How Russian agents allegedly directed massive Yahoo cyberattack
The Department of Justice announced charges against four people.
-- Two officers with the Russian intelligence service FSB — at least one them from a unit designed to fight cybercrime — directed a far-reaching hacking and espionage scheme that targeted Yahoo users, swiping personal information from hundreds of millions of people's accounts, including some belonging to Russian and U.S. government officials, the U.S. Department of Justice announced this morning.
This is the first time Russian government officials have been charged by the U.S. for a cybercrime, for a breach that officials say affected at least 500 million accounts. Officials said some of the information had intelligence value and some was also leveraged for financial gain.
"The defendants targeted Yahoo accounts of Russian and U.S. government officials, including cybersecurity, diplomatic and military personnel," said Mary McCord, the head of the DOJ's national security division. "They also targeted Russian journalists, numerous employees of other providers whose networks the conspirators sought to exploit and employees of financial services and other commercial entities."
Just before this morning's announcement, McCord attended a cyberevent in Washington, D.C., where at least three Russian diplomats were in the audience. When the moderator mentioned "Russian hackers," the head of the Russian Embassy's military political section, Konstantin Serednyakov, visibly chuckled.
The FSB officers — Dmitry Dokuchaev, and his boss, Igor Sushchin, who had cover as the head of info security at a Russian financial firm — allegedly hired two hackers, Alexsey Belan and Karim Baratov, to help carry out the scheme. Baratov, a Canadian and Kazakh national, was arrested in Canada on Wednesday, while the three others remain fugitives in Russia.
Belan has been wanted by the FBI since 2012 for allegedly stealing databases from three companies in 2012 and then helping negotiate the sale of that information.
In a twist, Dokuchaev's FSB unit, the Center for Information Security, aka Center 18, "is also the FBI's point of contact in Moscow for cybercrime matters," said McCord.
"The involvement and direction of FSB officers with law enforcement responsibilities makes this conduct that much more egregious. There are no free passes for foreign state-sponsored criminal behavior," she added.
In 2014, at the behest of the FSB officers, Belan allegedly led an operation that stole a Yahoo database that contained info on more than 500 million Yahoo user accounts. They were ultimately able to access the full contents of more than 6,500 Yahoo user accounts, DOJ officials said.
At the same time, the FSB officers and Belan allegedly hired Baratov to use the info from the Yahoo accounts to try to access 50 specific Gmail accounts and 30 accounts at other companies. Many of those 80 targets were in Russia.
The DOJ alleged that Dokuchaev and Sushchin "protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the U.S. and elsewhere ... They worked with co-defendants Alexsey Belan and Karim Baratov to obtain access to the email accounts."
Belan was named one of the FBI's cyber most wanted criminals in November 2013. He was indicted twice in the U.S. for intrusions into e-commerce companies, McCord said this morning. He was arrested in Europe in June 2013 on a request from the U.S., but he fled to Russia before he could be extradited.
The Justice Department said in a statement that when Belan returned to Russia, instead of detaining him, Dokuchaev and Sushchin "used him to gain unauthorized access to Yahoo's network."
In late 2014, according to the statement, "Belan stole a copy of at least a portion of Yahoo's User Database (UDB), a Yahoo trade secret that contained, among other data, subscriber information, including users' names, recovery email accounts, phone numbers and certain information required to manually create, or 'mint,' account authentication web browser 'cookies' for more than 500 million Yahoo accounts."
"Belan used his relationship with the two FSB officers and his access to Yahoo to commit additional crimes to line his own pockets with money," McCord said this morning. "Specifically, Belan used his access to Yahoo to search for and steal financial information, such as gift card and credit card numbers, from users' email accounts. He also gained access to more than 30 million Yahoo accounts, whose contacts were then stolen to facilitate an email spam scheme."
The DOJ said, "When Dokuchaev and Sushchin learned that a target of interest had accounts at webmail providers other than Yahoo, including through information obtained as part of the Yahoo intrusion, they tasked their co-conspirator, Baratov, a resident of Canada, with obtaining unauthorized access to more than 80 accounts in exchange for commissions."
The Department of Justice said that during the conspiracy, the two FSB officers furthered "Belan's other criminal activities by providing him with sensitive FSB law enforcement and intelligence information that would have helped him avoid detection by U.S."