The U.S. government accused Russia of directing some of the world’s most notorious hackers to break into computer systems, namely a half-billion accounts at Yahoo, in a broad scheme pairing cybercrime with intelligence gathering.
The broadside against the Russian government appeared in an indictment unsealed Wednesday in San Francisco federal court against two Russian FSB security agents and a pair of criminal hackers. Only one was arrested, a Canadian. The U.S. government has little chance of getting the other three extradited from Russia, but was sending a clear message to Moscow that heightened cyberactivity wouldn’t be tolerated.
“We have reason to believe, based on our evidence, they were acting in their capacity as FSB officials,” said Mary McCord, acting assistant attorney general for the Department of Justice’s national security division.
Prosecutors accused the four of conspiracy, economic espionage, wire fraud and theft of trade secrets connected to the 2014 Yahoo breach, which threatened to derail its acquisition by Verizon Communications Inc. and ultimately led to a lower purchase price. The U.S. indictment essentially contends that the hackers had access to the accounts of 30 million users of Yahoo.
“The indictment unequivocally shows the attacks on Yahoo were state-sponsored,” said Chris Madsen, an assistant general counsel for security and law enforcement at Yahoo.
The indictment appears to pull back the curtain on the use of criminal hackers by Russia’s spy agencies to attack key U.S. targets, including the largest purveyors of web-based email, Google and Yahoo.
It lists a diverse group of hacking victims in the U.S. including the White House and its military and diplomatic corps. The missions also reaped information on a swath of global companies and their executives, including a U.S. financial services company, an airline and private equity firms.
The U.S. also reveals how Russia has used criminal operations to hide government spy activities, sheltering those criminals from prosecution while using the threat of charges as a recruiting tool for the country’s best criminal talent.
After the indictments were announced, a Putin spokesman, Dmitry Peskov, didn’t directly address the charges against Russian security officials but said Moscow was interested in cooperating with the U.S. to combat cyber threats. The press office for the Federal Security Service didn’t answer phone calls.
The U.S. government has been ratcheting up pressure on Russian hacking networks over the last few months. In December, the Treasury Department imposed sanctions on two Russians — Evgeniy Mikhailovich Bogachev and Aleksey Alekseyevich Belan — for engaging in “malicious cyber-enabled activities.” The announcement was made as President Barack Obama took steps against Russia for attempting to interfere with the U.S. presidential election.
One of those hackers, Belan, was charged in the Yahoo case. He has been charged twice previously for cyberattacks of technology companies.
The agents from the FSB included Igor Sushchin, who worked for the agency and specialized in cyber investigations. The other was Dmitry Dokuchaev, described as a hacker for hire who was pressed into working for the FSB to avoid prosecution for bank-card fraud. Russian authorities detained him in December and accused him of “interacting” with U.S. intelligence.
Karim Baratov, a Canadian citizen born in Kazakhstan, was arrested in Canada and charged by the U.S. He’s accused of targeting people inside Russia in information-gathering schemes. Calls to his home weren’t immediately returned. The other three defendants couldn’t immediately be reached for comment.
Belan used access to Yahoo to line his own pockets, according to the indictment. He was paid a bounty for his intelligence gathering missions, the U.S. said. The Yahoo email accounts almost certainly provided sensitive personal data to Russia’s increasingly unpredictable spy agencies.
While the Yahoo intrusion was the central cog of the operation, the indictments describe a broader intelligence-gathering effort that often went after Russian citizens, including the country’s key politicians.
In one mission, the hackers were instructed to compromise Google accounts belonging to an assistant to the deputy chairman of the Russian Federation, an officer of the Russian Ministry of Internal Affairs and a training expert for Russia’s Sports Ministry, the indictment says. Other Russian targets included journalists and politicians critical of the government, a board member and senior officer of a Russian financial firm and a senior officer of a Russian email provider.
Baratov was said to be heavily involved in targeting Russians for the FSB. He was paid to gain access to 80 email accounts, including 50 Google accounts, the U.S. said. He would mount spear-phishing attacks, using fake emails to compel targets to provide sensitive information. Once he obtained passwords, he would sell them to Dokuchaev, the U.S. said.
An extradition hearing for Baratov was postponed until Friday, according to court officials in Hamilton, Ontario. The U.S. is seeking forfeiture of funds held in a PayPal accounts controlled by Baratov and Dokuchaev, and two luxury cars — a gray Aston Martin DBS with a “Mr. Karim” vanity plate and a black Mercedes Benz C54.
(c) 2017, Bloomberg · Brian Womack