Russian agents, hackers charged in Yahoo breach

Associated Press

WASHINGTON

Two Russian intelligence agents and a pair of hired hackers have been charged in a devastating criminal breach at Yahoo that affected at least a half billion user accounts, the Justice Department said Wednesday in bringing the first case of its kind against current Russian government officials.

In a scheme that prosecutors say blended intelligence gathering with old-fashioned financial greed, the four men targeted the email accounts of Russian and U.S. government officials, Russian journalists and employees of financial services and other private businesses, U.S. officials said.

Using in some cases a technique known as “spear-phishing” to dupe Yahoo users into thinking they were receiving legitimate emails, the hackers broke into at least 500 million accounts in search of personal information and financial data such as gift card and credit-card numbers, prosecutors said.

The case, announced amid continued U.S. intelligence agency skepticism of their Russian counterparts, comes as U.S. authorities investigative Russian interference through hacking in the 2016 presidential election. Officials said those investigations are separate.

One of the Yahoo-related defendants, a Canadian and Kazakh national named Karim Baratov, has been taken into custody in Canada. Another, Alexsey Belan, is on the list of the FBI’s most wanted cyber criminals and has been indicted multiple times in the U.S.

It’s not clear whether he or the other two defendants, Dmitry Dokuchaev and Igor Sushchin, will ever step foot in an American courtroom since there’s no extradition treaty with Russia.

The indictment identifies Dokuchaev and Sushchin as officers of the Russian Federal Security Service, or FSB. Belan and Baratov were paid hackers directed by the FSB to break into the accounts, prosecutors said.

Dokuchaev has been in custody in Russia since his arrest on treason charges in December, along with his superior and several others.

Russian media have reported that Dokuchaev and his superior were accused of passing sensitive information to the CIA.

The media reports also have contended that Dokuchaev was arrested by the FSB several years ago and offered a choice: serve a long prison sentence on hacking charges or sign a contract to work for the agency.

The FSB hasn’t commented, and the Justice Department did not confirm that.

Yahoo didn’t disclose the breach until last September when it began notifying hundreds of millions of users that their email addresses, birth dates, answers to security questions and other personal information may have been stolen. Three months later, Yahoo revealed it had uncovered a separate hack in 2013 affecting about 1 billion accounts, including some that were also hit in 2014.