Russian intelligence officers indicted in massive Yahoo hack
By Claire Atkinson
Two Russian intelligence officers conspired with a pair of criminal hackers to break into millions of Yahoo internet accounts to stage one of the biggest data breaches in history, US Justice Department officials said Wednesday.
The officers at the FSB - Russia’s Federal Security Service and a successor to the KGB - were identified as Dmitry Dokuchaev, 33, and his superior, Igor Sushchin, 43, Justice Department official Mary McCord told reporters at a Washington press conference.
Alexsey Belan, 29, a Russian national and resident who is on the list of most-wanted cyber criminals, and Karim Baratov, 22, who was born in Kazakhstan but has Canadian citizenship, were also to be named in the indictment.
The four men - who engineered a 2014 hac k of Yahoo that compromised 500 million email accounts - together face 47 criminal charges, including conspiracy, computer fraud, economic espionage, theft of trade secrets and aggravated identity theft, the Justice Department said.
At the press conference, McCord noted that Belan had been indicted twice before for “ notorious criminal conduct,” including breaking into the computer systems of e-commerce companies.
“FSB officers, instead of detaining him, used him to break into Yahoo’s networks” - a twist that “makes this that much more egregious,” McCord said.
Having gained access to Yahoo email accounts with various ploys including “spear phishing” emails, Belan also “lined his pockets” by stealing gift cards and credit-card numbers, McCord said.
“They targeted Yahoo accounts. Russian and US government officials and cyber security, diplomatic and military personnel,” she said in prepared remarks. “They also targeted Russian journalists, numerous employees of other providers, whose networks the conspirators sought to exploit and employees of financial services and other commercial entities.”
In a written statement, Yahoo’s assistant general counsel Chris Madsen said the indictment “unequivocally shows the attacks on Yahoo were state-sponsored. We are deeply grateful to the FBI for investigating these crimes and the DOJ for bringing charges against those responsible.”
Yahoo said, when it announced the then-unprecedented breach last September, that it was working with law enforcement authorities and believed the attack was state-sponsored.
The company announced a still-larger breach in December that occurred in 2013 and affected one billion accounts, though it has not linked that intrusion to the one in 2014.
The breach announcements were the latest in a series of setbacks for the Internet pioneer, which has falle n on hard times in recent years after being eclipsed by younger, fast-growing rivals including Alphabet’s Google and Facebook.
Yahoo’s disclosure of the years-old cyber invasions and its much-criticized slow response forced it to accept a discount of $350 million in what had been a $4.83 billion deal to sell its main assets to Verizon Communications.
Shares of Yahoo recently were down 0.8 percent, while Verizon was nearly flat.