Russian Spies Charged in Yahoo Hacking Case

Print Friendly, PDF & Email

DOJ Acting Assistant Attorney General Mary McCord and FBI Executive Assistant Director Paul Abbate answer questions during a March 15, 2017 press conference announcing the indictments of four Russian spies and hackers in the case of Yahoo’s major cyber network breach: FBI

By Glynn Wilson –

Two Russian spies and two computer hackers have been charged with breaking into 500 million Yahoo email accounts between 2014 and 2016 in one of the largest cyber intrusions in U.S. history, according to a press release just out from the FBI.


Alexsey Belan

The charges were announced in the midst of ongoing investigations about Russian hacking of emails and meddling in the U.S. presidential election, possible links between Russian figures and associates of President Donald Trump, questions about wiretapping in Trump Tower and doubts about the Trump administration’s willingness to respond strongly to threats from Moscow in cyberspace and around the world.

The U.S. Justice Department’s 47-count indictment against Russian criminal hacker Alexsey Belan, Russian FBS officers Dmitry Dokuchaev and Igor Sushchin, and criminal hacker Karim Baratov, includes charges for conspiracy to commit computer fraud and abuse, economic espionage, theft of trade secrets, wire fraud, access device fraud and aggravated identify theft. The case shows Russia’s Federal Security Service, the successor to the KGB, working hand-in-hand with cyber criminals, who helped intelligence goals in exchange for making money from the enterprise.


Igor Sushchin

Investigators say they believe the two FSB officers work in a unit that serves as the FBI’s point of contact in Moscow on cyber crime matters.

“The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI’s point of contact in Moscow on cyber crime matters, is beyond the pale,” Acting Assistant Attorney General Mary McCord said at a press conference announcing the charges.

Last September when Yahoo announced the unprecedented breach company officials said they believed the attack was state-sponsored. On Wednesday the company said the indictment shows that to be the case “unequivocally.” The charges were filed by a federal grand jury in the Northern District of California, where Yahoo’s headquarters are located.


Dmitry Dokuchaev

One of the criminal hackers, Baratov, was arrested Tuesday by Canadian authorities. The two FSB officers and the second hacker, last known to have been in Russia, are currently fugitives wanted by the FBI. Belan, who is among the FBI’s most-wanted cyber criminals and the subject of a Red Notice for Interpol nations, including Russia, was arrested in Europe in June 2013. But he escaped to Russia before he could be extradited to the U.S.

McCord said the hacking campaign was waged by the FSB to collect intelligence but that the two hackers used the collected information as an opportunity to “line their pockets.” While the U.S. does not have an extradition treaty with Russia, McCord indicated she was hopeful Russian authorities would cooperate.

“The involvement and direction of FSB officers with law enforcement responsibilities make this conduct that much more egregious — there are no free passes for foreign state-sponsored criminal behavior,” McCord said.

FBI Executive Assistant Director Paul Abbate said the case is a “highly complicated investigation of a very complex threat.”

“It underscores the value of early, proactive engagement and cooperation between the private sector and the government,” he said.

The information stolen from the 500 million user accounts using malicious files and software tools being downloaded onto Yahoo’s network came from the company’s proprietary user data base, which contained users names, recovery e-mail addresses, phone numbers and information needed to manually create account authentication web browser cookies.

The hackers used access to Yahoo’s networks to identify and access accounts of possible interest to the Russian spies, including those of Russian journalists, U.S. and Russian government officials, employees of U.S. and Russian governments, and other internet service provider networkes the conspirators sought to exploit, including Google.

Belan allegedly searched Yahoo user communications for credit card and gift card account numbers and leveraged the contact lists from at least 30 million accounts to perpetrate his own spam scheme.

The indictments were announced today by U.S. Department of Justice Acting Assistant Attorney General Mary McCord, FBI Executive Assistant Director Paul Abbate, and Northern District of California U.S. Attorney Brian Stretch during a press conference in Washington, D.C.

The FBI praised Yahoo and Google for coming forward and working with law enforcement to help crack the case.

“This collaboration ultimately resulted in countering the malicious activities of state actors and bringing criminals to justice,” the FBI statement said. “It also illustrates that the FBI can successfully work these kinds of investigations with victim companies while respecting the various (privacy) concerns and (business) considerations businesses might have about the impact of going public.”

© 2017, Glynn Wilson. All rights reserved.