The U.S. Department of Justice (DOJ) yesterday announced the indictment of two officers with Russia's FSB security agency in connection with the hacks of some 500 million Yahoo user accounts between 2014 and previous year.
Baratov, 22, a Canadian citizen born in Kazakhstan, is the only one of four people indicted for allegedly hacking Yahoo accounts for the Russian government who is likely to see trial.
McCord called the indictments a "major law enforcement action related to one of the largest data breaches in USA history". Yahoo's disclosure of the years-old cyber invasions and Its much-criticized slow retort forced it to accept a discount of $ 350 million in what had been to $ 4.83 billion to sell its main assets to Verizon Communications Inc. Another, Alexsey Belan, is on the list of the FBI's most wanted cyber criminals and has been indicted multiple times in the U.S. It's not clear whether he or the other two defendants, Dmitry Dokuchaev and Igor Sushchin, will ever step foot in an American courtroom since there's no extradition treaty with Russian Federation.
The United States does not have an extradition treaty with Russia, but McCord said she was hopeful Russian authorities would cooperate in bringing criminals to justice. As mentioned in the indictment, the federal grand jury announced the names Dmitry Dokuchaev and Igor Sushchin. Belan was arrested in Europe in June 2013 but fled to Russian Federation before he could be deported to the United States, according to the Justice Department.
Paul Abbate, an FBI executive assistant director, said the bureau had had only "limited cooperation with that element of the Russian government in the past", noting that prior US demands to turn over Belan had been ignored.
Whatever Dokuchaev and Sushchin's motives, they were obviously not paying the hackers Belan and Baratov enough because Belan was running a scam on the side taking a cut on sales of "erectile dysfunction drugs" and searching accounts for gift cards and credit card information.
Baratov was arrested by Toronto Police Service on Tuesday and appeared briefly in court Wednesday. "We are committed to keeping our users secure and will continue to engage with law enforcement to combat cyber crime", Chris Madsen, Yahoo's general counsel, said in a statement. "We appreciate the FBI's diligent investigative work and the DOJ's decisive action to bring to justice to those responsible for the crimes against Yahoo and its users".
One of the Yahoo-related defendants, a Canadian and Kazakh national named Karim Baratov, has been taken into custody in Canada. It was Baratov, however, who appeared to be the weak link that might have helped USA authorities to unravel the Yahoo case, Krebs said. Baratov's family is also asking for privacy, he said. "It would not be at all surprising if Baratov was the weakest link in this conspiracy chain".
It's also not clear whether the Russian hackers and spies involved in the Yahoo break-in were also involved in other recent hacking attacks, such as the leak of embarrassing emails from the Democratic National Committee during the 2016 election.
"Unfortunately, this is pretty typical even in large organizations with deep investments in security", he said. "Cyber criminals know how rare encryption protection is, and that's why attacks that leverage stolen or forged cryptographic controls are so successful".