The U.S. Justice Department just charged two Russian intelligence officers and two criminal hackers with directing the criminal conspiracy that broke into 500 million Yahoo accounts in 2014. This is the first time the U.S government has charged Russian spies for cybernetic crimes.
The Justice Department indictment includes charges of conspiracy, computer fraud and abuse, theft of trade secrets, wire fraud, economic espionage, access device fraud and aggravated identity theft. Acting Assistant Attorney General Mary McCord announced the charges at a press conference, detailing the plan orchestrated by Russian officers from the Federal Security Service (FSB), a government institution that succeeded the KGB.
“The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI’s point of contact in Moscow on cyber crime matters, is beyond the pale,” said McCord.
Extradition is needed to indict the criminals
The Russian officers involved in the conspiracy were identified as Dmitry Dokuchaev and Igor Sushchin, who are currently in Russia. Dokuachev was arrested past December for treason, according to Interfax.
The hackers involved in the cybercrime were Alexsey Belan, an FBI most-wanted cyber criminal who was arrested back in 2013 in Europe but fled to Russia to avoid deportation, and Karim Baratov, a Kazakh that has Canadian citizenship. The Justice Department claimed that Baratov was arrested in Canada on Tuesday.
McCord said in the press conference that the FSB officers orchestrated the conspiracy to collect intelligence on U.S citizens, but the two hackers used the information to make money.
The Assistant Attorney also stated that they expect Russian authorities to cooperate bringing the criminals to justice, although it is uncertain because the United States does not have an extradition treaty with Russia. However, Russian news agencies reported that Washington hadn’t contacted Moscow over the charges, according to Reuters.
When the breach happened on September, Yahoo said that they believed the attack was state-sponsored, and on Wednesday after the indictment was made public, the company stated that it was unequivocally the case. Last December, Yahoo also announced that another breach occurred on 2013, but FBI officials said that it was unrelated to the 2014 attack, and it’s currently an ongoing investigation.
In the 2014 attack, over 30 million accounts were thoroughly hacked by Belan, who was able to use contact lists for campaign-related spam, as well as stealing financial information like credit card and gift card numbers, according to the indictment.
The indictment also said that Sushchin and Dokuchaev directed Baratov to hack specific targets who possessed email accounts with other service providers like Google, using the information hacked from the Yahoo accounts.
When the hacker succeeded, Dokuchaev would reward him financially. Interpol had issued a “red notice” on Belan since he was involved in campaign hacking, but the FSB recruited him nonetheless to help with cyber espionage, according to the indictment.
The charges have added buzz to the already-ongoing controversy of possible Russian hackings on the 2016 U.S presidential campaign to favor now elected President Donald Trump.