Yahoo was right; it was nation-state backed attackers from Russia who perpetrated a breach of 500 million Yahoo users in 2014. The U.S. Department of Justice announced on March 15 that a grand jury in the Northern District of California has formally indicted four defendants, including three Russian nationals and one resident of Canada.
“The indictment unequivocally shows the attacks on Yahoo were state-sponsored,” Chris Madsen, assistant general counsel and head of Global Law Enforcement, Security & Safety at Yahoo, wrote in a statement. “We appreciate the FBI’s diligent investigative work and the DOJ’s decisive action to bring to justice those responsible for the crimes against Yahoo and its users.”
Yahoo first publicly disclosed that it was the victim of a 2014 breach in September 2016. At the time of the initial disclosure, Yahoo emphasized that the attack was state-sponsored.
Two of the charged defendants, Dmitry Dokuchaev and Igor Sushchin, are officers in Russia’s state intelligence agency known as the Federal Security Service (FSB). According to the indictment, Dokuchaev and Sushchin protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the United States and elsewhere.
“The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI’s point of contact in Moscow on cybercrime matters, is beyond the pale,” Acting Assistant Attorney General Mary McCord, said in a statement. “Once again, the Department and the FBI have demonstrated that hackers around the world can and will be exposed and held accountable. State actors may be using common criminals to access the data they want, but the indictment shows that our companies do not have to stand alone against this threat.”
The two Russian FSB agents worked with co-defendants Alexsey Belan and Karim Baratov to obtain access to the email accounts of thousands of individuals, according to the DOJ indictment. Belan allegedly was able to gain access to Yahoo’s Account Management Tool (AMT), which is a proprietary tool used by Yahoo to make changes to user accounts. Belan was also able to get access to a portion of the Yahoo User Database (UDB) that contained information on 500 million user accounts.
The DOJ indictment alleges that the FSB officers helped enable Belan’s activities by providing him with law enforcement and intelligence information to help avoid detection by U.S. and other law enforcement agencies.
In total, the indictment lists 47 counts for charges, including conspiracy to commit computer fraud and abuse, economic espionage, theft of trade secrets, wire fraud and aggravated identity theft. According to the indictment, the illegal activities of the defendants against Yahoo started no later than January 2014 and continued until December 2016.
Baratov was arrested by Canadian officials on March 14, while Dokuchaev is being held by Russian officials in connection to a treason charge for allegedly passing secrets to the CIA. The other two defendants are currently at large.
“Today we continue to pierce the veil of anonymity surrounding cyber crimes,” FBI Director James Comey said in a statement. “We are shrinking the world to ensure that cyber criminals think twice before targeting U.S. persons and interests.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.