In 2014, Yahoo announced that it had suffered a massive data breach in which 500 million user accounts containing emails and passwords were stolen. The company only got to know about the breach in September 2016, and labeled it as work of a ‘state-sponsored actor.’
On Tuesday 28th, Karim Baratov, a Canadian citizen, appeared in a San Francisco federal court pleaded guilty to hacking and claimed the whole feat was carried out with the assistance of people representing The Federal Security Service of the Russian Federation (FSB).
Baratov claimed upon stealing half-billion user accounts he sent their passwords to Dmitry Aleksandrovich Dokuchaev, an alleged FSB officer who is already on FBI’s (Federal Bureau of Investigation) wanted list in connection with compromising at least 500 million Yahoo accounts.
Other than Dokuchaev, Alexsey Belan and Igor Anatolyevich Sushchin (also Russian citizens) are also wanted by the FBI in connection with Yahoo breach. It is however impossible that the three agents will ever get caught by US authorities. Unlike Roman Seleznev, the 32-year-old Russian hacker who was arrested in Maldives in 2014, and extradited to the United States for $50M Hacking Scam, where Roman pleaded guilty to identity theft and wire fraud charges.
According to a now-deleted (cache version available here) press release from The United States Department of Justice:
“This case is a prime example of the hybrid cyber threat we’re facing, in which nation states work with criminal hackers to carry out malicious activities,” said Executive Assistant Director Paul Abbate of the FBI’s Criminal, Cyber, Response, and Services Branch. “Today’s guilty plea illustrates how the FBI continues to work relentlessly with our private sector, law enforcement, and international partners to identify and hold accountable those who conduct cyber attacks against our nation, no matter who they’re working with or where they attempt to hide.”
In a March 2017 press release, the 22-year-old Baratov alleged to receive money from FSB for officials to hack at least 80 accounts. However, his attorneys claim their client had only hacked 8 accounts without any knowledge that he was working for Russian intelligence agency agents linked to the large-scale Yahoo cyber attack.
Baratov who is also known as a “hacker-for-hire” was arrested in March from Hamilton, Ontario and He scheduled for sentencing on February 20th.