The Justice Department has announced charges against four people, including two Russian security officials, over cybercrimes linked to a massive hack of millions of Yahoo user accounts.
Two of the defendants — Dmitry Dokuchaev and his superior, Igor Sushchin — are officers of the Russian Federal Security Service, or FSB. According to court documents, they hired two criminal hackers, Alexsey Belan and Karim Baratov, to access information that has intelligence value. Belan also allegedly used the information obtained for his personal financial gain.
“The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI’s point of contact in Moscow on cybercrime matters, is beyond the pale,” Acting Assistant Attorney General Mary McCord said.
Yesterday, Baratov was arrested in Canada. NPR’s Greg Myre reports that the U.S. plans to seek his extradition, and that three other defendants are in Russia, which has no extradition treaty with the U.S.
The massive hack against at least 500 million Yahoo user accounts happened in 2014. The company publicly acknowledged the breach last September, saying at the time that a “state-sponsored actor” may have been responsible, without naming any foreign government. This prompted an investigation by U.S. authorities.
Months later, Yahoo revealed an even larger hacking incident impacting more than 1 billion accounts that occurred in 2013, as we reported. It’s not clear whether the two breaches are related. The company has also indicated in regulatory filings that forged cookies might have been used to access user accounts.
Today’s charges are also distinct from the U.S. intelligence community’s conclusion that Russia launched an “influence campaign” in order to help President Trump win the election.
Federal officials have also recently charged individuals from China and Iran over hacking allegations.
As NPR’s Carrie Johnson reported, in 2014 the Department of Justice “charged five uniformed members of Unit 61398 of the People’s Liberation Army of China with stealing secrets from American business competitors.”
Last year, federal officials indicted seven hackers with links to the Iranian government for cyberattacks. “Court papers said the intruders attacked the web sites of dozens of major U.S. banks and breached controls at a dam in Rye, N.Y., raising alarms about safeguards in American infrastructure,” Carrie wrote.