Justice Department Says Russian Spies Led 2014 Yahoo Hack

Russians indicted in Yahoo hack
Associated Press

UPDATED with Marissa Meyer statement: The Justice Department today indicted two Russian spies, along with two criminal hackers, for attacking the accounts of 500 million Yahoo users in 2014.

The spies are officers of FSB, a successor organization to Russia’s KGB. They “protected, directed, facilitated and paid criminal hackers” to break into Yahoo’s servers and “steal information including information about individual users and private contents of their accounts,” said Mary McCord, Acting Assistant Attorney General.

She identified Dmitry Dokuchaev, 33, and Igor Sushchin, 43, as the FSB agents under indictment. The charges also hit a Russian national, Alexsey Alexseyevich Belan, 29, and a Canadian resident, Karim Baratov, 22, who’s also a Kazakh national.

Baratov was arrested in Canada on Tuesday, and “the matter is now pending with the Canadian authorities,” DOJ said.

The conspirators allegedly targeted Yahoo accounts of Russian and U.S. government officials, as well as Russian journalists. They also got employees of a Russian investment banking firm, a French transportation company, U.S. financial services and private-equity firms, a Swiss bitcoin wallet and banking firm and a U.S. airline.

Belan made the FBI’s Cyber Most Wanted criminals list in November 2013. Five months before then, he was arrested in a European country, DOJ said, but “he was able to escape to Russia before he could be extradited.”

Dokuchaev and Sushchin recruited him to hack into Yahoo’s network, officials said. He obtained “at least a portion” of Yahoo’s user database that included users’ names, recovery email accounts, phone numbers and other information needed to create account authentication web browser “cookies.”

Belan also stole gift card and credit card numbers and used 30 million accounts to “facilitate a spam campaign” and “earn commissions from fraudulently redirecting a subset of Yahoo’s search engine traffic,” the Justice Department says.


The hacks began in 2014, but the conspirators lost their access to Yahoo in September 2016. Still, they were able to use the information they had amassed until December.

Dokuchaev and Sushchin persuaded Baratov to hack into user accounts at Google and “other Providers (but not Yahoo),” the Justice Department said. They paid him for the account passwords.

“Cybercrime poses a significant threat to our nation’s security and prosperity, and this is one of the largest data breaches in history,” Attorney General Jeff Sessions said. The government “will vigorously investigate and prosecute the people behind such attacks to the fullest extent of the law.”

Last month, Yahoo agreed to cut the sale price of its assets to Verizon by $350 million, to $4.48 billion, to account for potential liabilities from the 2014 hack as well as another in 2013 that affected more than 1 billion accounts.

Yahoo CEO Marissa Mayer tweeted her gratitude this morning:

This article was printed from https://deadline.com/2017/03/justice-department-russian-spies-led-2014-yahoo-hack-1202043784/