By using this service and related content, you agree to the use of cookies for analytics, personalised content and ads.
You are using an older browser version. Please use a supported version for the best MSN experience.

Yahoo's massive hack blamed on Russian spies

CNET logo CNET 15/03/2017 Alfred Ng


Russian spies are accused of stealing information from more than 500 million Yahoo accounts.

The Yahoo hacking drama just swerved into James Bond territory.

The Justice Department on Wednesday said that it had charged four hackers responsible for the second-largest breach in history. Two of the hackers were Russian spies under the Federal Security Service -- the country's equivalent of the FBI in US -- while the other two were identified as hired criminals.

Russian spies are accused of stealing more than 500 million Yahoo accounts to gather information, and handing it off to cyber criminals for profits. © Provided by CNET Russian spies are accused of stealing more than 500 million Yahoo accounts to gather information, and handing it off to cyber criminals for profits. The spies wanted dirt on politicians, while the hackers for hire scavenged through the spoils for profits. The four were charged with wire fraud, trade secret theft and economic espionage charges.

Karim Baratov, one of the hackers based in Canada, was arrested on Tuesday, while the other three Russian hackers could be protected from a complicated extradition process.

"The involvement and direction of FSB officers with law-enforcement responsibilities makes this conduct that much more egregious," said Mary McCord, the acting assistant attorney general during a press conference on Wednesday. "There are no free passes for foreign state sponsored criminal behavior."


The indictments offer a tiny measure of closure for Yahoo, which has wrestled with the revelation of mounting security breaches over the last several months. When Yahoo disclosed the 2014 hack in September, it was deemed the worst cyberattack ever. But three months later, the company outdid itself by disclosing a separate incident from 2013 that left 1 billion -- yes, billion -- accounts exposed.

The news is also the latest incident involving Russia hackers, who are also believed to be responsible for influencing the presidential election last year by accessing emails from the Democratic National Committee, Democratic presidential nominee Hillary Clinton and her campaign manager, John Podesta. It was enough that President Barack Obama leveled sweeping sanctions against the country for its cyberattacks.

The two-year investigation from the FBI's San Francisco branch found Russian spies Dmitry Dokuchaev and Igor Sushchinof helping to break into Yahoo to steal information from US government officials, Russian dissidents and journalists.

The Russian spies allegedly left Baratov and hacker-for-hire Aleksey Belan the spoils, letting the two cybercriminals use the emails for profit. The Yahoo breach is the largest hacking case ever handled by the US government.

Belan is already one of the FBI's most wanted cyber criminals, with the agency offering a $100,000 reward for his arrest. The FBI accused Belan of hacking into three major e-commerce companies between 2012 and 2013, where he allegedly stole millions of accounts and sold the information. He was also sanctioned by the Obama administration in relations to Russian hackers meddling with the 2016 election.

"Belan used his access to Yahoo to search for and steal financial information such as gift cards and credit card numbers from user's email accounts," McCord said.

A toolbox of techniques

The four hackers used "a variety of techniques" to amass its stash of hacked accounts, FBI assistant director Paul Abbate said. It included spear phishing, registering thousands of fake emails to fool users, and downloading malware on Yahoo's network.

Yahoo described the 2014 breach as a "state-sponsored" attack, but did not specify from what country. While financial data and clear text passwords were safe, names, email address, phone numbers, birth dates, encrypted passwords, and in some cases, security questions and answers, were stolen in the breach.

"The indictment unequivocally shows the attacks on Yahoo were state-sponsored," Chris Madsen, Yahoo's head of security and safety said in a blog post. "We are deeply grateful to the FBI for investigating these crimes and teh DOJ for bringing charges against those responsible."

Yahoo told lawmakers in a letter on February 23 that the company was working with US and foreign governments to help find the hackers responsible for the 2014 attack. The company also hired forensic firms Stroz Friedberg and Mandiant to investigate both breaches.

The controversy surrounding Yahoo's hacks also cost the company $350 million in its sale to Verizon. The telecommunications giant had plans to buy Yahoo's core internet business -- like Yahoo Mail or Yahoo Finance -- for $4.83 billion, but dropped the price to $4.48 billion in February.

Verizon did not respond to requests for comments.

As part of the reorganized deal, Verizon agreed to share the legal and regulatory burdens from the hacks, but Yahoo will have to handle any shareholder lawsuits on its own. Yahoo will also pay half for any non-Securities and Exchange Commission investigations and lawsuits related to the hacks.

The company is currently under investigation by the SEC for taking too long to report its 2013 and 2014 hacks to investors.


More from CNET

image beaconimage beaconimage beacon