US indicts Russian hackers and spies over massive Yahoo attack

Charges not related to hacking of Democratic emails during presidential election

Posters of a suspected Russian hacker are installed before  a news conference at the US justice department in Washington on Wednesday. Photograph: Yuri Gripas/Reuters
Posters of a suspected Russian hacker are installed before a news conference at the US justice department in Washington on Wednesday. Photograph: Yuri Gripas/Reuters

In an unprecedented move that displays the profound distrust between US and Russian authorities on cybersecurity, the justice department on Wednesday charged two Russian intelligence officers with directing a sweeping criminal conspiracy that broke into 500 million Yahoo accounts in 2014.

The Russian government then used the information it obtained from the intelligence officers and two others named in the indictment – a Russian hacker and a Kazakh national living in Canada – to focus on foreign officials, business executives and journalists, federal prosecutors said. The targets included numerous financial executives, executives at a US cloud computing company, an airline official and even a casino regulator in Nevada.

Details of the wide-ranging attack come as the US government investigates other Russian cyberattacks against American targets, including the theft of emails last year from the Democratic National Committee and attempts to break into state election systems. Investigators are also examining communications between associates of President Donald Trump and Russian officials that occurred during the presidential campaign.

That US and Russian authorities are often at loggerheads in their approaches to criminal breaches was made clear in the indictment. The two Russian agents were supposed to be helping Americans hunt for hackers but were instead working against them.

READ MORE

Hacker

One of the outside hackers, a Russian named Alexsey Belan, had been indicted twice before for three intrusions into American ecommerce companies and had been arrested in Europe, but escaped to Russia before he could be extradited. Prosecutors said they received no response to their requests to the Russian government to turn over Belan to US authorities.

The hackers also used the Yahoo data to send spam and steal credit card and gift card information. In addition, they sought to break into at least 50 Google accounts, including those of Russian officials and employees of a Russian cybersecurity firm.

On Wednesday prosecutors unsealed an indictment containing 47 criminal charges against the two agents of Russia’s Federal Security Service, or FSB, as well as two outside hackers with whom they worked on the scheme, one of the largest known thefts of data from a private corporation.

This is the first time officials of Russia’s FSB have been indicted on cybercrime charges in the United States, said Jack Bennett, special agent in charge of the FBI’s San Francisco office. Yahoo worked with the FBI on the investigation for two years, he said.

The four men together face 47 criminal charges, including conspiracy, computer fraud, economic espionage, theft of trade secrets and aggravated identity theft, the justice department said in a news release. The two agents of the FSB who were charged are Dmitry Aleksandrovich Dokuchaev (33) and Igor Anatolyevich Sushchin (43), both Russian nationals and residents. The other two defendants are Belan (29), a Russian national and resident, and Karim Baratov (22), a Canadian and Kazakh national and a resident of Canada. Baratov was arrested on Tuesday in Canada.

“The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI’s point of contact in Moscow on cybercrime matters, is beyond the pale,” the acting assistant attorney general, Mary B McCord, said in a statement.

Data theft

Yahoo disclosed the theft of the data last September and said it was working with law enforcement authorities to trace the perpetrators. The hackers were able to use the stolen information, which included personal data as well as encrypted passwords, to create a tool that let them access 32 million accounts.

In a statement, Yahoo thanked the FBI and justice department for its work. Yahoo has said for months that it believed hackers sponsored by a foreign state were behind the attack but it had refused to provide details of what occurred because the federal inquiry was ongoing. However, an internal investigation by the internet company’s board found that some senior executives and information security personnel were aware of the breach shortly after it occurred but “failed to properly comprehend or investigate” the situation. Two weeks ago, the company’s top lawyer Ronald S Bell resigned over the incident, and its chief executive Marissa Mayer lost her 2016 bonus and 2017 stock compensation.

2013 attack

A separate, larger breach of 1 billion accounts occurred in 2013 but was only disclosed by the company three months ago. Yahoo has said it has not been able to glean much information about that attack, which was uncovered by InfoArmor, an Arizona security firm.

That theft included phone numbers, birth dates and weakly encrypted passwords, and compromised the accounts of several million military and civilian government employees from dozens of nations, including more than 150,000 Americans.

The two thefts, the largest known breaches of a private company’s computer systems, had threatened to scuttle a deal that Yahoo struck last summer to sell its internet businesses to Verizon Communications. Verizon sought to shave $925 million from the original $4.8 billion deal following news of the attacks, according to a securities filing on Monday. Last month, the two companies finally agreed to a $350 million price reduction.