United States charges two Russian spies over Yahoo hack

Posted March 18, 2017

Along with Dokuchaev, at least three other men reportedly were arrested in the treason case, including Col. Sergei Mikhailov, the deputy head of the FSB's Information Security Center.

Yahoo reported the 2014 hack last fall - in what was then considered the largest data breach in history. Dokuchaev and Sushchin were said to be Russian intelligence agents who allegedly masterminded and directed the hacking, the justice department said.

Hackers got their initial access to Yahoo's network around early 2014, although it's not clear exactly how. The source added that "the absence of specifics in this case suggests this is the latest twist in the use of the subject of Russian hackers in the internal political struggle in the U.S". It seems the hackers were targeting certain individuals.

"We are certainly seeing more and more use by nation states of criminal hackers", said Mary B. McCord, acting assistant attorney general for national security.

The FSB officers "protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the USA and elsewhere", the department said in a statement announcing the indictments.

Milan Patel, a former Federal Bureau of Investigation cyber agent and now managing director for cyber defense at K2 Intelligence, said the intermingling of espionage and cyber crime in Russian Federation had led the United States and its allies to be far more wary about alerting Moscow to criminal hackers.

"The indictment unequivocally shows the attacks on Yahoo were state-sponsored", said Chris Madsen, an assistant general counsel for security and law enforcement at Yahoo.

Three Fast Facts About McDonald's Controversial Tweet Against US President Donald Trump
Trump's list of online enemies keeps on growing, with his latest potential foe being popular, fast-food chain McDonald's . It's unclear who sent the tweet, but McDonalds did issue a statement saying its Twitter account had been compromised .

The database contained names, phone numbers, password challenge questions and answers and, crucially, password recovery emails and a cryptographic value unique to each account.

The case further blurs the lines between the Russian government and cybercriminals.

And one of the outside hackers, a Russian named Alexsey Belan, had been indicted twice before for three intrusions into American e-commerce companies and had been arrested in Europe, but he escaped to Russia before he could be extradited.

Belan, 29, has been indicted twice in USA cases involving the hacking of e-commerce companies, and is listed as one of the FBI's "Cyber Most Wanted criminals".

"Our job was to locate and arrest one of the people", police spokesman Mark Pugash said.

Besides orchestrating the breach, the indictment alleged that Yahoo accounts accessed without authorisation were used to launch a spam campaign. Belan allegedly targeted anyone searching for erectile dysfunction medication.

"The defendants targeted Yahoo accounts of US and Russian government officials, including cybersecurity, diplomatic and military personnel", says Acting Assistant Attorney General for National Security, Mary McCord. He was paid $100 for each successfully hacked account, the indictment says.

La Liga results: Real Madrid go 1st after Deportivo stun Barcelona
LUIS SUAREZ'S incredible run of winning when he finds the back of the net ground to a resounding halt on Sunday... after 72 games. In fact, in the 72 games Suarez has scored in for Barca, the Catalan giants won 67 times, drawing five. losing none.

Soldatov pointed to the Russian military operations in Ukraine that used local proxies and private contractors, describing it as a tactic helpful to Kremlin officials "because it allows them to deny responsibility". That's because no one expects the Kremlin to play along with the USA indictment.

The four men together face 47 criminal charges, including conspiracy, computer fraud, economic espionage, theft of trade secrets, and aggravated identity theft, the Justice Department said in a news release. "State actors may be using common criminals to access the data they want, but the indictment shows that our companies do not have to stand alone against this threat".

We do not have an extradition treaty with Russian Federation.

Justice Department attorneys called this a highly complex, long-term investigation that relied heavily on cooperation between the federal government and the private sector, especially Yahoo and Google.

Yahoo declined to comment beyond a statement thanking law enforcement for its efforts.

"It is very important for corporations around the country to know that when you are going against the resources and backing of a nation state, it is not a fair fight, and it is not a fight you are likely to win alone", McCord said.

The company has provided a knowledgebase article containing security recommendations on how users can better protect their accounts. He is accused of directing the Yahoo hack along with his superior, the 43-year-old Sushchin.

Leicester match 'a historic opportunity for everyone' at Sevilla - Sampaoli
Leicester vice-chairman Aiyawatt Srivaddhanaprabha said: 'We knew the team would be in good hands when we asked him to take charge.

It lists a diverse group of hacking victims in the US including the White House and its military and diplomatic corps.