Russian Spies Hired Cybercriminals to Hack 500 Million Yahoo Accounts: Justice Dept

The United States government has directly implicated Russian agents of instigating and directing the hack of half a billion Yahoo user accounts by hiring cybercriminals.

The US Justice Department has indicted four people in relation to the 2014 cyberattacks that resulted in the comprehensive data breach of 500 million Yahoo users’ details.

More specifically, the indictment charges two officers of Russia’s Federal Security Service (FSB) and two hackers whom the US accuses of working with Russian officers to compromise Yahoo accounts. Three of four defendants are Russian nationals living in Russia, while the fourth, a Kazakh national, is a resident of Canada.

In a televised conference, Acting Assistant Attorney General Mary McCord, of the National Security Devision stated:

Dmitry Dokuchaev and Igor Sushchin, both FSB officers, protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the United States and elsewhere. 

They worked with co-conspirators Alexsey Belan and Karim Baratov to hack into computers of American companies providing email and internet-related services, to maintain unauthorized access to those computers and to steal information, including information about individual users and the private contents of their accounts. 

In a press release, the Justice department alleged that the defendants used some of the stolen information from the 500 million Yahoo accounts to obtain unauthorized access to other accounts at Yahoo, Google, and other webmail services. Among those targeted were accounts of Russian journalists, U.S. and Russian government officials and private-sector employees from a number of companies across different industries.

One of the defendants even used his unauthorized access to Yahoo’s network for personal financial gain by searching for credit card and gift card numbers from Yahoo user communications; redirecting Yahoo search engine web traffic to make online commissions and; enabling the theft of contacts from at least 30 million Yahoo user accounts to help enable a spam campaign.

Pulling no punches, US officials have laid the blame squarely on the two FSB agents from Russia as the directors or facilitators of the breach.

Assistant attorney general McCord added:

The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI’s point of contact in Moscow on cybercrime matters, is beyond the pale.

The defendants also allegedly targeted the Yahoo accounts of Russian and U.S. government officials, including diplomatic, cybersecurity and military personnel.

One of the accused, FSB agent Dmitry Dokuchaev was reportedly arrested by Russian authorities and charged with treason. Dokuchaev acted as a handler for Karim Baratov, the Kazakh national based in Canada. The latter is currently in custody in Canada while Dokuchaev, according to Russian news sources, is in Russia.

The indictment and charges, along with the revelations of how the hack transpired, still hasn’t revealed any details of the more comprehensive hack of a billion user accounts in 2013.

Image credit: Flickr.