igor - Fotolia
Two Russian Federal Security Service (FSB) officers protected, directed, facilitated and paid criminal hackers to breach Yahoo’s network and access webmail accounts, say US authorities.
The US has charged the two FSB officers alongside two hackers, one Russian also resident in Russia and the other a Canadian and Kazakh national who is resident in Canada with computer hacking, economic espionage and other criminal offenses, confirming earlier reports that the move was imminent.
This is the first criminal case for cyber crimes brought by the US against Russian government officials.
According to the official indictment, the four accused used unauthorised access to Yahoo’s systems to steal information from at least 500 million Yahoo accounts. However, the indictment does not link the four to the 2013 breach that affected double the number of Yahoo accounts.
Some of the stolen information was then used to obtain unauthorised access to the contents of accounts at Yahoo, Google and other webmail providers, including accounts of Russian journalists, US and Russian government officials and private-sector employees of financial, transportation and other companies.
US attorney general Jeff Sessions said cyber crime poses a significant threat to national security, but that the US will “vigorously investigate and prosecute the people behind such attacks to the fullest extent of the law”.
FBI director James Comey said: “We continue to pierce the veil of anonymity surrounding cyber crimes. We are shrinking the world to ensure that cyber criminals think twice before targeting US persons and interests.”
Acting assistant attorney general Mary McCord said the department of justice and FBI had demonstrated that hackers around the world can and will be exposed and held accountable.
“State actors may be using common criminals to access the data they want, but the indictment shows that our companies do not have to stand alone against this threat. We commend Yahoo and Google for their sustained and invaluable co-operation in the investigation aimed at obtaining justice for, and protecting the privacy of, their users,” she said.
Executive assistant director Paul Abbate of the FBI’s Criminal, Cyber, Response and Services Branch (CCRSB) said the investigation underscored the value of early, proactive engagement and co-operation between the private sector and the government.
“The FBI will continue to work relentlessly with our private sector and international partners to identify those who conduct cyber attacks against our citizens and our nation, expose them and hold them accountable under the law, no matter where they attempt to hide,” he said.
Co-operation between government, law enforcement, industry and academia was a central theme at the recent CyberUK conference in Liverpool.
FSB officers utilise hackers after US Red Notice
The FSB officers involved were named as Dmitry Dokuchaev and Igor Sushchin, who worked with hackers Alexsey Belan and Karim Baratov.
Belan had been publicly indicted in September 2012 and June 2013 and was named one of FBI’s Cyber Most Wanted criminals in November 2013. An Interpol Red Notice seeking his immediate detention has been lodged (including with Russia) since July 26, 2013.
Belan was arrested in a European country on a request from the US in June 2013, but he was able to escape to Russia before he could be extradited.
US authorities said instead of acting on the US government’s Red Notice and detaining Belan after his return, Dokuchaev and Sushchin subsequently used him to gain unauthorised access to Yahoo’s network.
Towards the end of 2014, Belan stole a copy of at least a portion of Yahoo’s user database that contained, among other data, subscriber information including users’ names, recovery email accounts, phone numbers and certain information required to manually create, or “mint”, account authentication web browser “cookies” for more than 500 million Yahoo accounts, the indictment said.
Belan also obtained unauthorised access to Yahoo’s account management tool (AMT), enabling Belan, Dokuchaev and Sushchin to locate Yahoo email accounts of interest and to mint cookies for those accounts, enabling the co-conspirators to access at least 6,500 such accounts without authorisation.
The FSB officers allegedly facilitated Belan’s other criminal activities, by providing him with sensitive FSB law enforcement and intelligence information that would have helped him avoid detection by US and other law enforcement agencies outside Russia, including information regarding FSB investigations of computer hacking and FSB techniques for identifying criminal hackers.
Additionally, Belan used his access to steal financial information such as gift card and credit card numbers from webmail accounts; to gain access to more than 30 million accounts whose contacts were then stolen to facilitate a spam campaign; and to earn commissions from fraudulently redirecting a subset of Yahoo’s search engine traffic.
Read more about Yahoo
- Yahoo announces another strategic plan to reduce costs by $400m and raise up to $3bn in the wake of a $4.43bn loss for the fourth quarter of 2015.
- Yahoo is expected to announce that it will not place its 15% Alibaba holding in a separate company, but focus instead on its core business.
- Yahoo announces it will close its research and development centre in China in plans to consolidate research and cut costs.
When Dokuchaev and Sushchin learned that a target of interest had accounts at webmail providers other than Yahoo, including through information obtained as part of the Yahoo intrusion, they tasked their co-conspirator, Baratov, a resident of Canada, with obtaining unauthorised access to more than 80 accounts in exchange for commissions.
On 7 March 2017, the Department of Justice submitted a provisional arrest warrant to Canadian law enforcement authorities, requesting Baratov’s arrest. On 14 March 2017, Baratov was arrested in Canada and the matter is now pending with the Canadian authorities.
Commentators have said it is unlikely the US will be able to bring the Russian nationals involved to justice, but the indictment shows that US investigators can track Russian cyber espionage operations.
When the breaches were uncovered in 2016, they threatened to derail the sale of Yahoo’s core business to Verizon, but ultimately resulted in a $350m reduction in the price to $4.48bn.
Under the deal, Yahoo and Verizon will split the cost of government investigations and third-party litigation related to the data breaches, but Yahoo alone will be responsible for any liabilities arising from shareholder lawsuits and a Securities and Exchange Commission (SEC) investigation.