National Post (National Edition)
CANADIAN JAILED FIVE YEARS IN U.S. FOR HACKING EMAILS FOR RUSSIANS
Hamilton man connected to giant Yahoo breach
SA N FRANCISCO • A young Canadian computer hacker who American investigators say unwittingly worked for Russian spies, was sentenced to five years in prison Tuesday for his role in a massive security breach at Yahoo that U.S. federal agents say was directed by a Russian intelligence agency.
U.S. Judge Vince Chhabria also fined Karim Baratov of Hamilton US$250,000 during a sentencing hearing in San Francisco.
Baratov, 23, pleaded guilty in November to nine felony hacking charges. He acknowledged in his plea agreement that he began hacking as a teen seven years ago and charged customers $100 per hack to access web-based emails.
U.S. prosecutors allege he was “an international hacker for hire” who indiscriminately hacked for clients he did not know or vet, including dozens of jobs paid for by Russia’s Federal Security Service.
Baratov, who was born in Kazakhstan, charged customers to obtain another person’s webmail passwords by tricking them to enter their credentials into a fake password reset page. He was arrested in Hamilton in March 2017 under the Extradition Act after American authorities indicted him for computer hacking, economic espionage and other crimes.
After Baratov’s guilty plea, his lawyers told reporters he hacked only eight accounts and did not know that he was working for Russian agents connected to the Yahoo breach.
“He’s been transparent and forthright with the government since he got here,” lawyer Andrew Mancilla said at the time.
In August 2017, Baratov decided to forgo his extradition hearing to face the charges in California. His Canadian lawyer at the time said the move was to speed up the legal process.
Meanwhile, U.S. prosecutors said in court papers that Baratov’s Russian-language website named “webhacker” advertised services for “hacking of email accounts without prepayment.”
They said the Russian security service hired Baratov to target dozens of email accounts using information obtained from the Yahoo hack. Prosecutors argued that Russia’s Federal Security Service targeted Russian journalists, U.S. and Russian government officials and employees of financial services and other private businesses.
The court documents allege Baratov claimed he could access webmail accounts maintained by Google and Russian providers such as Mail.ru and Yandezx. He would provide customers with a screenshot of the hacked account and promised he could change security questions so they could maintain control of the account.
Baratov is alleged to have collected more than $1.1 million in fees, which he used to buy a house and expensive cars.
“Deterrence is particularly important in a case like this,” the judge said during the hearing. He rejected prosecutors’ call for a prison sentence of nearly 10 years, noting Baratov’s age and clean criminal record prior to his arrest.
Baratov has been in custody since his arrest last year. He told the judge Tuesday that his time behind bars has been “a very humbling and eye-opening experience.”
He apologized to those he hacked and promised “to be a better man” and obey the law upon his release. The judge said it is likely Baratov will be deported once he is released from prison.
The U.S. Justice Department also charged two Russian spies with orchestrating the 2014 security breach at Yahoo to steal data from 500 million users. Dmitry Aleksandrovich Dokuchaev and Igor Anatolyevich remain at large and prosecutors believe they are living in Russia, which doesn’t have an extradition treaty with the United States.