Two 'Russian spies' among four indicted in connection with 2014 cyber attack on Yahoo

Man arrested in Canada to face deportation to the US over hacks on internet company Yahoo

Russian spies have been accused of being behind the 2014 hack on tarnished dot-com Yahoo by the US Department of Justice.

Formal indictments will be brought against four men in connection with the cyber attack, including three Russia nationals and a Canadian Kazakh national, who has been arrested in Canada and who is therefore facing deportation to the US to face charges.

The men have been named by the Department of Justice as follows: Dmitry Aleksandrovich Dokuchaev; Igor Anatolyevich Sushchin; Alexsey Alexseyevich Belan; and, Karim Baratov, the Canadian and Kazakh national, resident in Canada.

Two of the accused men, Dmitry Dokuchaev and Igor Sushchin, are officers of the FSB, the successor organisation to the Soviet Union's KGB security service, claimed the Department of Justice.

"The defendants used unauthorised access to Yahoo's systems to steal information from about at least 500 million Yahoo accounts and then used some of that stolen information to obtain unauthorised access to the contents of accounts at Yahoo, Google and other webmail providers, including accounts of Russian journalists, US and Russian government officials, and private-sector employees of financial, transportation and other companies," according to the indictment.

In addition to espionage, one of the men also sought to use his access to the accounts to make some money on the side, the US Department of Justice claims, "by searching Yahoo user communications for credit card and gift card account numbers, redirecting a subset of Yahoo search engine web traffic so he could make commissions, and enabling the theft of the contacts of at least 30 million Yahoo accounts to facilitate a spam campaign".

The Department of Justice has accused Dokuchaev and Sushchin of protecting, directing, and facilitating "paid criminal hackers to collect information through computer intrusions in the US and elsewhere".

Latvian-born Alexsey Belan was known to US authorities, who claim that he has been behind a wave of cyber attacks, fraud and identify theft. He had been publicly indicted in September 2012 and arrested in Europe in June 2013.

However, he was able to escape to Russia before he could be extradited. On his return, claims the Department of Justice, he was put to work using his skills to crack Yahoo's network.

"In or around November and December 2014, Belan stole a copy of at least a portion of Yahoo's user database, a Yahoo trade secret that contained, among other data, subscriber information including users' names, recovery email accounts, phone numbers and certain information required to manually create, or 'mint', account authentication web browser cookies for more than 500 million Yahoo accounts," the Department of Justice claims.

It continues: "Belan also obtained unauthorised access on behalf of the FSB conspirators to Yahoo's Account Management Tool, which was a proprietary means by which Yahoo made and logged changes to user accounts.

"Belan, Dokuchaev and Sushchin then used the stolen UDB copy and AMT access to locate Yahoo email accounts of interest and to mint cookies for those accounts, enabling the co-conspirators to access at least 6,500 such accounts without authorisation."

In addition to the accounts of Russian journalists, officials and government officials in the US and elsewhere, the attackers also cracked accounts belonging to employees of a Russian investment bank, a French transport company, US financial services and private equity firms, a Swiss bitcoin wallet and a US airline.

The FSB officers also helped out Belan's money-making schemes on the side "by providing him with sensitive FSB law enforcement and intelligence information that would have helped him avoid detection by US and other law enforcement agencies outside Russia, including information regarding FSB investigations of computer hacking and FSB techniques for identifying criminal hackers".

The Kazakh-Canadian national Karim Baratov, meanwhile, was commissioned to gain access to the accounts of targets who used the email services of companies other than Yahoo, using information gleaned from the successful attacks on the company.

The Department of Justice claims that he gained access to more than 80 accounts. A warrant was put out for his arrest in Canada on 7 March.

Yahoo had tried to hush-up that attack, but when the full details became public in 2016, it disrupted the sale of Yahoo's assets to Verizon and, as a result, it was able to extract a $350m discount on the price it had initially agreed to pay at auction in July 2016.

This also meant a drastic cut in the pay-off due to Yahoo CEO Marissa Mayer after the deal had been concluded. She was expected to be given a ‘golden parachute' worth $55m but, instead, has had to make do with a pay-off of ‘only' $23m.