Skip to navigationSkip to content
HACKED

The US Justice Department says Russian spies were behind the theft of 500 million Yahoo accounts

AP Photo/Julie Jacobson
Oh no.
Published Last updated This article is more than 2 years old.

Two Russian intelligence agents were involved in the theft of 500 million Yahoo user accounts in 2014, according to charges announced today (Mar. 15) by the United States Justice Department. In its press release, the department provided a rare glimpse into what was actually done with the data—which included encrypted passwords, names, email addresses, telephone numbers, and birth dates—after it was stolen.

The defendants, who in addition to the Russian agents include a Russian national and a dual citizen of Canada and Kazakhstan, used the stolen Yahoo accounts “to obtain unauthorized access to the contents of accounts at Yahoo, Google and other webmail providers, including accounts of Russian journalists, U.S. and Russian government officials and private-sector employees of financial, transportation and other companies.”

One of the defendants, according to the release, also searched the compromised accounts for emails that contained credit card numbers, and also helped to steal the contacts from such accounts for use in an email spam campaign.

The Yahoo data breach, which was announced in September 2016—two years after it occurred—is one of the largest known thefts of sensitive records. Yahoo made the announcement after samples of the stolen data began appearing online in underground hacker forums. The company said it believed the attack was state-sponsored, but did not provide further details. (Yahoo subsequently disclosed in December a separate attack that compromised more than 1 billion accounts.)

The four defendants include:

  • Dmitry Aleksandrovich Dokuchaev, 33, “was an officer in the FSB Center for Information Security, aka ‘Center 18.’ Dokuchaev was a Russian national and resident,” according to the release.
  • Igor Anatolyevich Sushchin, 43, “was an FSB officer, a superior to Dokuchaev within the FSB, and a Russian national and resident. Sushchin was embedded as a purported employee and Head of Information Security at a Russian investment bank.”
  • Alexsey Alexseyevich Belan, aka “Magg,” 29, “was born in Latvia and is a Russian national and resident. U.S. Federal grand juries have indicted Belan twice before, in 2012 and 2013, for computer fraud and abuse, access device fraud and aggravated identity theft involving three U.S.-based e-commerce companies and the FBI placed Belan on its ‘Cyber Most Wanted’ list. Belan is currently the subject of a pending ‘Red Notice’ requesting that Interpol member nations (including Russia) arrest him pending extradition. Belan was also one of two criminal hackers named by President Barack Obama on Dec. 29, 2016, pursuant to Executive Order 13694, as a Specially Designated National subject to sanctions.”
  • Karim Baratov, aka “Kay,” “Karim Taloverov” and “Karim Akehmet Tokbergenov,” 22, Canadian and Kazakh national and a resident of Canada.

In total, the four defendants face 47 charges:

1
All
Conspiring to commit computer fraud and abuse
10 years
2
Dokuchaev, Sushchin, Belan
Conspiring to engage in economic espionage
15 years
3
Dokuchaev, Sushchin, Belan
Conspiring to engage in theft of trade secrets
10 years
4-6
Dokuchaev, Sushchin, Belan
Economic espionage
15 years (each count)
7-9
Dokuchaev, Sushchin, Belan
Theft of trade secrets
10 years (each count)
10
Dokuchaev, Sushchin, Belan
Conspiring to commit wire fraud
20 years
11-13
Dokuchaev, Sushchin, Belan
Accessing (or attempting to access) a computer without authorization to obtain information for the purpose of commercial advantage and private financial gain.
5 years(each count)
14-17
Dokuchaev, Sushchin, Belan
Transmitting code with the intent to cause damage to computers.
10 years (each count)
18-24
Dokuchaev, Sushchin, Belan
Accessing (or attempting to access) a computer without authorization to obtain information for the purpose of commercial advantage and private financial gain.
5 years(each count)
25-36
Dokuchaev, Sushchin, Belan
Counterfeit access device fraud
10 years (each count)
37
Dokuchaev, Sushchin, Belan
Counterfeit access device making equipment
15 years
38
Dokuchaev, Sushchin, Baratov
Conspiring to commit access device fraud
7 ½ years.
39
Dokuchaev, Sushchin, Baratov
Conspiring to commit wire fraud
20 years
40-47
Dokuchaev, Baratov
Aggravated identity theft
2 years

📬 Kick off each morning with coffee and the Daily Brief (BYO coffee).

By providing your email, you agree to the Quartz Privacy Policy.