More details about the activities that led to one of the biggest data breaches in history are coming to light now that the Department of Justice has indicted four suspects for the 2014 Yahoo hack that affected more than 500 million accounts. Rather than handing Belan over to the U.S., Russia's Federal Security Service (FSB) enlisted the man to help the agency hack into American Internet companies, including Yahoo Inc.
Whatever Dokuchaev and Sushchin's motives, they were obviously not paying the hackers Belan and Baratov enough because Belan was running a scam on the side taking a cut on sales of "erectile dysfunction drugs" and searching accounts for gift cards and credit card information.
While the FSB officers allegedly used their Yahoo access mostly for intelligence purposes, like targeting foreign governments, journalists, and employees of financial, transportation, and cybersecurity firms, they also were said to have allowed their co-conspirators to use the data in cybercriminal scams including spamming, USA officials said.
"We have reason to believe, based on our evidence, they were acting in their capacity as FSB officials", said Mary McCord, acting assistant attorney general for the Department of Justice's national security division.
Federal Bureau of Investigation executive assistant director Paul Abbate said the agency has asked Moscow for assistance in apprehending the suspects but noted that "we have had limited cooperation with that element of the Russian government". The fourth suspect, a third-party hacker named Karim Baratov, was already caught in Canada. Before he could be extradited to the USA, however, Belan escaped to Russian Federation, where he began working with Dokuchaev and Sushchin.
The hacking of the 500 million Yahoo accounts was in many ways a by-product of the information on specific individuals the Russian government was looking for.
"We are in a cyberwar and our government hasn't woken up and done anything about it", said security analyst Avivah Litan of Gartner Inc.
Nearly all nations engage in some type of cyber espionage but Russian Federation stands apart in that rather than using intelligence and military staff, it outsources the work to criminal hackers from its thriving cyber underground.More news: European Employers Are Allowed to Ban the Burka, Top Court Rules
"Literally everybody I talked to was like, 'Well, I guess it caught up with him, ' or 'That makes sense, I guess we knew where he got all the money for his cars, '" he said. Hackers used this technique to target more than 6,500 user accounts.
Alleged Russian intelligence (FSB) agents Dmitry Aleksandrovich Dokuchaev, 33, and Igor Anatolyevich Sushchin, 43, also face charges.
USA officials said Baratov did not succeed in hacking the Gmail accounts. (The Justice Department did not release names of victims, only general descriptions.) They also included 14 employees of a Swiss bitcoin banking firm, a Nevada gaming official, a senior officer of a major US airline, a Shanghai-based managing director of a USA private equity firm, and the chief technology officer of a French transportation company.
One of the lawyers retained by alleged Yahoo hacker Karim Baratov says his Canadian client may be the victim of a "politically motivated attack". (The U.S. and Russian Federation do not have an extradition treaty.) "I think that is reflective of the relationship and the approach needed to take in this case in terms of the lack of cooperation we have gotten", he said. In November or December of that year, according to the indictment, he copied and exported a backup of Yahoo's User Database. We're committed to keeping our users and our platforms secure and will continue to engage with law enforcement to combat cybercrime.
McCord declined to say whether there were any similarities between the Yahoo intrusions and the Russian state penetrations in 2015 and 2016 of the Democratic National Committee.
The hack resulted in a leak of thousands of emails and attachments from the DNC, published by WikiLeaks.
In addition, the indictment shows that US investigators can track Russian cyberespionage operations.