Share Our Stories! - Click Here
By Charles R. Smith
|Huma Abedin used her Yahoo account to print classified Hillary emails...guess
who's got 'em now?
Justice Department charging Russian spies and criminal hackers for Yahoo intrusion
The Justice Department is set to announce Wednesday the indictments of two Russian spies and two criminal hackers for the heist of 500 million Yahoo user accounts in 2014, marking the first U.S. criminal cyber charges ever against Russian government officials.
The indictments target two members of the Russian intelligence agency FSB, and two hackers hired by the Russians.
The charges include hacking, wire fraud, trade secret theft and economic espionage, according to officials, who spoke on condition of anonymity because the charges have not yet been announced. The indictments are part of the largest ever hacking case brought by the United States.
Military, defense and security at home and abroad.
The charges are unrelated to the hacking of the Democratic National Committee and the FBI’s investigation into Russian interference in the 2016 election. But the move reflects the U.S. government’s increasing desire to hold to account foreign governments for malicious acts in cyberspace.
The FBI and Justice Department declined to comment.
The United States does not have an extradition treaty with Russia, but officials have said that taking steps such as charges and issuing sanctions can have a deterrent effect. Individuals also sometimes slip up and travel to a country that is able and willing to transfer them to the United States for prosecution.
Yahoo reported the 2014 hack last fall — in what was then considered the largest data breach in history. The firm later disclosed another intrusion affecting more than 1 billion user accounts in 2013, far surpassing the 2014 event. Officials have not determined whether there is a link between the two.
The twin hacks clouded the prospects for the sale of Yahoo’s core business to telecommunications giant Verizon. The deal is proceeding after Verizon negotiated the price down in the wake of the data breaches.
The compromised accounts may have affected more than just email. Breaking into a Yahoo account would give the hackers access to a user’s activity on Flickr, Tumblr, fantasy sports or any other number of connected Yahoo applications.
In the 2014 hack, the FSB sought the information for intelligence purposes, targeting journalists, dissidents and U.S. government officials, but allowed the criminal hackers to use the email cache for the officials’ and the hackers’ own financial gain, through spamming and other operations.
The charges “illustrate the murky world of Russian intel services using criminal hackers in a wide variety of ways,” said Milan Patel, a former FBI Cyber Division supervisory special agent is now a managing director at K2 Intelligence, a cyber firm.
Though FBI agents have long suspected that the Russians have used cyber mercenaries to do their work, this case is among the first in which evidence is offered to show that.
The indicted FSB officers are Dmitry Dokuchaev, and his superior, Igor Sushchin. Particularly galling to U.S. officials is that the men worked for the cyber investigative arm of the FSB — a rough equivalent of the FBI’s cyber division. That the agency that is supposed to probe computer intrusions in Russia is itself engaged in hacking is “pretty sad,” said one official.
Dokuchaev, whose hacker alias was “Forb,” was arrested in December in Moscow, according to the new agency Interfax, on charges of state treason for passing information to the CIA. He had reportedly agreed to work for the FSB — Russia’s Federal Security Service, and a successor to the KGB — to avoid prosecution for bank card fraud.
Belan, who is on the most-wanted cyber list, has been charged twice before in connection with intrusions into three major tech firms in Nevada and California in 2012 and 2013. He was in custody in Greece for a time, but made his way back to Russia, where he is being protected by the authorities, officials said.
The other hacker-for-hire is Karim Baratov, who was born in Kazakhstan but has Canadian citizenship. He was arrested in Canada on Tuesday.
The indictments grew out of a nearly two-year long investigation by the San Francisco FBI with the aid of international law enforcement, officials said. The use of sanctions and criminal charges are two tools that the Obama administration began to use to punish and deter nation state hackers.
“They have the effect of galvanizing other countries that are watching what’s happening,” said Luke Dembosky, a former deputy assistant attorney general for national security. “They show that we have the resources and capabilities to identify the people at the keyboard, even in the most sophisticated cases.”
Three years ago the United States brought charges against five Chinese military hackers for economic espionage, marking the first time cyber-related charges were levied against foreign government officials.
After the Chinese military hackers were indicted, officials said their activity seemed to dwindle. And the indictments, Dembosky said, helped wrest a pledge in 2015 from the Chinese to stop economic cyber espionage against U.S. firms.
In early 2015, the Obama administration imposed economic sanctions on North Korea for its cyber attack on Sony Pictures’ systems.
And in late December, the Obama administration levied economic sanctions on Moscow for its election-year meddling. At the same time, the government sanctioned two Russian criminal hackers with no apparent connection to the Kremlin’s interference campaign. They included Alexsey Belan, who is one of the four indicted in the Yahoo case.