recommended reading

2 Russian Spies Charged in Yahoo Breach of 500M Accounts

Gil C/Shutterstock.com

Two members of the Russian intelligence unit that works with the FBI on cyber crime lead a conspiracy to use Yahoo’s email network to target dissidents and government officials, according to the Justice Department.

Russian Federal Security Service officers Dmitry Aleksandrovich Dokuchaev, 33, and Igor Anatolyevich Sushchin, 43, allegedly directed and paid Alexsey Alexseyevich Belan, 29, and Karim Baratov, 22, to access at least 500 million Yahoo accounts and steal the code to create “cookies” to authenticate accounts, according to the Justice release.

They used that information to get access to accounts that belonged to Russian journalists, U.S. and Russian government officials, a Russian cybersecurity firm’s employees, and other private-sector employees, including a bitcoin wallet and a U.S. airline.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

The four men collectively face 47 criminal charges of computer hacking, economic espionage, trade secrets theft, aggravated identity theft and other criminal offenses in Northern California.

“The FSB unit that the defendants worked for, the Center for Information Security, also known as Center 18, is also the FBI’s point of contact in Moscow for cyber crime matters," said Acting Assistant Attorney General Mary McCord at a press conference Wednesday. "The involvement and direction of FSB officers with law-enforcement responsibilities makes this conduct that more egregious. There are no free passes for foreign state-sponsored criminal behavior.”  

The case highlights the lack of cooperation between U.S. and Russia on cyber issues. One problem is that the Justice Department thinks the FSB agents were operating in their official capacity, not as rogue agents, McCord said.

Then there’s Belan. He’s been charged in the U.S. previously in 2012 and 2014, is featured on FBI’s Cyber Most Wanted List and has the dubious honor of being one of the hackers sanctioned by then-President Barack Obama in December. He fled to Russia, and although the bureau asked for his return in 2014, it received no response from Russia’s official channels, according to FBI Executive Assistant Director Paul Abbate.

During that time, the FSB agents allegedly used Belan in the Yahoo campaign and allowed him to profit from stolen gift cards and credit card numbers, a spam campaign and redirected search engine traffic. Using criminal hackers for state gains isn’t uniquely Russian behavior, but McCord said they’re seeing more and more of it. 

The U.S. and Russia do not have an extradition treaty, but Abbate says they will reach out to the Russian government.

“We expect and hope for their cooperation here,” he said. “In fact, post this announcement, we will go out with another official request, not just for Mr. Belan, but also for the other two individuals that are charged here and are residing in Russia now.”

The fourth defendant, Baratov, is a resident of Canada and was detained Tuesday, McCord said.

Officials thanked Canadian law enforcement agencies and the United Kingdom’s MI-5, as well as Yahoo and Google for their cooperation. They urged private-sector companies to reach out if they suspect they’re under cyberattack.

“It is very important for corporations around the country to know that when you are going against the resources and backing of a nation-state, it is not a fair fight and it is not a fight you are likely to win alone,” McCord said. “But you do not have to go it alone.”  

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.