Two Russian intelligence agents were involved in the theft of 500 million Yahoo user accounts in 2014, according to charges announced today (Mar. 15) by the United States Justice Department. In its press release, the department provided a rare glimpse into what was actually done with the data—which included encrypted passwords, names, email addresses, telephone numbers, and birth dates—after it was stolen.
The defendants, who in addition to the Russian agents include a Russian national and a dual citizen of Canada and Kazakhstan, used the stolen Yahoo accounts “to obtain unauthorized access to the contents of accounts at Yahoo, Google and other webmail providers, including accounts of Russian journalists, U.S. and Russian government officials and private-sector employees of financial, transportation and other companies.”
One of the defendants, according to the release, also searched the compromised accounts for emails that contained credit card numbers, and also helped to steal the contacts from such accounts for use in an email spam campaign.
The Yahoo data breach, which was announced in September 2016—two years after it occurred—is one of the largest known thefts of sensitive records. Yahoo made the announcement after samples of the stolen data began appearing online in underground hacker forums. The company said it believed the attack was state-sponsored, but did not provide further details. (Yahoo subsequently disclosed in December a separate attack that compromised more than 1 billion accounts.)
The four defendants include:
- Dmitry Aleksandrovich Dokuchaev, 33, “was an officer in the FSB Center for Information Security, aka ‘Center 18.’ Dokuchaev was a Russian national and resident,” according to the release.
- Igor Anatolyevich Sushchin, 43, “was an FSB officer, a superior to Dokuchaev within the FSB, and a Russian national and resident. Sushchin was embedded as a purported employee and Head of Information Security at a Russian investment bank.”
- Alexsey Alexseyevich Belan, aka “Magg,” 29, “was born in Latvia and is a Russian national and resident. U.S. Federal grand juries have indicted Belan twice before, in 2012 and 2013, for computer fraud and abuse, access device fraud and aggravated identity theft involving three U.S.-based e-commerce companies and the FBI placed Belan on its ‘Cyber Most Wanted’ list. Belan is currently the subject of a pending ‘Red Notice’ requesting that Interpol member nations (including Russia) arrest him pending extradition. Belan was also one of two criminal hackers named by President Barack Obama on Dec. 29, 2016, pursuant to Executive Order 13694, as a Specially Designated National subject to sanctions.”
- Karim Baratov, aka “Kay,” “Karim Taloverov” and “Karim Akehmet Tokbergenov,” 22, Canadian and Kazakh national and a resident of Canada.
In total, the four defendants face 47 charges: