US authorities on Wednesday (15 March)
brought forward charges against two Kremlin intelligence (FSB) officials and two criminal hackers for launching a massive
cyberattack on Yahoo in 2014, which compromised around 500 million user accounts.
The US government's indictments reveal
how Russian spies allegedly recruited criminal hackers in a conspiracy to hack the tech giant.
The FBI said that the two
criminal hackers,
Alexsey Belan, a Russian who is currently on the agency's most-wanted
list and Karim Baratov, a Kazakh residing in Canada, who was arrested on
Tuesday (14 March) were hired by two FSB agents Dmitry Dokuchaev, 33,
and Igor Sushchin, 43 to carry out the cyberattack.
How was Yahoo hacked?
According to the FBI,
Belan, who went by "Magg" had breached Yahoo's system by early 2014 and
made his way to the firm's internal control center for email accounts,
which allowed him to make administration level changes, including
accessing and changing passwords. This helped the FSB zero in on which
accounts to go after. Belan copied and exported a backup of Yahoo's user database between November and December 2014.
This
database was later used for credential forging and cookie minting,
which allowed the suspects to access the contents of nearly 6,500
accounts without even having to provide usernames and passwords. The
Kremlin intelligence officials' targets included Russian journalists and
government officials as well as senior officials of foreign governments
and corporations.
Baratov was allegedly recruited to use the data hacked
by Belan to carry out phishing attacks, designed at gaining even more
information. The hacker was paid was hired to access 80 specific email
accounts, including 50 Google accounts.
Unmasking the Yahoo hackers.
According to the
US government's indictment, Belan appeared to have played a major role
in the attack, while Baratov was likely the least involved in the
incident. Compared to Belan, Baratov's technical skills were also likely
less sophisticated, given that he was not all that careful about hiding
his cybercriminal activities.
According to a security journalist Brian Krebs, it took about "10
minutes of searching online to trace back" numerous email hacking
services run by Baratov back to him specifically. The hacker was active
on social media and blatantly displayed his wealth. In one of his posts
on Instagram, he describes himself as "well off in high school to be
able to afford driving a BMW 7 series and pay off a mortgage on my first
house".
Commenting on Baratov's easily traceable activities,
Krebs wrote, "Security professionals are fond of saying that any system
is only as secure as its weakest link. It would not be at all surprising
if Baratov was the weakest link in this conspiracy chain."
Meanwhile,
Belan had already garnered the interest of US authorities, making it to
the FBI's cyber most wanted list in 2013 after being charged with
hacking and stealing credit card data from various corporations. Belan
successfully fled to Russia, after being arrested in Europe in June
2013, thereby escaping being extradited to the US.
"During the
conspiracy, the FSB officers facilitated Belan's other criminal
activities, by providing him with sensitive FSB law enforcement and
intelligence information that would have helped him avoid detection by
U.S. and other law enforcement agencies outside Russia, including
information regarding FSB investigations of computer hacking and FSB
techniques for identifying criminal hackers," the Justice Department
charged in its statement about the indictments.
"Additionally,
while working with his FSB conspirators to compromise Yahoo's network
and its users, Belan used his access to steal financial information such
as gift card and credit card numbers from webmail accounts; to gain
access to more than 30 million accounts whose contacts were then stolen
to facilitate a spam campaign; and to earn commissions from fraudulently
redirecting a subset of Yahoo's search engine traffic," the US
government added.
Have all the suspects been arrested?
All
4 indicted by the US face 47 criminal charges. While Belan remains at
large in Russia, Baratov was presented before a Canadian court on
Wednesday, where he reportedly claimed that he intends to apply for
bail, but that he needs to find legal counsel, Bloomberg reported.
Of
the two Russian spies, Sushchin is also at large while Dokuchaev was
arrested by Russian authorities, who suspect that he passed over
information to US intelligence agencies. He currently faces treason charges and may be jailed for as long as 20 years, if found guilty.
The
FSB is yet to comment on the matter. Putin's spokesperson Dmitry Peskov
claimed that Russia wants to cooperate with the US over the cyber
threats.
The FBI's San Francisco Division's special agent in
charge Jack Bennett said the he is confident US authorities will
apprehend the three suspects, despite America not having an extradition
treaty with Russia.
"These guys will travel one day somewhere.
There are countries that have extradition treaties with the United
States and we will take advantage of that," he said. "The world is a
small place."..
