US charges four with masterminding 2014 Yahoo breach

16 Mar 2017

The US yesterday charged two Russian intelligence agents and two criminal hackers with masterminding the 2014 theft of 500 million Yahoo accounts, in the first instance of the US government pressing charges against Russian spies for cyber offenses.

According to computer security experts, the huge Yahoo security breach may be able to provide clues to other hacks, that might have been carried out at the instance of foreign governments.

That would include an FBI investigation into whether the Russian government hired hackers to interfere with the November election brought president Donald Trump into the Oval Office.

''This makes you more optimistic that they will get to the bottom of what has been going on,'' said Robert Cattanach, a former Department of Justice (DOJ) attorney now in private practi\ce, The Washing Post reported.

According to the DOJ, the Yahoo hack was carried out by two Russian intelligence agents, who hired a pair of hackers to carry out a heist that affected at least half a billion user accounts.

The four men ran a scheme that coupled intelligence gathering with financial greed, to hack the email accounts of Russian and US government officials, Russian journalists and employees of financial services and other private businesses.

In some cases they used a technique called ''spear-phishing'' to dupe Yahoo users into thinking they were receiving legitimate emails. Using the technique they were able to access at least 500 million accounts as they went about looking for personal information and financial data such as gift card and credit card numbers, prosecutors said.

"The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI's point of contact in Moscow on cyber crime matters, is beyond the pale,'' acting assistant attorney general Mary McCord said at a press conference announcing the charges.

The Russian Federal Security Service (FSB), is the successor to the KGB.

The charges announced yesterday are not related to the hacking of Democratic Party emails during the 2016 US presidential election. According to US intelligence agencies, the hacks were carried out by Russian spy services, including the FSB, to help the campaign of Republican candidate Donald Trump.

The FSB officers named in the indictment are Dmitry Dokuchaev and his superior, Igor Sushchin, who are both in Russia. According to the Russian news agency Interfax, Dokuchaev was arrested for treason in December.

The alleged criminals involved in the scheme are Alexsey Belan, who had been one of the FBI's most-wanted cyber criminals. Belan was arrested in Europe in June 2013 but escaped to Russia before he could be extradited to the US, according to the DOJ.

The indictment also named one Karim Batov, who was born in Kazakhstan but had Canadian citizenship.