nito - Fotolia
A 23-year-old Canadian resident, Karim Baratov, has been jailed for five years for hacking into Yahoo email accounts, allegedly on the orders of Russia’s FSB security service.
He was extradited to the US, where he pleaded guilty to conspiracy to commit computer fraud and identity theft.
Kazakhstan-born Baratov is one of four people charged in the US in connection with the 2014 Yahoo hacking that affected at least 500 million accounts. The others charged were two Russian intelligence officers and a Russian hacker.
The Yahoo email hacking victims included White House staff and employees of the US military and diplomatic corps, as well executives at global companies, but US officials say there are no links with the US probe into Russian interference in the US 2016 presidential election.
Although prosecutors had asked for a 94-month prison sentence, US district judge Vince Chhabria said Baratov was not one of the ringleaders and, although the need for deterrence called for a stiff sentence, the defendant’s personal history and circumstances point toward leniency.
The judge opted for a 60-month sentence and a $250,000 fine, while Baratov apologised to everyone he hurt and promised to put his skills to good use.
“The last 14 months have been a very humbling and eye-opening experience,” he told the judge. “There is no excuse for my actions,” he said, adding that “all I can do is promise to be a better man”.
The sentence imposed “reflects the seriousness of hacking for hire”, acting US Attorney Alex Tse said in a statement.
“Hackers such as Baratov ply their trade without regard for the criminal objectives of the people who hire and pay them. These hackers are not minor players; they are a critical tool used by criminals to obtain and exploit personal information illegally.
“In sentencing Baratov to five years in prison, the court sent a clear message to hackers that participating in cyber attacks sponsored by nation states will result in significant consequences,” he said.
Commentators said that while the US has little chance of getting the other three hackers charged in the case extradited from Russia, it has used the Baratov case to show Russia is orchestrating criminal hacks.
US prosecutors claim Baratov was paid to hack into 80 email accounts, including 50 Google accounts. They said he used spear phishing emails to trick targets into providing passwords.
Baratov, who claims he did not know who was behind the hacking requests, said he began hacking as a teen seven years ago and charged customers $100 a hack to access web-based emails.
Baratov is believed to have collected more than $1.1m in fees, which he used to buy a house and expensive cars.
When the Yahoo email breaches were uncovered in 2016, they threatened to derail the sale of Yahoo’s core business to Verizon, but ultimately resulted in a $350m reduction in the price to $4.48bn.
Read more about Yahoo’s data breaches
- US authorities have arrested a man in Canada who has been charged alongside two Russian intelligence officers and a Russian hacker in connection with a 2014 data breach at Yahoo affecting 500 million accounts.
- The theft of the email addresses and other account details of 500 million Yahoo users is a golden opportunity for cyber criminals working with bad-bots.
- Yahoo’s data breaches cost its top lawyer his job, CEO Marissa Mayer millions in bonuses, and $350m off its sale price, highlighting the importance of executive involvement.