The Justice Department announced charges Wednesday against four suspects in the massive 2014 Yahoo data breach, including two Russian security service officers.
According to DOJ allegations, the hackers targeted high-profile government and military officials as well as commercial entities such as investment banks
A DOJ official noted that the activity continued through 2016, but declined to comment on whether the suspects had any relation to the 2013 hack.
Officials also noted that they had no reason to believe the hack was connected to the cyber attack on the Democratic National Convention allegedly carried about Russians.
Two of the defendants, Dmitry Aleksandrovich Dokuchaev and Igor Anatolyevich Sushchin, worked for Russia’s main security agency, known as the FSB, the successor unit to the KGB and the FBI’s point of contact with Moscow for cyber crime. Sushchin, Dokuchaev’s superior also, worked as the Head of Information Security at a Russian investment bank.
The other two defendants, Alexsey “Magg” Alexseyevich Belan and Karim Baratov, are believed to be the criminal hackers.
DOJ Principal Deputy Assistant Attorney General Mary McCord highlighted the seriousness of Russian officials corroborating with cyber criminals during the press conference.
“The involvement and direction of FSB officers with law-enforcement responsibilities makes this conduct that much more egregious,” McCord told reporters.
A Department of Justice official noted later that it would be a “challenge” for continued cooperation between the FBI and the FSB, calling the current case a “great test,” depending on the level of cooperation the FSB provided.
The defendants are being charged for the data hack of at least 500 million Yahoo user accounts, which they then used to access individuals’ private information. The hackers allegedly targeted the accounts, among others, of journalists, high-profile government officials and commercial entities.
“The defendants used unauthorized access to Yahoo’s systems to steal information from about at least 500 million Yahoo accounts and then used some of that stolen information to obtain unauthorized access to the contents of accounts at Yahoo, Google and other webmail providers, including accounts of Russian journalists, U.S. and Russian government officials and private-sector employees of financial, transportation and other companies,” the press release says.
DOJ officials noted that Google, which was also affected by the breach, had cooperated during the investigations.
Belan used the access for “financial gain,” according to the DOJ. He searched email contents for credit or gift card numbers. He also redirected Yahoo searches to make commissions on directing traffic to a website claiming to treat erectile dysfunction, and used 30 million accounts’ details for spam.
The DOJ is also charging Belan for stealing, transferring, receiving and possessing Yahoo trade secrets. Belen alleged illegally obtained Yahoo’s proprietary information on their UDB -- a confidential technology with subscriber names, forgotten password questions, secondary accounts and phone numbers -- as well as AMT, UBD’s interface in addition to Yahoo’s cookie minting source code. Belan and others were able to use the source code to gain access into Yahoo user accounts.
Baratov was allegedly tasked with using information acquired in the 2014 Yahoo hack to gain access into other email platforms like Gmail, after Belan, Dokuchaev and Suschin passed him information they stole from Yahoo user accounts.
Attorney General Jeff Sessions and FBI Director James Comey were among the government officials announcing the charges.
“Cyber crime poses a significant threat to our nation’s security and prosperity, and this is one of the largest data breaches in history,” Sessions said. “But thanks to the tireless efforts of U.S. prosecutors and investigators, as well as our Canadian partners, today we have identified four individuals, including two Russian FSB officers, responsible for unauthorized access to millions of users’ accounts. The United States will vigorously investigate and prosecute the people behind such attacks to the fullest extent of the law.”
“Today we continue to pierce the veil of anonymity surrounding cyber crimes,” Comey said. “We are shrinking the world to ensure that cyber criminals think twice before targeting U.S. persons and interests.”
These Justice Department charges mark the first time the U.S. has formally charged Russian government officials for cybercrimes.
Belan had been indicted twice before for hacking charges. He was listed as one of the FBI’s most wanted cyber criminals in November 2013. Belan escaped arrest in Europe by fleeing to Russia before he could extradited, the report says
Baratov, a dual Canadian and Kazakh citizen, was apprehended in Canada.
The U.S. does not have an extradition treaty with Russia. When asked about discussions between the two countries for extradition of the three suspects in Russia, a DOJ official did not answer directly, noting only that the DOJ hoped Russia “would respect our criminal justice system and respect these charges and what they need to do.”
Yahoo voiced its support of the FBI’s findings in a statement posted on its blog.
“We appreciate the FBI’s diligent investigative work and the DOJ’s decisive action to bring to justice those responsible for the crimes against Yahoo and its users,” the statement read. “We’re committed to keeping our users and our platforms secure and will continue to engage with law enforcement to combat cybercrime.”
The hacks significantly affected the Sunnyvale, Calif., Based company. Verizon used the breach to negotiate $350 million off the $4.8 deal it had arranged to acquire Yahoo.
The telecommunications comment declined to comment on the indictment.
This story was updated at 2:38 p.m. on March 15.