National Post (National Edition)
U.S. accuses Russian agents in Yahoo hack
Three suspects unlikely to be extradited
The U.S. government accused Russia of directing some of the world’s most notorious hackers to break into computer systems, namely a half-billion accounts at Yahoo! Inc., in a broad scheme that paired cybercrime with intelligence gathering.
The broadside against the Russian government appeared in an indictment unsealed Wednesday in San Francisco federal court alleging a widespread conspiracy by two Russian FSB security agents and a pair of criminal hackers.
Only one was arrested — Canadian Karim Baratov.
Although FBI agents have long suspected that the Russians have used cyber mercenaries to do their work, this case is among the first in which evidence is offered to show that.
The U.S. government has little chance of getting the other three extradited from Russia — including one who is on the list of the world’s most-wanted cyber criminals — but was sending a clear message to Moscow that heightened cyber activity wouldn’t be tolerated.
“We have reason to believe, based on our evidence, they were acting in their capacity as FSB officials,” said Mary McCord, acting assistant attorney general for the Department of Justice’s national security division.
Prosecutors accused the four of conspiracy, economic espionage, wire fraud and theft of trade secrets connected to a 2014 breach of Yahoo.
Details of that attack and another in 2013 threatened to derail Yahoo’s pending acquisition by Verizon Communications Inc. and ultimately led to a lower proposed purchase price.
The indictment appears to pull back the curtain on the use of criminal hackers by Russia’s spy agencies to attack key U.S. targets, including the largest purveyors of web-based email, Google and Yahoo.
Russian intelligence agents are able to recruit some of the country’s best hackers by threatening them with charges if they don’t co-operate, according to the U.S. indictment.
The agents for the FSB — the main successor to the Soviet KGB that is known formally as the Federal Security Service — sheltered the accused hackers from prosecution and gave them sensitive information that helped them evade international law enforcement, it said.
The hackers, for their part, gained unfettered access to operate inside Yahoo’s network. Breaching a database of at least 500 million Yahoo email accounts, they looked for people of political interest and keywords in ordinary people’s accounts that would make them vulnerable to financial fraud. They also stole the secret cryptographic values that Yahoo assigns to each user for generating cookies, the files on a person’s computer that contain details of their login history. The attackers then generated their own cookies, bypassing passwords and tricking Yahoo’s server into letting them into accounts, ultimately stealing contents of 6,500 Yahoo accounts.
“The indictment unequivocally shows the attacks on Yahoo were statesponsored” as the company had initially disclosed, said Chris Madsen, an assistant general counsel for security at Yahoo.
The list of hacking victims in the U.S. was diverse, including the White House and its military and diplomatic corps. Conspirators also reaped information on a swath of global companies and their executives, including a U.S. financial services company, an airline and private equity firm, the U.S. said.
It’s the second case in recent months to accuse Moscow of using cyberattacks to undercut U.S. institutions. Justice officials said Wednesday there was no link between the Yahoo case and a probe into Russian interference in the U.S. election.
The U.S. government has been ratcheting up pressure on Russian hacking networks. In December, the Treasury imposed sanctions on two Russians — Evgeniy Mikhailovich Bogachev and Aleksey Alekseyevich Belan — for engaging in “malicious cyber-enabled activities.”
One of those hackers, Belan, was charged in the Yahoo case. Belan used access to Yahoo to line his own pockets, according to the indictment. He was paid a bounty for his intelligence gathering missions, the U.S. said.
The agents from the FSB were Igor Sushchin, who worked for the agency and specialized in cyber investigations, and Dmitry Dokuchaev, described as a hacker for hire who was pressed into working for the FSB to avoid prosecution for bankcard fraud. While the Yahoo intrusion was the central cog of the operation, the indictments describe a broader intelligence effort that often went after Russian citizens, including politicians.
In one mission, the hackers were instructed to compromise Google accounts of an assistant to the deputy chairman of the Russian Federation, an officer of the Ministry of Internal Affairs and a training expert for Russia’s Sports Ministry, the indictment says. Other Russian targets included journalists.