The US claims that Russian agents were behind the Yahoo hack

6th January, 2022.      //   Crime  // 

Marissa Mayer, Yahoo’s chief executive, lost her 2016 bonus and 2017 stock compensation after an investigation into a security breach of user accounts.

SAN FRANCISCO — On Wednesday, the Justice Department charged two Russian intelligence agents with leading a massive criminal conspiracy in 2014 that stole data from 500 million Yahoo accounts, increasing the cybersecurity divide between the US and Russia. According to an indictment, the Russian government used the information obtained by the intelligence officers and two other men to spy on a variety of targets, including White House and military officials, bank executives, two American cloud computing companies, an airline, and even a Nevada gambling regulator. The stolen data was also used to spy on Russian government leaders and corporate executives, federal prosecutors alleged.

Russians have been accused of numerous cyberattacks on the United States — most notably the theft of emails last year from the Democratic National Committee. According to the Justice Department, the Yahoo case is the first time US prosecutors have pursued cybercrime charges against Russian intelligence officials. Particularly galling to American investigators was that the two Russian intelligence agents they say directed the scheme, Dmitry Aleksandrovich Dokuchaev and Igor Anatolyevich Sushchin, worked for an arm of Russia’s Federal Security Service, or F.S.B., that is supposed to help foreign intelligence agencies catch cybercriminals. Instead, the officials helped the hackers avoid detection.

“The involvement and direction of F.S.B. officers with law enforcement responsibilities makes this conduct that much more egregious,” said Mary B. McCord, the acting assistant attorney general, at a news conference in Washington to announce the charges.

The two other men named in the indictment include a Russian hacker already indicted in connection with three other computer network intrusions and a Kazakh national living in Canada. One of the hackers also conducted an extensive spamming operation, stole credit and gift card information, and diverted Yahoo users looking for erectile dysfunction drugs to a particular pharmacy.

Nikolay Lakhonin, a spokesman for the Russian embassy in Washington, said that Moscow had no “official reaction” to the indictments. But Mr. Lakhonin did point a reporter to two articles posted Wednesday in the Russian-sponsored Sputnik News that were openly skeptical of the charges. One was headlined “Yahoo Hack: What US Mainstream Media Don’t Tell You About Russian ‘Spy.’”

Indeed, one of the two Russian intelligence agents indicted in the Yahoo case, Mr. Dokuchaev, was arrested in early December in what amounted to a purge of the Center for Information Security, the cyberwing of the F.S.B. Mr. Dokuchaev, who was reportedly a former hacker recruited to work in the F.S.B. at least seven years ago, and a fellow officer were accused of treason for passing secret information to the United States. United States officials said Wednesday that they were not certain if the Dmitry Dokuchaev arrested in December was the same man as the one named in the indictment.

The Justice Department’s 47-count indictment, which was filed under seal in Federal District Court in San Francisco on Feb. 28, immediately threatened to escalate diplomatic tensions over Russia’s meddling in the November election.

“The indictments are intended to be a clear, public signal of what we will not accept,” said James A. Lewis, a cybersecurity expert at the Center for Strategic Studies, a research organization in Washington. “If you’re one of these people, you can’t leave Russia. You know you’ve been caught. There is an Interpol warrant out for your arrest.”

Karim Baratov is the only one of the accused hackers who has been arrested in connection with the case. He was captured by the authorities in Canada on Tuesday. The chances of the United States taking the other three into custody any time soon appear slim, especially because the United States has no extradition treaty with Russia.

The fourth person involved in the scheme, a Russian named Alexsey Belan, had been indicted twice before for three intrusions into American e-commerce companies. At one point, he was arrested in Europe, but he escaped to Russia before he could be extradited. Prosecutors said they had repeatedly asked the Russian government to hand over Mr. Belan but had gotten no response.

Nonetheless, officials said that they believe criminal charges serve as a powerful tool to deter cyberattacks. For example, they said, China’s hacking against United States targets decreased after charges were brought against five military officials there in 2014 over damaging attacks against government and private-sector systems. The action on Wednesday was the latest in a series of criminal prosecutions that American officials have brought since 2014 against cyberattackers who they charge were acting on behalf of foreign governments, including China, North Korea, and Iran.

Yahoo disclosed the theft of its data in September and said it was working with the law enforcement authorities to trace the perpetrators. The hackers were able to use the stolen information, which included personal data as well as encrypted passwords, to create a tool that gave them access to 32 million accounts over a period of two years.

In a statement on Wednesday, Yahoo thanked the F.B.I. and the Justice Department for their work.

Jack Bennett, the special agent in charge of the F.B.I.’s San Francisco office, said that his investigators had worked on the case for two years, although the inquiry intensified last year. It remains unclear why Yahoo users were not informed about the hack during that time. An internal investigation by the company’s board found that some senior executives and information security personnel were aware of the breach shortly after it occurred but “failed to properly comprehend or investigate” the situation. Two weeks ago, the company’s top lawyer, Ronald S. Bell, resigned over the episode, and its chief executive, Marissa Mayer, lost her 2016 bonus and 2017 stock compensation.

Mr. Bennett said the F.B.I. was still investigating a separate, larger breach of one billion Yahoo accounts that occurred in 2013 but was disclosed by the company only three months ago. Yahoo has said it has not been able to glean much information about that attack, which was uncovered by InfoArmor, an Arizona security firm.

The two thefts, the largest known breaches of a private company’s computer systems, had threatened to scuttle a deal that Yahoo struck last summer to sell its internet businesses to Verizon Communications. Verizon sought to shave $925 million from the original $4.8 billion deal following news of the attacks, but last month, the two companies finally agreed to a $350 million price reduction.

Ms. McCord and other officials would not discuss any connection between the charges in the Yahoo case and an ongoing investigation into Russia’s meddling in the November election and a large-scale hack at the Democratic National Committee. Some investigators believe that the F.S.B. orchestrated the D.N.C. hack to help President Trump win the election.

Democrats were quick to link the attacks. Senator Dianne Feinstein of California, the top Democrat on the Intelligence Committee, said that with Russia blamed in the cyberattacks involving both Yahoo and the presidential election, “the United States must take steps not only to bring those responsible to justice but also ensure future attacks are not allowed to occur in the first place.”

The main purpose of the Yahoo hack was to gather political and economic intelligence, officials said. The hackers stole a database of 500 million Yahoo users and other Yahoo software code which they used to falsify cookies, a technique that gave them full access to millions of Yahoo accounts without needing the passwords.

They found accounts of interest by searching non-Yahoo, recovery email addresses that users provided, allowing them to target employees of specific companies or organizations for other attacks. At least 50 Gmail accounts were targeted, as were accounts at financial firms and other technology providers.

Mr. Belan, one of the F.B.I.’s most-wanted cybercriminals, was also making money on the side as part of the scheme, officials said. He used information from the Yahoo accounts to steal credit and gift card numbers, send spam and redirect searches for erectile dysfunction treatments to an online pharmacy that paid for the traffic, according to the indictment.

  • Linkedin

  • Pinterest

  • Youtube