Ancaster man sentenced to 5 years for Yahoo hacking
23-year-old also fined $250,000 for role in massive security breach
SAN FRANCISCO— A Canadian young computer hacker who American investigators say unwittingly worked for Russian spies was sentenced to five years in prison Tuesday for his role in a massive security breach at Yahoo that U.S. federal agents say was directed by a Russian intelligence agency.
U.S. Judge Vince Chhabria also fined Karim Baratov $250,000 during a sentencing hearing in San Francisco.
Baratov, 23, pleaded guilty in November to nine felony hacking charges. He acknowledged in his plea agreement that he began hacking as a teen seven years ago and charged customers $100 per hack to access webbased emails. U.S. prosecutors allege he was “an international hacker for hire” who indiscriminately hacked for clients he did not know or vet, including doz- ens of jobs paid for by Russia’s Federal Security Service.
Baratov, who was born in Kazakhstan but lived in Ancaster, charged customers to obtain another person’s webmail passwords by tricking them to enter their credentials into a fake password reset page. He was arrested in 2017 after American authorities indicted him for computer hacking, economic espionage and other crimes.
After Baratov’s guilty plea, his lawyers told reporters he hacked only eight accounts and did not know that he was working for Russian agents connected to the Yahoo breach.
“He’s been transparent and forthright with the government since he got here,” lawyer Andrew Mancilla said at the time.
In August 2017, Baratov decided to forgo his extradition hearing to face the charges in Cali- fornia. His Canadian lawyer at the time said that the move was to speed up the legal process.
Meanwhile, U.S. prosecutors said in court papers that Baratov’s Russian-language website named “webhacker” advertised services for “hacking of email accounts without prepayment.” They said Russian security service hired Baratov to target dozens of email accounts using information obtained from the Yahoo hack.
Prosecutors argued that Rus- sia’s Federal Security Service targeted Russian journalists, U.S. and Russian government officials and employees of financial services and other private businesses. Baratov and his lawyers also said his work with the Russia spy agency was unwitting. The court documents allege Baratov claimed he could access webmail accounts maintained by Google and Russian providers such as Mail.Ru and Yandezx.