On March 15, 2017, the Department of Justice announced an indictment that charged hackers in connection with the 2014 Yahoo breach. In late 2016, Yahoo announced that unidentified hackers breached 500 million user accounts. With the accounts, the hackers stole login credentials and any information that came with them. Along with the first indictment, the DoJ charged two FSB agents in a second indictment – also allegedly connected to the Yahoo breach.
Milan Patel, a former FBI Cyber Division special agent said the charges “illustrate the murky world of Russian intel services using criminal hackers in a wide variety of ways.” the two FSB agents, according to the DoJ, sought data from the Yahoo breach for intelligence purposes.
One of the two hackers in the first indictment, Alexsey Belan, landed on the U.S.’s most-wanted cyber criminal list several years ago. He slipped through the FBI’s fingers several times.
The other man charged in the first indictment—the hacking indictment—held a Canadian citizenship. Canadian authorities arrested Karim Baratov, alleged “hacker-for-hire,” on March 14—a day before the indictment.
U.S. authorities claimed that both men worked as “hackers-for-hire.” The Russian connection, according to the DoJ, landed in the list of contractors that hired the hackers. DoJ officials announced that Russia hired both hackers, potentially more than once. Alexsey Belan, a Russian citizen, avoided incarceration several times, according to the FBI themselves. They stated that between January 2014–December 2016, Alexsey Belan conspired with FSB officers, including both in the second indictment—Dmitry Aleksandrovich Dokuchaev, Igor Anatolyevich Sushchin.
Alexsey Belan, the FBI wrote, worked with the FSB to “gain unauthorized access to the computer networks of and user accounts hosted at major companies providing worldwide webmail and internet-related services.” On February 28, 2017, a United States District Court in the Northern District of California issue an arrest warrant for Belan. The indictment charged him for conspiracy to commit computer fraud and abuse; unauthorized computer access for financial gain; causing computer damage by hacking; economic espionage; theft of trade secrets; access device fraud; and wire fraud.
And in 2012–2013, a United States District Court in Nevada indicted Belan after a hacker breached the network of a Nevada-based company. The indictment accused him of data theft from a locked computer; “possession of fifteen or more unauthorized access devices;” and aggravated identity theft. In the same period, the Northern District of California District Court charged him with similar crimes after he allegedly hacked a California company. Their indictment charged him with two counts of computer fraud and two counts of aggravated identity theft.
“The FSB officer defendants, Dmitry Dokuchaev and Igor Sushchin, protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the U.S. and elsewhere,” the DoJ announced. “In the present case, they worked with co-defendants Alexsey Belan and Karim Baratov to obtain access to the email accounts of thousands of individuals.”
Additionally, in December 2016, former President Obama imposed economic sanctions on Russia for suspected election hacking. The government imposed sanctions on two Russian hackers—Belan’s name landed on the sanction list. Obama never mentioned a connection between Belan and the Yahoo hacks.
The FSB officers indicted by the DoJ, Dmitry Dokuchaev and Igor Sushchin, enabled both hackers in connection with the Yahoo hack. Authorities in Moscow arrested Dokuchaev in December. He passed information to the CIA, U.S., authorities claimed. Sushchin worked above Dokuchaev and enabled his actions, according to the indictment.
According to the documentation:
“Instead of acting on the U.S. government’s Red Notice and detaining Belan after his return, Dokuchaev and Sushchin subsequently used him to gain unauthorized access to Yahoo’s network. In or around November and December 2014, Belan stole a copy of at least a portion of Yahoo’s User Database (UDB), a Yahoo trade secret that contained, among other data, subscriber information including users’ names, recovery email accounts, phone numbers and certain information required to manually create, or “mint,” account authentication web browser “cookies” for more than 500 million Yahoo accounts.”
Authorities in Russia arrested both FSB officers for unrelated crimes and Canadian authorities arrested Karim Baratov. Greece captured Alexsey Belan momentarily but gave him to Russia. Or, according to the US, Russia took the hacker from Greece and placed him under Russian protection.