel officers, in massive Yahoo hacks

WASHINGTON — Four people, including two Russian intelligence officers, have been charged in a Yahoo hacking attack that compromised the personal information of hundreds of millions of consumers, the Justice Department said Wednesday.

Federal prosecutors alleged the suspects hacked into Yahoo systems to "steal information from about 500 million accounts and then used some of that stolen information to obtain unauthorized access to the contents of accounts at Yahoo, Google and other webmail providers."

This marks the first time the U.S. government has issued criminal charges against Russian officials for cyber attacks.

"The indictment unequivocally shows the attacks on Yahoo were state-sponsored," Chris Madsen, Yahoo's assistant general counsel and head of global law enforcement, said in a statement. "We are deeply grateful to the FBI for investigating these crimes and the DOJ for bringing charges against those responsible."

Yahoo said when it revealed the security breach in September that it believed the attack was state-sponsored. It disclosed a second security breach in December that was even larger than the first, affecting approximately one billion Yahoo accounts. That breach has not been connected to the first.

The two officers of the FSB, Russia's Federal Security Service, Dmitry Dokuchaev and Igor Sushchin, allegedly paid hackers to break into Yahoo's systems as part of an intelligence collection operation and for-profit scheme to "line the pockets" of all involved, federal prosecutors alleged.

“The defendants targeted Yahoo accounts of Russian and U.S. government officials, including cyber security, diplomatic and military personnel,’’ Assistant Attorney General Mary McCord said at a Justice Department briefing in Washington. “They also targeted Russian journalists…employees of financial services and other commercial entities."

McCord, who heads Justice’s National Security Division, said the FSB officers worked with hackers Alexsey Belan and Karim Baratov to breach the computers of American companies that provide email and Internet-related services and to "steal information, including information about individual users and the private contents of their accounts."

Belan, indicted twice before in the U.S., for hacking into e-commerce sites as part of intrusions that victimized millions, has been listed as one of the FBI’s most-wanted cyber criminals for three years.

“Belan’s notorious criminal conduct and a pending Interpol Red Notice (a global arrest warrant) did not stop the FSB officers who, instead of detaining him, used him to break into Yahoo networks,’’ McCord said.

The four suspects are charged with computer hacking, economic espionage and other criminal offenses. All but one, Karim Beratov, remain at large. Beratov was arrested Tuesday in Canada by Toronto police, and authorities are expected to seek his extradition to the U.S. There is no extradition agreement between the U.S. and Russia, making the U.S. prosecution of at least the two FSB officers extremely doubtful.

U.S. officials described the collaboration of the Russian government officials with criminal hackers as an increasingly alarming criminal model aimed at compromising individual privacy, economic and security interests.

Most troubling, McCord said, was that the two Russian FSB officials worked for the Russian intelligence unit known as the Center for Information Security or “Center 18,’’ which is the primary point of contact for the FBI in Moscow.

FBI Executive Assistant Director Paul Abbate said Wednesday that the involvement of Russian officials from Center 18 now represents “a great test’’ of future U.S.-Russian law enforcement cooperation.

“The involvement and direction of the FSB officers with law enforcement responsibilities makes this conduct that much more egregious,’’ McCord said. “There are no free passes for foreign state-sponsored criminal behavior."

McCord said investigators had observed no connection between the Yahoo hacks and Russia’s intrusion into the U.S. political system, including the Democratic National Committee.

The 29-year-old Belan, also known as "Magg," was born in Latvia and now lives in Russia.  He also was one of two criminal hackers named by former President Obama as "specially designated national" subject to individual sanctions.

Absent the prosecution of the Russian government officials, McCord said all other punitive options were being considered, including government sanctions.

"We definitely will engage in those discussions," McCord said.

The indictment was largely symbolic, but still significant because, in part, it underscored "the very cozy relationship between Russian state security apparatus and for-hire Russian hackers," Robert Cattanach, a partner with law firm Dorsey & Whitney, said in an email.

Yahoo, which is selling its core Internet business to Verizon, has paid a heavy price for the security breaches. Verizon negotiated a price discount, trimming $350 million from the acquisition of Yahoo for a total of $4.48 billion. And the two companies will share some legal and regulatory liabilities arising from the breaches. The acquisition is expected to close in the second quarter.

Yahoo CEO Marissa Mayer agreed to forgo any annual equity award she might get for 2017 because of the massive breach her company suffered in 2014. The Yahoo board also voted to withhold her 2016 annual bonus — usually around $2 million— for the same reason. Under her contract, her equity award is not to be less than $12 million per year. Yahoo's general counsel Ronald S. Bell resigned from the company and received no payout. In December, the Securities and Exchange Commission opened a formal probe into the company's handling of the attacks, investigating whether Yahoo should have notified investors sooner about both security breaches.

Mayer tweeted her appreciation to federal law enforcement authorities on Wednesday.

"Very grateful to the FBI & DOJ for bringing to justice the Russian officials & hackers who led the attack on Yahoo," she wrote.

Federal authorities allege the hacking conspiracy began at least in 2014 and continued to December 2016. Although suspects are believed to have lost their access to Yahoo networks last September, prosecutors assert that they continued to “utilize information stolen from the intusion up to and including at least December.’’

In all, account information was lifted from at least 500 million Yahoo accounts, while the contents of at least 30 million Yahoo accounts were breached.

Attorney General Jeff Sessions, who recused himself from overseeing the FBI’s ongoing inquiry into communications between Russian government officials and associates of President Trump, was not disqualified from the Yahoo probe, McCord said.

"Cyber crime poses a significant threat to our nation’s security and prosperity, and this is one of the largest data breaches in history," Sessions said in a written statement.

With Belan, already shadowed by international suspicion in other hacking attacks, the Russian officers allegedly took great care to conceal his activities in the Yahoo intrusions.

During the course of the Yahoo conspiracy, according to court documents, the FSB officers provided the young hacker with Russian law enforcement and intelligence information to evade detection by U.S., authorities and other governments when operating outside the safety of Russia’s borders.

The officers briefed him on investigative techniques used by the FSB to identify hackers operating in Russia.

And while working with his Russian government counterparts, Belan allegedly used his access to the Yahoo network to lift gift card and credit card numbers to funnel money into his personal bank accounts.

The victims represent a constellation of interests, from journalists, financial officers, military personnel and rival government officials, including at the White House.

For more than a month, between December 2015 and January 2016, the suspects allegedly gained "full access" to the Yahoo account of a Russian investigative journalist who worked for Kommersant Daily.

At the same, according to court documents, the group was reviewing the contents of an account registered to a researcher who "analyzed Russia’s bid for World Trade Organization membership."

Other breached accounts belonged to a Nevada gaming official, an executive at a major U.S. airline and the chief technology officers at a French transportation company.

Contributing: Elizabeth Weise

© 2017 USATODAY.COM


JOIN THE CONVERSATION

To find out more about Facebook commenting please read the
Conversation Guidelines and FAQs

Leave a Comment