Wednesday, 15 March 2017
U.S. indicts Russian spies, hackers over massive Yahoo hack in 2014
The indictments, announced at a news conference in Washington, represent the first time the U.S. government has criminally charged Russian officials for cyber offenses.
The contents of at least 30 million accounts were accessed as part of a spam campaign and at least 18 people who used other internet service providers, such as Google, were also victimized, the government charged.
The officers of the FSB, Russia’s Federal Security Service, which is a successor to the KGB, were identified as Dmitry Dokuchaev and his superior, Igor Sushchin, the government said.
Both men are in Russia, it said.
Alexsey Belan, who is on the list of most-wanted cyber criminals, and Karim Baratov, who was born in Kazakhstan but has Canadian citizenship, were also named in the indictment.
The Justice Department said Baratov was arrested in Canada on Tuesday and his case is pending with Canadian authorities.
Belan was arrested in Europe in June 2013 but escaped to Russia before he could be extradited to the United States, according to the Justice Department.
"The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI’s point of contact in Moscow on cyber crime matters, is beyond the pale,” said Acting Assistant Attorney General Mary McCord.
McCord said the hacking campaign was waged by the FSB to collect intelligence but that the two hackers used the collected information as an opportunity to "line their pockets."
The United States does not have an extradition treaty with Russia, but McCord said she was hopeful Russian authorities would cooperate in bringing criminals to justice. The United States often charges cyber criminals with the intent of deterring future state-sponsored activity.
The administration of former President Barack Obama brought similar charges against Chinese and Iranian hackers who have not been extradited.
The 47-count indictment includes conspiracy, computer fraud and abuse, economic espionage, theft of trade secrets, wire fraud, access device fraud and aggravated identify theft.
The charges are not related to the hacking of Democratic Party emails during the 2016 U.S. presidential election. Intelligence agencies have said they were carried out by Russia to help the campaign of Republican candidate Donald Trump.
Yahoo said when it announced the then-unprecedented breach last September that it believed the attack was state-sponsored, and on Wednesday the company said the indictment "unequivocally shows" that to be the case.
Yahoo in December also announced a breach that occurred in 2013 affecting one billion accounts, though it has not linked that intrusion to the one in 2014.
The Russian hacking conspiracy, which began as early as 2014, allowed Belan to use his relationship with the Russian spy agency and access to Yahoo's network to engage in financial crimes, according to the indictment.
The breaches were the latest in a series of setbacks for the Internet pioneer, which has fallen on hard times in recent years after being eclipsed by younger, fast-growing rivals including Alphabet Inc's Google and Facebook Inc.
Yahoo’s disclosure of the years-old cyber invasions and its much-criticized slow response forced it to accept a discount of $350 million in what had been a $4.83 billion deal to sell its main assets to Verizon Communications Inc.
Shares of Yahoo were down 0.9 percent.
"We’re committed to keeping our users and our platforms secure and will continue to engage with law enforcement to combat cyber crime," Chris Madsen, Yahoo's assistant general counsel, said in a statement.