Skip to navigationSkip to content
AP Photo/Julie Jacobson
Oh no.
HACKED

The US Justice Department says Russian spies were behind the theft of 500 million Yahoo accounts

By Keith Collins

Two Russian intelligence agents were involved in the theft of 500 million Yahoo user accounts in 2014, according to charges announced today (Mar. 15) by the United States Justice Department. In its press release, the department provided a rare glimpse into what was actually done with the data—which included encrypted passwords, names, email addresses, telephone numbers, and birth dates—after it was stolen.

The defendants, who in addition to the Russian agents include a Russian national and a dual citizen of Canada and Kazakhstan, used the stolen Yahoo accounts “to obtain unauthorized access to the contents of accounts at Yahoo, Google and other webmail providers, including accounts of Russian journalists, U.S. and Russian government officials and private-sector employees of financial, transportation and other companies.”

One of the defendants, according to the release, also searched the compromised accounts for emails that contained credit card numbers, and also helped to steal the contacts from such accounts for use in an email spam campaign.

The Yahoo data breach, which was announced in September 2016—two years after it occurred—is one of the largest known thefts of sensitive records. Yahoo made the announcement after samples of the stolen data began appearing online in underground hacker forums. The company said it believed the attack was state-sponsored, but did not provide further details. (Yahoo subsequently disclosed in December a separate attack that compromised more than 1 billion accounts.)

The four defendants include:

  • Dmitry Aleksandrovich Dokuchaev, 33, “was an officer in the FSB Center for Information Security, aka ‘Center 18.’ Dokuchaev was a Russian national and resident,” according to the release.
  • Igor Anatolyevich Sushchin, 43, “was an FSB officer, a superior to Dokuchaev within the FSB, and a Russian national and resident. Sushchin was embedded as a purported employee and Head of Information Security at a Russian investment bank.”
  • Alexsey Alexseyevich Belan, aka “Magg,” 29, “was born in Latvia and is a Russian national and resident. U.S. Federal grand juries have indicted Belan twice before, in 2012 and 2013, for computer fraud and abuse, access device fraud and aggravated identity theft involving three U.S.-based e-commerce companies and the FBI placed Belan on its ‘Cyber Most Wanted’ list. Belan is currently the subject of a pending ‘Red Notice’ requesting that Interpol member nations (including Russia) arrest him pending extradition. Belan was also one of two criminal hackers named by President Barack Obama on Dec. 29, 2016, pursuant to Executive Order 13694, as a Specially Designated National subject to sanctions.”
  • Karim Baratov, aka “Kay,” “Karim Taloverov” and “Karim Akehmet Tokbergenov,” 22, Canadian and Kazakh national and a resident of Canada.

In total, the four defendants face 47 charges:

Count(s)Defendant(s)ChargeMaximum Penalty
1AllConspiring to commit computer fraud and abuse10 years
2Dokuchaev, Sushchin, BelanConspiring to engage in economic espionage15 years
3Dokuchaev, Sushchin, BelanConspiring to engage in theft of trade secrets10 years
4-6Dokuchaev, Sushchin, BelanEconomic espionage15 years (each count)
7-9Dokuchaev, Sushchin, BelanTheft of trade secrets10 years (each count)
10Dokuchaev, Sushchin, BelanConspiring to commit wire fraud20 years
11-13Dokuchaev, Sushchin, BelanAccessing (or attempting to access) a computer without authorization to obtain information for the purpose of commercial advantage and private financial gain.5 years(each count)
14-17Dokuchaev, Sushchin, BelanTransmitting code with the intent to cause damage to computers.10 years (each count)
18-24Dokuchaev, Sushchin, BelanAccessing (or attempting to access) a computer without authorization to obtain information for the purpose of commercial advantage and private financial gain.5 years(each count)
25-36Dokuchaev, Sushchin, BelanCounterfeit access device fraud10 years (each count)
37Dokuchaev, Sushchin, BelanCounterfeit access device making equipment15 years
38Dokuchaev, Sushchin, BaratovConspiring to commit access device fraud7 ½ years.
39Dokuchaev, Sushchin, BaratovConspiring to commit wire fraud20 years
40-47Dokuchaev, BaratovAggravated identity theft2 years