MS Risk Blog

US Charges Russian Spies, Hackers in Yahoo Hack

Posted on in Uncategorized title_rule

The United States last week charged two Russian intelligence agents and two criminal hackers with masterminding the 2014 theft of 500 million Yahoo accounts in a move that marks the first time that the US government has criminally charged Russian spies with cyber offenses.

The 47-count Justice Department indictments on Wednesday 15 March included charges of conspiracy, computer fraud and abuse, economic espionage, theft of trade secrets, wire fraud, access device fraud and aggravated identify theft. The charges also paint a picture of the Russian security services as working hand-in-hand with cyber criminals, who helped spies further their intelligence goals in exchange for using the same exploits to make money. Speaking at a press conference to announce the charges, Acting Assistant Attorney General Mary McCord disclosed that the criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBIs point of contact in Moscow on cyber crime matters, is beyond the pale. Russias Federal Security Service (FSB) is the successor to the KGB. McCord further disclosed that the hacking campaign was awarded by the FSB in order to collect intelligence but that the two hackers used the collected information as an opportunity to line their pockets.

The indictment named the FSB officers involved as Dmitry Dokuchaev and his superior, Igor Sushchin, both of whom are in Russia. According to Russian news agency Interfax, Dokuchaev was arrested for treason in December. According to the Justice Department, the alleged criminals involved in the scheme include Alexsey Belan, who is amongst the FBIs most-wanted cyber criminals and was arrested in Europe in June 2013 however he escaped to Russia before he could be extradited to the US. Karim Baratov, who was born in Kazakhstan but also has Canadian citizenship, was also named in the indictment. The Justice Department disclosed that Baratov was arrested in Canada on 14 March. Officials in Toronto have confirmed the arrest. The US does not have an extradition treat with Russia, with McCord stating that she was hopeful that Russian authorities would cooperate in bringing criminals to justice. The US often charges cyber criminals with the intent of deterring future state-sponsored activity.

The charges announced last week are not related to the hacking of Democratic Party emails during the 2016 US presidential election. US intelligence agencies have stated that they were carried out by Russian spy services, including the FSB, in order to help the campaign of Republican candidate Donald Trump.

Yahoo disclosed when it announced the then-unprecedented breach last September, that it believed that the attack was state-sponsored. On Wednesday, the company stated that the indictment unequivocally shows that to be the case.

According to the indictment, in the 2014 breach, at least thirty million of the Yahoo accounts were the most seriously affected, with Belan being able to burrow deep into their accounts and taking user contact lists that were later used for a financially motivated spam campaign. The indictment went on to say that Belan also stole financial information, such as credit card numbers and gift cards. Yahoo had previously stated that about 32 million accounts had fallen victim to the deeper attack, which it said leveraged forged browser cookies to access accounts without the need for a password. According to Wednesdays indictment, FSB officers Sushchin and Dokuchaev also directed Baratov to use the information gained in the Yahoo breach to hack specific targets who possessed email accounts with other service providers, including Google. The incitement charged that when Baratov was successful, Dokuchaev would reward him with a bounty.

In December 2016, Yahoo announced another breach that occurred in 2013 and which affected 1 billion accounts. At the time, Special Agent Jack Bennett of the FBIs San Francisco Division disclosed that the 2013 breach is unrelated and that an investigation of that incident is ongoing. The hacks forced Yahoo to accept a discount of US $350 million in what had been a US $4.83 billion deal to sell its main assets of Verizon Communications Inc.

The charges come amidst a number of controversies relating to alleged Kremlin-backed hacking of the 2016 US presidential election and the possible links between Russian figures and associates of US President Donald Trump, as well as uncertainty about whether President Trump is willing to respond forcefully to aggression from Moscow in cyberspace and elsewhere.

Tagged as: , , , , , , ,