A Canadian citizen has pleaded guilty to helping Russian intelligence officers in a Yahoo hack in 2014 that exposed up to 500 million accounts. The defendant, Karim Baratov, 22, is the only arrest that comes out of the Yahoo hack while the other three individuals facing charges live in Russia, which evidently has no interest in extraditing them to the United States.
Prosecutors have stated that two of the defendants are officers of Russia's spy agency, the FSB, while the other is known as the Russian hacker Alexsey Belan. They believe that FSB officials Dmitry Dokuchaev and Igor Sushchin led the attack and hired Baratov when their targets used email accounts outside the Yahoo system. The summary issued by the Northern District of California Attorney's Office details the scope of these charges:
According to his plea agreement, Baratov's role in the accused conspiracy was to hack webmail accounts of individuals of interest to the FSB and send those accounts & pbadwords to Dokuchaev in exchange for money. As alleged in the indictment, Dokuchaev, Sushchin and Belan jeopardized the Yahoo network and gained the ability to access Yahoo accounts. When they wanted to access individual webmail accounts at several other Internet service providers, such as Google and Yandex (based in Russia), Dokuchaev instructed Baratov to compromise such accounts.
According to his testimony, Baratov placed advertisements for his services on websites in Russian. Once hired, he obtained access to the accounts of his victims by arrogating them with false correspondences designed to appear as if they had been sent by the corresponding email server.
Baratov pleaded guilty to one count of conspiracy to violate the Computer Fraud and Abuse Law. and eight counts of aggravated identity theft.
Featured image: Justin Sullivan / Getty Images