2 min read

Jail for the man who helped Russia hack Yahoo's email accounts

Graham CLULEY

May 30, 2018

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Jail for the man who helped Russia hack Yahoo's email accounts

Remember when Yahoo seemed to have been beset by hack after hack after hack?

In September 2016, Yahoo revealed that the personal data of over 500 million users had been stolen by hackers in 2014.

As if that wasn’t bad enough, three months later the firm revealed that an even larger hack had occurred – a massive security breach had seen hackers access data belonging to up to billions of Yahoo user accounts.

That mega-hack took place in August 2013, with the attackers creating forged cookies that could permit access to users” accounts without needing any passwords whatsoever. But Yahoo didn’t go public about the breach until December 2016, advising users to be cautious of unsolicited communications and to ensure that they were not using the same passwords and security questions/answers on any other online accounts.

The timing for the company couldn’t have been worse, as it was in the process of trying to sell itself to Verizon.

But it was hard to feel too sorry for Yahoo, as it was revealed that some of its staff had known since 2014 that its systems had been compromised by what it believed to be a “state-sponsored attacker”.

And it’s also hard to feel too much sympathy for Dmitry Aleksandrovich Dokuchaev and Igor Anatolyevich Sushchin, both officers in Russia’s FSB, who the FBI believes directed and paid the hackers involved in the 500 million user account heist.

Nor does my heart cry out for another Russian, Alexsey Alexseyevich Belan (also known as “Magg”), who the US Department of Justice claimed had gained access to the Yahoo User Database (UDB) and details of how to create account authentication web browser cookies.

According to US authorities, the fourth member of the gang was Karim Baratov, a resident of Canada who was extradited to the United States, and pleaded guilty to conspiracy to commit computer fraud and identity theft.

According to prosecutors, Baratov was paid by FSB officer Dokuchaev to hack into at least 80 webmail accounts, including at least 50 belonging to Google users. Baratov had been compromising webmail accounts, charging customers $100 per hack, since he was a teenager. Specifically, Kazakhstan-born Baratov advertised his services to Russian language speakers across the globe.

In all, Baratov is believed to have made more than US $1.1 million through his hacks, using his illegal income to purchase a house and expensive cars such as a Lamborghini, Porsche, Aston Martin, Mercedes, and BMW.

This week Baratov has been sentenced to five years in prison, avoiding the 94-month sentence that prosecutors asked for because US district judge Vince Chhabria accepted that Baratov had not been one of the gang’s ringleaders.

“The last 14 months have been a very humbling and eye-opening experience,” Baratov told the court. “There is no excuse for my action…all I can do is promise to be a better man.”

And as for Dokuchaev, Sushchin, and Belan? The three other men the United States would like to question about the Yahoo hack? They’re not expected to see the inside of a US court any day soon.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read