Ride the Lightning

Russians Charged with 2014 Yahoo Hacking

March 20, 2017

The New York Times reported on March 15^th that the Justice Department had charged two Russian intelligence officers on March 15th with directing a sweeping criminal conspiracy that stole data from 500 million Yahoo accounts in 2014.

The Russian government used the information obtained by the intelligence officers and two other men to spy on a range of targets, from White House and military officials to executives at banks, two American cloud computing companies, an airline and a gambling regulator in Nevada, according to an indictment. The stolen data was also used to spy on Russian government officials and business executives, federal prosecutors said.

Well, that sure cuts a wide swath.

Russians have been accused of other cyberattacks on the United States — most notably the theft of emails last year from the Democratic National Committee. But the Yahoo case is the first time that federal prosecutors have brought cybercrime charges against Russian intelligence officials, according to the Justice Department.

American investigators are particularly aghast that the two Russian intelligence agents they say directed the scheme, Dmitry Aleksandrovich Dokuchaev and Igor Anatolyevich Sushchin, worked for an arm of Russia's Federal Security Service, or F.S.B., that is supposed to help foreign intelligence agencies catch cybercriminals. Instead, the officials helped the hackers avoid detection.

The two other men named in the indictment include a Russian hacker already indicted in connection with three other computer network intrusions and a Kazakh national living in Canada. One of the hackers also conducted an extensive spamming operation, stole credit and gift card information, and diverted Yahoo users looking for erectile dysfunction drugs to a particular pharmacy. Getting a kickback, I suppose.

Karim Baratov is the only one of the accused hackers who has been arrested in connection with the case. He was captured by the authorities in Canada on March 14th. The chances of the United States taking the other three into custody any time soon appear slim to none, especially because the United States has no extradition treaty with Russia.

The fourth person involved in the scheme, a Russian named Alexsey Belan, had been indicted twice before for three intrusions into American e-commerce companies. At one point, he was arrested in Europe, but he escaped to Russia before he could be extradited. Prosecutors said they had repeatedly asked the Russian government to hand over Mr. Belan but had gotten no response.

Yahoo disclosed the theft of its data in September and said it was working with the law enforcement authorities to trace the perpetrators. The hackers were able to use the stolen information, which included personal data as well as encrypted passwords, to create a tool that gave them access to 32 million accounts over a period of two years.

In a statement on March 15th, Yahoo thanked the FBI and the Justice Department for their work.

It remains unclear why Yahoo users were not informed about the hack during the two-year investigation. An internal investigation by the company's board found that some senior executives and information security personnel were aware of the breach shortly after it occurred but "failed to properly comprehend or investigate" the situation. Two weeks ago, the company's top lawyer, Ronald S. Bell, resigned over the episode, and its chief executive, Marissa Mayer, lost her 2016 bonus and 2017 stock compensation.

We are, in case anyone has failed to notice, in a cyberwar with Russia.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq
http://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson