DOJ indicts Russian spies, hackers in Yahoo breach
posted at 6:01 pm on March 15, 2017 by John Sexton
The Department of Justice indicted two Russian spies and two hackers today, accusing them of stealing information on 500 million Yahoo users. From the Washington Post:
In the 2014 hack, the FSB — Russia’s Federal Security Service, and a successor to the KGB — allegedly sought the information for intelligence purposes, targeting journalists, dissidents and U.S. government officials, but allowed the criminal hackers to use the email cache for the officials’ and the hackers’ financial gain, through spamming and other operations…
Although FBI agents have long suspected that the Russians have used cyber mercenaries to do their work, this case is among the first in which evidence is offered to show that.
The indicted FSB officers are Dmitry Dokuchaev and Igor Sushchin, his superior. Particularly galling to U.S. officials is that the men worked for the cyber investigative arm of the FSB — a rough equivalent of the FBI’s Cyber Division. That the agency that is supposed to investigate computer intrusions in Russia is itself engaged in hacking is “pretty sad,” one official said.
The other two people indicted were hackers Alexsey Belan and Karim Baratov. Baratov is a Canadian citizen and was arrested in Canada Tuesday. The other hacker and the two FSB agents are in Russia. The U.S. has no extradition treaty with Russia so there is little chance they will face any punishment in the U.S.
The hack of 500 million Yahoo users took place in 2014. Yahoo made it public last September. In December the company announced an even larger hack involving 1 billion user accounts which took place a year earlier in 2013. The Washington Post reports U.S. authorities have not said whether there is a connection between the 2014 hack and the larger one a year earlier.
Ars Technica has more on how the hackers gained access to the Yahoo servers and also a list of some of the people specifically targeted in the breach:
- A diplomat from a country bordering Russia who was posted in a European country
- The former minister of economic development, and his wife, of a country bordering Russia
- A Russian investigative reporter who worked for Kommersant Daily
- A public affairs consultant and researcher who analyzed Russia’s bid for membership to the World Trade Organization
- Three officers of a US-based cloud computing service
- A Russian deputy consul general and
- A senior officer at a Russian webmail and Internet-related services provider
Given all the talk in the media about Russian influence on the election and suggestions of collusion with the Trump campaign, it’s important to note that there is no known connection between this and the hack of the DNC, DCCC, etc. However, this indictment could put to rest some of the talk suggesting the Trump administration is soft on Russia. This is the first time FSB agents have been indicted by the United States.