2 Russian Spies Charged in Yahoo Breach of 500M Accounts

Gil C/Shutterstock.com

Russian journalists, U.S. and Russian government officials, a Russian cybersecurity firm’s employees, and other private-sector employees were targeted.

Two members of the Russian intelligence unit that works with the FBI on cyber crime lead a conspiracy to use Yahoo’s email network to target dissidents and government officials, according to the Justice Department.

Russian Federal Security Service officers Dmitry Aleksandrovich Dokuchaev, 33, and Igor Anatolyevich Sushchin, 43, allegedly directed and paid Alexsey Alexseyevich Belan, 29, and Karim Baratov, 22, to access at least 500 million Yahoo accounts and steal the code to create “cookies” to authenticate accounts, according to the Justice release.

They used that information to get access to accounts that belonged to Russian journalists, U.S. and Russian government officials, a Russian cybersecurity firm’s employees, and other private-sector employees, including a bitcoin wallet and a U.S. airline.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

The four men collectively face 47 criminal charges of computer hacking, economic espionage, trade secrets theft, aggravated identity theft and other criminal offenses in Northern California.

“The FSB unit that the defendants worked for, the Center for Information Security, also known as Center 18, is also the FBI’s point of contact in Moscow for cyber crime matters," said Acting Assistant Attorney General Mary McCord at a press conference Wednesday. "The involvement and direction of FSB officers with law-enforcement responsibilities makes this conduct that more egregious. There are no free passes for foreign state-sponsored criminal behavior.”  

The case highlights the lack of cooperation between U.S. and Russia on cyber issues. One problem is that the Justice Department thinks the FSB agents were operating in their official capacity, not as rogue agents, McCord said.

Then there’s Belan. He’s been charged in the U.S. previously in 2012 and 2014, is featured on FBI’s Cyber Most Wanted List and has the dubious honor of being one of the hackers sanctioned by then-President Barack Obama in December. He fled to Russia, and although the bureau asked for his return in 2014, it received no response from Russia’s official channels, according to FBI Executive Assistant Director Paul Abbate.

During that time, the FSB agents allegedly used Belan in the Yahoo campaign and allowed him to profit from stolen gift cards and credit card numbers, a spam campaign and redirected search engine traffic. Using criminal hackers for state gains isn’t uniquely Russian behavior, but McCord said they’re seeing more and more of it. 

The U.S. and Russia do not have an extradition treaty, but Abbate says they will reach out to the Russian government.

“We expect and hope for their cooperation here,” he said. “In fact, post this announcement, we will go out with another official request, not just for Mr. Belan, but also for the other two individuals that are charged here and are residing in Russia now.”

The fourth defendant, Baratov, is a resident of Canada and was detained Tuesday, McCord said.

Officials thanked Canadian law enforcement agencies and the United Kingdom’s MI-5, as well as Yahoo and Google for their cooperation. They urged private-sector companies to reach out if they suspect they’re under cyberattack.

“It is very important for corporations around the country to know that when you are going against the resources and backing of a nation-state, it is not a fair fight and it is not a fight you are likely to win alone,” McCord said. “But you do not have to go it alone.”