Justice Dept. charges four Russia-backed hackers over Yahoo breach

The indictments include two members of Russian intelligence and two hackers hired by the Russian government.
Written by Zack Whittaker, Contributor

(Image: file photo)

The Justice Department has charged two Russian intelligence officials and another two hackers hired by the Russian government with stealing more than 500 million accounts from Yahoo.

Dozens of charges have been filed against the four alleged hackers include wire fraud, the mass theft of identities and trade secrets, and economic espionage, relating to a breach of Yahoo's systems in 2014, according to the indictment.

In a statement, Justice Dept. officials said that the alleged hackers used the stolen information "to obtain unauthorized access to the contents of accounts at Yahoo, Google and other webmail providers, including accounts of Russian journalists, US and Russian government officials and private-sector employees of financial, transportation and other companies."

It's the first time that the US government has charged Russian officials with cyber-related offenses, and it's said to be part of the largest-ever hacking case brought by the US government.

Two of those charged, Dmitry Dokuchaev and Igor Sushchin, work for a cyber division known as "Center 18" at Russia's domestic intelligence agency, the FSB, the successor to the KGB.

Dokuchaev was arrested in December in Moscow on treason charges, after he was accused of passing state secrets to the CIA.

Two other hackers who were also indicted acted with the backing of Moscow, said Justice Dept. and FBI officials in Washington DC.

Another indicted hackers, Alexsey Belan, who is listed as one of the FBI's Cyber Most Wanted criminals, is said to still be in Russia, after he was previously charged with hacking by US authorities on two occasions in recent years.

The other hacker, Karim Baratov, was born in Kazakhstan but is now a nationalized Canadian. He was arrested in Canada on Tuesday.

It's said the spies used the hacks to target journalists and dissidents, while the hired hackers would get the email data to carry out spam campaigns for financial gain.

The hackers also used sophisticated cookie forging attacks to obtain password-less access to user accounts. Yahoo later said that as many as many as 32 million accounts were affected.

The indictment alleges that the hackers were still using the information stolen in the 2014 intrusion as late as December 2016.

The charges are not related to alleged Russian hacks designed to influence the recent US election, officials said, but are part of a broader effort to respond to a growing international cyber-threat.

Yahoo reported its first hack in September. It blamed a "state actor" for the theft of a half-billion accounts, which, at the time, was considered the largest single breach of data to date. That was soon followed by a second announcement in December that a "likely distinct" attack resulted in the theft of one billion accounts.

The stolen data included names, email addresses, phone numbers, dates of birth, and encrypted passwords, said Yahoo.

Yahoo executives and Justice Dept. officials have not drawn a direct link between the cases.

But news of the breaches came during a sale to Verizon for $4.8 billion, a price written down by $350 million to keep the telecoms giant at the table.

The company's general counsel Ron Bell was fired over the incident. Yahoo chief executive Marissa Mayer, who did not take a cash bonus this year following the news of the breaches, will stand down from the company when the deal closes.

The deal, now valued at about $4.48 billion in cash, is expected to close in the second quarter.

Yahoo said in a statement that it the "indictment unequivocally shows the attacks on Yahoo were state-sponsored."

VIDEO: Hackers can steal your data just from a PC's blinking LED lights

Editorial standards