US indicts Russian FSB officers over 2014 Yahoo hack
Two officers from the Russian Federal Security Service (FSB) and two Russian hackers are being charged over a mega data breach at Yahoo, the Justice Department has announced, stressing that the charges do not allege Russian involvement in the DNC hacks.
A grand jury in California charged the four defendants with computer hacking, economic espionage, and other criminal offenses.
The department has accused the four defendants of illegally accessing information about millions of subscribers from Yahoo, Google, and other webmail providers.
"Dmitry Dokuchaev and Igor Sushchin, both FSB officers, protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the United States and elsewhere," Mary McCord, the acting assistant attorney general, said during a press conference.
McCord said the indictment alleges the two Russian FSB agents were acting on behalf of their agency.
"There are no free passes for foreign state-sponsored criminal behavior," McCord said.
The indictments represent the first time the US has brought criminal charges against Russian officials for cyber offenses.
She went on to accuse the FSB agents of working "with co-conspirators Aleksey Belan and Karim Baratov to hack into computers of American companies providing email and internet-related services, to maintain unauthorized access to those computers and to steal information, including information about individual users and the private contents of their accounts.”
The Justice Department alleged that Belan's "notorious criminal conduct and a pending Interpol Red Notice" did not result in him being detained by FSB officers Dokuchaev and Sushchin.
"Instead of detaining him, [they] used him to break into Yahoo's networks," the department alleged.
The Department went on to accuse Belan, who is on the FBI's list of most-wanted cyber criminals, of using his relationship with the FSB agents and access to "line his own pockets with money."
Belan has been previously indicted twice in the US, for three intrusions into e-commerce companies. He has been one of the FBI's most-wanted cyber criminals for more than three years.
The 2014 breach affected some 500 million Yahoo users, along with at least 18 users of other service providers, including Google.
Yahoo announced the breach in September 2016, stating at the time that it was working with law enforcement authorities and believed the attack was state-sponsored.
The department said the operation began at least as early as 2014, adding that conspirators lost access in September 2016. They continued to use information until December.
Meanwhile, McCord said the Wednesday indictment does not allege any connection between the Yahoo hacking and the hacking of the Democratic National Committee (DNC) last year.
Previously, the US government accused Russia of hacking the Democratic Party’s computer networks, alleging that Moscow was attempting to “interfere” with the 2016 presidential election – an allegation which the Kremlin has vehemently denied as untrue and baseless.
The hack resulted in a leak which consisted of 19,252 emails and 8,034 attachments from the DNC. It was published by WikiLeaks in July 2016.
Among other revelations, the leak included emails which suggested the Democratic National Committee (DNC) was actively trying to undermine Bernie Sanders’ campaign for president, in favor of Hillary Clinton.
Despite Washington’s allegations that Russia was behind the hack, no hard evidence has linked the leaks to Russia.
Earlier this year, several reports in the Russian media citing sources said that Dokuchaev — who apparently worked for FSB, along with other accomplices linked to a Russian hackers group — were arrested on suspicion of high treason in December 2016. However, these reports haven’t been confirmed by government officials.
Dokuchaev reportedly used to work at the FSB’s Data Security Center dealing with cyber crimes.
According to RBC, he was allegedly forced to cooperate with the agency after he had been nabbed on credit card fraud in 2005 and could have faced criminal prosecution and a prison sentence.
Novaya Gazeta reported that Dokuchaev also used to be a columnist for the Russian magazine “Khaker” (Hacker) with ex-editor-in-chief Sergey Pokrovsky describing him “an expert on data security.”
Novaya Gazeta also links Dokuchaev to the activities of Shaltai-Boltai (Humpty Dumpty), a group known for hacking the mobile devices and emails of Russian officials and business personalities and then selling the information abroad. The group leaked correspondence of Russian Prime Minister Dmitry Medvedev, editor-in-chief of the Russian Life TV channel, and Timur Prokopenko, deputy head of Internal Affairs Administration in the Russian Presidency.
Former CIA intelligence analyst Ron Aledo believes the situation has the signs of a “double agent operation” that went wrong, given that one person is being charged by both the Russian and US governments.
“That person that worked for the FSB and was arrested by the Russian government on high treason charges, and now is also charged by the US government for hacking into the US corporation – has looks, the appearance of being a double agent,” Aledo told RT. “I’m not saying that it is, but it has the appearance of being a double agent operation that went bad.”
Despite the Justice Department explicitly denying any connection of the DNC hack to the latest indictment, Aledo believed the greater part of the American press which is “left-wing and very sympathetic to the Democratic party” will be pushing this narrative.
“They are going to tell the American people: ‘You see? The Russians are hacking us! This is the evidence – they hacked American company, so they obviously… are connected. You see, Obama was right!’” Aledo said.