US charges Russian spies, hackers with massive Yahoo breach
US officials on Wednesday announced charges against two Russian spies and two hackers for allegedly conducting a mega data breach that affected 500 million Yahoo user accounts in 2014.
The indictments, the results of a two-year investigation by the FBI, marked the first time the US government filed criminal charges against Russian government officials for cybercrimes.
"We will not allow individuals, groups, nation states or a combination of them to compromise the privacy of our citizens, the economic interests of our companies or the security of our country," acting Assistant Attorney General Mary McCord said, according to the Associated Press.
The hacks allegedly targeted the email accounts of Russian and US officials, Russian journalists, and employees of financial services and other businesses, according to the officials.
The suspects include Dmitry Dokuchaev and his superior Igor Sushchin, two officers of Russia’s Federal Security Service, or FSB, which is a successor to the Soviet-era KGB.
Alexsey Belan, a computer engineer who is listed as one of the most wanted cybercriminals by the FBI, was also named in the indictment along with another hack-for-hire, Karim Baratov.
Though born in Kazakhstan, Mr. Baratov has Canadian citizenship and was taken into custody in Canada on Tuesday, the Justice Department said. His case is now pending with the Canadian authorities.
The four will face a total of 47-count charges, ranging from conspiracy, computer fraud, and abuse, to economic espionage and aggravated identity theft.
Yahoo acknowledged the 2014 data breach in September, saying it suspected the cybertheft was committed by “a state-sponsored actor,” The Christian Science Monitor reported at the time. With users’ personal data, including name, address, dates of birth, and security questions, stolen, the acknowledgement brought on fierce criticism of Yahoo’s security capabilities.
Three months later, the company disclosed another cyberattack that had taken place in August 2013, which comprised more than one billion user accounts and is the largest reported data breach in history. The announcement came as Yahoo reached a deal with Verizon to sell its core business for $4.83 billion and forced it to cut its price by $350 million.
Yahoo on Tuesday thanked law enforcement agencies for their work.
"We're committed to keeping our users and our platforms secure and will continue to engage with law enforcement to combat cybercrime," Chris Madsen, Yahoo's assistant general counsel and head of global security, said in a statement, according to the AP.
The announcement of the charges came shortly after the US officials said they continue to investigate Russian interference in the 2016 presidential election through hacking. Though intelligence agencies have said that the hacking of Democratic emails were carried out by Russia to help President Trump’s campaign, the latest charges are not related to the matter.
In response to Russian election hacking, former President Barack Obama kicked out 35 Russian officials in December as a way to sanction the Russian intelligence service and its top officials. The Justice Department has previously charged Russian hackers, as well as hackers believed to have been sponsored by the Chinese and Iranian governments.
According to Luke Dembosky, former deputy assistant attorney general for national security, such sanctions and criminal charges are part of larger efforts to punish and deter nation-state hackers.
“They have the effect of galvanizing other countries that are watching what’s happening,” he told the Washington Post on Wednesday. “They show that we have the resources and capabilities to identify the people at the keyboard, even in the most sophisticated cases.”
This report includes material from Reuters and the Associated Press.
