The U.S. government says Russia recruited a notorious cybercriminal for Yahoo hack
The four men indicted for the 2014 hack — which compromised 500 million user accounts — include two Russian spies, Dmitry Aleksandrovich Dokuchaev and Igor Anatolyevich Suschin, and two cybercriminals, Alexsey Alexseyvich Belan and Karim Baratov. Baratov, a Kazakh national and a resident of Canada, according to the Justice Department, was arrested in Canada on Tuesday.
At a press conference to discuss the indictments, Acting Assistant Attorney General of the National Security Division Mary McCord said that the indictments detail how “Russian federal security service (FSB) officers working together with criminal hackers conspired to plan and carry out one of the largest cyber intrusions in U.S. history.”
McCord stood alongside Northern California U.S. Attorney Brian Stretch and the FBI’s top cybercrime official, Executive Assistant Director Paul Abbate.
Asked multiple times by journalists present about whether investigators found any connection between those responsible for the Yahoo hack and the Russian hack of Democratic National Committee emails last year, McCord and other officials refused to comment on an “ongoing” investigation.
Abbate and the other officials declined to speculate too much on the motive for the hack, but McCord pointed out that one of the defendants, Belan, used credit numbers and 30 million stolen accounts to run an email scam for personal profit. Additionally, the summary of allegations released by the Justice Department notes that “some victim accounts were of predictable interest to the FSB,” including those belonging to Russian journalists, officials of various governments, and prominent figures in the private sector.
Dmitry Dokuchaev, one of the two FSB officials named by the DOJ, is pretty popular these days. In January several Russian media outlets named him among the four high-ranking FSB officers arrested on suspicion of being American spies.
Igor Sushchin, Dokuchaev’s superior, was covertly working for a Russian investment bank as head of information security, according to the DOJ.
Alexsey Belan was added to the FBI’s most wanted list back in 2013 with a bounty of up to $100,000. At the time Belan was accused of hacking into the systems of three major U.S. based e-commerce companies based in Nevada and California. Most recently he was hit with sanctions for allegedly taking part in the hack of the DNC servers last year, alongside renowned Russian cybercrime kingpin Evgeniy Bogachev.
Belan is the subject of an Interpol “Red Notice,” which mandates that any member nation — including Russian — arrest him on sight. However, during her press conference, McCord said the Kremlin not only failed to arrest Belan but actually recruited him for their own purposes.
DOJ: Not only did FSB (Russia) not arrest internationally wanted hacker Alexi Belan, they recruited him. pic.twitter.com/WAoFqWmZuL
— Scott McGrew (@ScottMcGrew) March 15, 2017
Karim Baratov, 22-year-old hacker and dual Canada-Kazakh national, is not thought to be part of the organization that breached Yahoo’s system. Baratov was instead employed to hack into other email accounts of high-profile targets after their information was discovered in the Yahoo breach.
Though Yahoo by itself would have had a tough time adequately protecting user information from a state-sponsored hacking attack, the company’s credibility on consumer data security remains shaky. The company disclosed an additional, separate hack in December that had affected 1 billion user accounts in 2013, and it’s not clear what kind of regulatory action, if any, Yahoo might face for its unprecedented breaches.
Financially, the company has already paid a price. Yahoo is in the process of selling itself to Verizon, which last month successfully shaved $350 million off its roughly $5 billion Yahoo purchase price because of costs related to the hacks. Verizon declined to comment for this story, and Yahoo assistant general counsel Chris Madsen said in a statement that “this morning’s announcement is consistent with our prior disclosures.”