US charges two Russian spies over massive Yahoo cyberattack
The indictment unveiled in Washington by the US Justice Department links Russia’s top spy agency, the FSB, to the massive data breach at Yahoo, which began in 2014 and which officials said was used for espionage and financial gain.
The Russian agents were identified as Dmitry Dokuchaev and Igor Sushchin, both of whom were part of the successor agency to Russia’s KGB.
Dokuchaev was an officer in the FSB Center for Information Security, known as “Center 18,” which is supposed to investigate hacking and is the FBI’s point of contact in Moscow for cyber crimes.
The 33-year-old was reported to have been arrested in Moscow earlier this year on treason charges. He is accused of directing the Yahoo hack along with his superior, the 43-year-old Sushchin.
The two officers “protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the United States and elsewhere,” acting assistant attorney general Mary McCord told reporters.
They hired Alexsey Belan and Karim Baratov, described as “criminal hackers,” to carry out the attacks, which continued until late 2016.
McCord said the attack was directed at gathering information “clearly some of which has intelligence value,” but added that “the criminal hackers used this to line their own pockets for private financial gain.”
The hackers sought to cash in on the breach by accessing stolen credit or gift card numbers, and through a series of spam marketing schemes.
The US indictment includes 47 criminal charges including conspiracy, computer fraud, economic espionage, theft of trade secrets and identity theft.
– Journalists, diplomats targeted –
The indictments come amid a high-stakes US investigation into claims of Russian cyber-meddling in the US election, potentially to aid the winning efforts of Donald Trump.
Asked if there were any links between the Yahoo hack and the wider question of Russian interference, McCord said, “We don’t have anything that suggests… any relationship,” adding that the election case “is an ongoing investigation.”
Targets of the Yahoo breach included Russian and US government officials, including cyber security, diplomatic and military personnel, McCord said.
“They also targeted Russian journalists; numerous employees of other providers whose networks the conspirators sought to exploit; and employees of financial services and other commercial entities,” she added.
The US statement said some targets were “of predictable interest” to the Russian spy agency including Russian and US government officials and employees of a prominent Russian cybersecurity company.
Other accounts compromised belonged to employees of commercial entities, such as a Russian investment banking firm, a French transportation company, US financial services and private equity firms, a Swiss bitcoin wallet and banking firm and a US airline, according to the Justice Department.
McCord said Baratov, a Canadian national, was arrested this week on a US warrant in Canada.
Belan, 29, has been indicted twice in US cases involving the hacking of e-commerce companies, and is listed as one of the FBI’s “Cyber Most Wanted criminals.”
FBI executive assistant director Paul Abbate said the agency has asked Moscow for assistance in apprehending the suspects but noted that “we have had limited cooperation with that element of the Russian government.”
The attack on Yahoo, disclosed last year, was one of the largest ever data breaches and at the time was blamed on a “nation-state” attacker.
Yahoo’s assistant general counsel Chris Madsen said in a statement that the indictment “unequivocally shows the attacks on Yahoo were state-sponsored,” and added, “We are deeply grateful to the FBI for investigating these crimes and the DOJ for bringing charges against those responsible.”
– Cookies, erectile dysfunction –
The indictment showed a series of techniques used by the hackers in accessing user accounts.
In some cases, they used emails disguised as legitimate messages, a technique known as “phishing.”
Another scheme directed users searching for erectile dysfunction medications to a fake website that included malicious software.
The hackers were also able to produce forged “cookies” or bits of software used to authenticate users, and used stolen Yahoo credentials to compromise accounts of other webmail providers, including Google.
“Today we continue to pierce the veil of anonymity surrounding cyber crimes,” said FBI director James Comey. “We are shrinking the world to ensure that cyber criminals think twice before targeting US persons and interests.”