2 min read

Jail for the man who helped Russia hack Yahoo's email accounts

Graham CLULEY

May 30, 2018

Jail for the man who helped Russia hack Yahoo's email accounts

Remember when Yahoo seemed to have been beset by hack after hack after hack?

In September 2016, Yahoo revealed that the personal data of over 500 million users had been stolen by hackers in 2014.

As if that wasn’t bad enough, three months later the firm revealed that an even larger hack had occurred – a massive security breach had seen hackers access data belonging to up to billions of Yahoo user accounts.

That mega-hack took place in August 2013, with the attackers creating forged cookies that could permit access to users” accounts without needing any passwords whatsoever. But Yahoo didn’t go public about the breach until December 2016, advising users to be cautious of unsolicited communications and to ensure that they were not using the same passwords and security questions/answers on any other online accounts.

The timing for the company couldn’t have been worse, as it was in the process of trying to sell itself to Verizon.

But it was hard to feel too sorry for Yahoo, as it was revealed that some of its staff had known since 2014 that its systems had been compromised by what it believed to be a “state-sponsored attacker”.

And it’s also hard to feel too much sympathy for Dmitry Aleksandrovich Dokuchaev and Igor Anatolyevich Sushchin, both officers in Russia’s FSB, who the FBI believes directed and paid the hackers involved in the 500 million user account heist.

Nor does my heart cry out for another Russian, Alexsey Alexseyevich Belan (also known as “Magg”), who the US Department of Justice claimed had gained access to the Yahoo User Database (UDB) and details of how to create account authentication web browser cookies.

According to US authorities, the fourth member of the gang was Karim Baratov, a resident of Canada who was extradited to the United States, and pleaded guilty to conspiracy to commit computer fraud and identity theft.

According to prosecutors, Baratov was paid by FSB officer Dokuchaev to hack into at least 80 webmail accounts, including at least 50 belonging to Google users. Baratov had been compromising webmail accounts, charging customers $100 per hack, since he was a teenager. Specifically, Kazakhstan-born Baratov advertised his services to Russian language speakers across the globe.

In all, Baratov is believed to have made more than US $1.1 million through his hacks, using his illegal income to purchase a house and expensive cars such as a Lamborghini, Porsche, Aston Martin, Mercedes, and BMW.

This week Baratov has been sentenced to five years in prison, avoiding the 94-month sentence that prosecutors asked for because US district judge Vince Chhabria accepted that Baratov had not been one of the gang’s ringleaders.

“The last 14 months have been a very humbling and eye-opening experience,” Baratov told the court. “There is no excuse for my action…all I can do is promise to be a better man.”

And as for Dokuchaev, Sushchin, and Belan? The three other men the United States would like to question about the Yahoo hack? They’re not expected to see the inside of a US court any day soon.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read