Karim Baratov, a Canadian citizen who was born in Kazakhstan, who was arrested in Canada last March at the request of US prosecutors due to his alleged role in the 2014 Yahoo hack has pled not guilty.
He was charged with gaining illegal access to more than 80 Yahoo accounts in exchange for commissions.
He has pleaded not guilty to all charges in a California court including helping Russian agents orchestrate the 2014 cyber attack on Yahoo that compromised over 500 million Yahoo user accounts.
He was brought to the Bay Area late Tuesday in the custody of U.S. Marshals after he rejected an extradition hearing last Friday.
Earlier this year, an unsealed 47-count indictment accused three other Russian nationals alongside Karim of charges ranging from conspiracy, computer intrusion, and economic espionage for the Yahoo data breach in 2014.
The U.S government have described as an intelligence-gathering operation run by Russia’s Federal Security Service, also known as FSB.
According to court documents, Baratov and Alexsey Belan, a 29-year-old Russian hacker was contracted to make an illegal entry into Yahoo’s network by Dmitry Dokuchaev and his superior Igor Sushchin, two officers in Russia’s Federal Security Services (FSB).
Reports from the Authorities suggest that, although Baratov wasn’t directly involved in the hack, he played a role which included filling the gap when his FSB superiors encountered a target that used Gmail, or another provider, instead of Yahoo and used spear phishing attacks to acquire passwords to emails of 80 FSB targets which he later handed over to Russia.
Yahoo announced in the latter parts of 2016, that unidentified hackers had breached 500 million user accounts gaining unauthorized access to login credentials and any other information related to the accounts. This led to an indictment from the Department of Justice that charged hackers in relation to this crime with two other FSB charged in the second indictment.
A former FBI Cyber Division special agent, Milan Patel stated that the charges “illustrate the murky world of Russian Intel services using criminal hackers in a wide variety of ways.”
Alexsey Belan, one of the two hackers in the first indictment, apparently on the list of U.S. most wanted cyber criminals several years ago did slip away many times under the nose of the FBI.
According to reports, Belan from November to December 2014 allegedly obtained a copy of a portion of Yahoo’s user database illegally. This included very vital subscriber information such as usernames, recovery email accounts, phone numbers and other important details required to manually create account authentication web browser cookies for over 500 million Yahoo accounts.
He also somehow broke into Yahoo’s Account Management Tool, which happened to be the means by which the company made and logged changes to various user accounts.
Belan, together with the other two FSB officials, Dokuchaev and Sushchin then used the data they obtained illegally to locate Yahoo email accounts of interest, which enabled their other colluders to access at least 6,500 accounts also illegally.
This operation led to Belan gaining access to Yahoo email accounts of journalists and politicians held very high by the Russian government, by officials in Russia’s bordering countries members of the armed forces.
Baratov happens to be the only person among the four co-conspirators, apprehendeded so far in this case. He has been charged with conspiring to commit access device fraud, conspiring to commit computer fraud and abuse, conspiring to commit wire fraud and aggravated identity theft and is facing a possible 20 years in prison if convicted.
Belan and one of the FSB who allegedly was involved in the hack are however living in Russia without fear of any harm. Dmitry Dokuchaev, the fourth suspect, and the other FSB agent, however, has a lot more legal issues on his plate. He was arrested last December by his own agency and charged with treason. Details leading to this arrest remain unknown.
Baratov had been held without bail since his arrest after a Canadian judge ruled in April that he posed an “extremely high flight risk” due to his alleged connections to Russian intelligence agents and also his financial resources.
Brian Stretch, U.S. Attorney, however, in March made some comments on this case. “Silicon Valley’s computer infrastructure provides the means by which people around the world communicate with each other in their business and personal lives,” he said.
“The privacy and security of those communications must be governed by the rule of law, not by the whim of criminal hackers and those who employ them”.
“We will not tolerate unauthorized and illegal intrusions into the Silicon Valley computer infrastructure upon which both private citizens and the global economy rely,” he added.