March 16, 2017 by

Russian Spies Hired Cybercriminals to Hack 500 Million Yahoo Accounts: Justice Dept

The United States government has directly implicated Russian agents of instigating and directing the hack of half a billion Yahoo user accounts by hiring cybercriminals.

The US Justice Department has indicted four people in relation to the 2014 cyberattacks that resulted in the comprehensive data breach of 500 million Yahoo users’ details.

More specifically, the indictment charges two officers of Russia’s Federal Security Service (FSB) and two hackers whom the US accuses of working with Russian officers to compromise Yahoo accounts. Three of four defendants are Russian nationals living in Russia, while the fourth, a Kazakh national, is a resident of Canada.

In a televised conference, Acting Assistant Attorney General Mary McCord, of the National Security Devision stated:

Dmitry Dokuchaev and Igor Sushchin, both FSB officers, protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the United States and elsewhere. 

They worked with co-conspirators Alexsey Belan and Karim Baratov to hack into computers of American companies providing email and internet-related services, to maintain unauthorized access to those computers and to steal information, including information about individual users and the private contents of their accounts. 

In a press release, the Justice department alleged that the defendants used some of the stolen information from the 500 million Yahoo accounts to obtain unauthorized access to other accounts at Yahoo, Google, and other webmail services. Among those targeted were accounts of Russian journalists, U.S. and Russian government officials and private-sector employees from a number of companies across different industries.

One of the defendants even used his unauthorized access to Yahoo’s network for personal financial gain by searching for credit card and gift card numbers from Yahoo user communications; redirecting Yahoo search engine web traffic to make online commissions and; enabling the theft of contacts from at least 30 million Yahoo user accounts to help enable a spam campaign.

Pulling no punches, US officials have laid the blame squarely on the two FSB agents from Russia as the directors or facilitators of the breach.

Assistant attorney general McCord added:

The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI’s point of contact in Moscow on cybercrime matters, is beyond the pale.

The defendants also allegedly targeted the Yahoo accounts of Russian and U.S. government officials, including diplomatic, cybersecurity and military personnel.

One of the accused, FSB agent Dmitry Dokuchaev was reportedly arrested by Russian authorities and charged with treason. Dokuchaev acted as a handler for Karim Baratov, the Kazakh national based in Canada. The latter is currently in custody in Canada while Dokuchaev, according to Russian news sources, is in Russia.

The indictment and charges, along with the revelations of how the hack transpired, still hasn’t revealed any details of the more comprehensive hack of a billion user accounts in 2013.

Image credit: Flickr.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

UK Cybersecurity Chief Blames Russia for Cyberattacks

The head of the UK GCHQ’s National Cyber Security Centre (NCSC) has accused Russia of staging...

Read more arrow_forward

Yahoo! Still Doesn’t Know Cause Behind Biggest Data Breach Ever

Former Yahoo CEO Marissa Mayer has admitted that the web giant still doesn’t know the cause behind...

Read more arrow_forward

Yahoo: All 3 Billion Accounts Impacted by 2013 Data Breach

Yahoo has announced that the massive data breach in August 2013 has affected every single user of...

Read more arrow_forward