Yahoo breach indictments may shed light on other hacks

Yahoo breach indictments may shed light on other hacks
Acting Assistant Attorney General Mary McCord, center, accompanied by U.S. Attorney for the Northern District Brian Stretch, left, and FBI Executive Director Paul Abbate, speaks during a news conference at the Justice Department in Washington, Wednesday, March 15, 2017. The Justice Department announced charges against four defendants, including two officers of Russian security services, for a mega data breach at Yahoo. (AP Photo/Susan Walsh)

U.S. authorities may now be in a better position to figure out if Russian hackers and Russian spies swayed last year's presidential elections.

A scheme uncovered during a federal investigation into a huge Yahoo security breach may have opened a window into other hacks potentially instigated by foreign governments, according to computer security experts.

That includes a separate FBI investigation into whether the Russian government hired hackers to interfere with the November election that put President Donald Trump into the Oval Office.

"This make you more optimistic that they will get to the bottom of what has been going on," said Robert Cattanach, a former Department of Justice attorney now in private practice.

In the Yahoo case unsealed Wednesday, the Department of Justice alleged that two Russian intelligence agents hired a pair of hackers to engineer a heist that affected at least a half billion user accounts.

In a scheme that prosecutors say blended intelligence gathering with old-fashioned financial greed, the four men targeted the email accounts of Russian and U.S. government officials, Russian journalists and employees of financial services and other private businesses, U.S. officials said.

Yahoo breach indictments may shed light on other hacks
This Jan. 14, 2015, file photo shows a sign outside Yahoo's headquarters in Sunnyvale, Calif. In an indictment Wednesday, March 15, 2017, announcing charges against four Russians, U.S. officials describe how Russian hackers working with Russian intelligence officials broke into Yahoo's network, stole information on Yahoo user accounts and ultimately gained entry into other services used by individuals they were targeting. (AP Photo/Marcio Jose Sanchez, File)

Using in some cases a technique known as "spear-phishing" to dupe Yahoo users into thinking they were receiving legitimate emails, the hackers broke into at least 500 million accounts in search of personal information and financial data such as gift card and credit card numbers, prosecutors said.

"We will not allow individuals, groups, nation states or a combination of them to compromise the privacy of our citizens, the economic interests of our companies or the security of our country," said Acting Assistant Attorney General Mary McCord, the head of the Justice Department's national security division.

The case, announced amid continued U.S. intelligence agency skepticism of their Russian counterparts, comes as U.S. authorities investigative Russian interference through hacking in the 2016 presidential election. Officials said those investigations are separate.

One of the Yahoo-related defendants, a Canadian and Kazakh national named Karim Baratov, has been taken into custody in Canada. Another, Alexsey Belan, is on the list of the FBI's most wanted cyber criminals and has been indicted multiple times in the U.S. It's not clear whether he or the other two defendants, Dmitry Dokuchaev and Igor Sushchin, will ever step foot in an American courtroom since there's no extradition treaty with Russia.


"I hope they will respect our criminal justice system," McCord said.

Yahoo breach indictments may shed light on other hacks
This wanted poster provided by the FBI shows Alexsey Alexseyevich Belan, aka "Magg," 29, a Russian national and resident. The United States announced charges Wednesday, March 15, 2017, against two Russian intelligence officers and two hackers, including Belan, accusing them of a mega data breach at Yahoo that affected at least a half billion user accounts. (FBI via AP)

The indictment identifies Dokuchaev and Sushchin as officers of the Russian Federal Security Service, or FSB. Belan and Baratov were paid hackers directed by the FSB to break into the accounts, prosecutors said.

Dokuchaev has been in custody in Russia since his arrest on treason charges in December, along with his superior and several others. Russian media have reported that Dokuchaev and his superior were accused of passing sensitive information to the CIA. The media reports also have contended that Dokuchaev was arrested by the FSB several years ago and offered a choice: serve a long prison sentence on hacking charges or sign a contract to work for the agency.

The FSB hasn't commented, and the Justice Department did not confirm that.

Yahoo didn't disclose the breach until last September when it began notifying hundreds of millions of users that their email addresses, birth dates, answers to security questions and other personal information may have been stolen. Three months later, Yahoo revealed it had uncovered a separate hack in 2013 affecting about 1 billion accounts, including some that were also hit in 2014.

U.S. officials said it was especially galling that the scheme involved officers from a Russian counterespionage service that theoretically should be working collaboratively with its FBI counterparts.

Yahoo breach indictments may shed light on other hacks
This wanted poster provided by the FBI shows Dmitry Aleksandrovich Dokuchaev, 33, a Russian national and resident. The United States announced charges Wednesday, March 15, 2017, against two Russian intelligence officers, including Dokuchaev, and two hackers, accusing them of a mega data breach at Yahoo that affected at least a half billion user accounts. (FBI via AP)

"Rather than do that type of work, they actually turned against that type of work," McCord said.

Paul Abbate, an FBI executive assistant director, said the bureau had had only "limited cooperation with that element of the Russian government in the past," noting that prior U.S. demands to turn over Belan had been ignored.

Though the U.S. government has previously charged individual Russian hackers with cybercrime—as well as hackers directly linked to the Chinese and Iranian governments—this is the first criminal case to name as defendants sitting members of the FSB for hacking charges, the Justice Department said.

U.S. intelligence authorities have concluded that Russian intelligence agencies were behind hacking efforts of Democratic email accounts in last year's election. Officials say this case is separate from that investigation, though one of the defendants in the Yahoo case, Belan, was among the Russians sanctioned last year by the Obama administration.

The indictment, which includes charges of economic espionage, trade secret theft and unauthorized access to protected computers, arise from a compromise of Yahoo user accounts that began at least as early as 2014.

Yahoo breach indictments may shed light on other hacks
This wanted poster provided by the FBI shows Igor Anatolyevich Sushchin, 43, a Russian national and resident is seen. The United States announced charges Wednesday, March 15, 2017, against two Russian intelligence officers, including Sushchin, and two hackers, accusing them of a mega data breach at Yahoo that affected at least a half billion user accounts. (FBI via AP)

The Justice Department's assertion that the FSB was directing the hacking likely provides political and legal cover for Yahoo, which saw its multibillion-dollar deal with Verizon teeter after it was forced to warn consumers that their private information might have been exposed.

Companies are more likely to be blamed for security incompetence when their networks are compromised by thieves or wayward teenagers than when they become the targets of sophisticated espionage carried out by foreign governments.

But Yahoo probably wouldn't have been targeted in the first place if it hadn't been viewed as easier prey than other major tech companies, including Google and Microsoft, also oversee email services with hundreds of millions of users, said Avivah Litan of Gartner Inc. "The criminals always go to the place of least resistance," she said.

In a statement, Chris Madsen, Yahoo's assistant general counsel and head of global security, thanked law enforcement agencies for their work.

"We're committed to keeping our users and our platforms secure and will continue to engage with law enforcement to combat cybercrime," he said.

Yahoo breach indictments may shed light on other hacks
FBI Special Agent in Charge Jack Bennett speaks about a Yahoo security breach during a news conference Wednesday, March 15, 2017, in San Francisco. Two Russian intelligence agents and two hackers have been charged in a devastating breach at Yahoo that affected at least a half billion user accounts, the Justice Department said Wednesday in bringing the first case of its kind against Russian government officials. (AP Photo/Eric Risberg)

Rich Mogull, CEO of the security firm Securosis, said the indictment "shows the ties between the Russian security service and basically the criminal underground," something that had been "discussed in security circles for years."

Cyber criminals gave Russian officials access to specific accounts they were targeting, and in return, Russian officials helped the criminals to evade authorities and let them keep the type of information that hackers that hack for money tend to exploit such as email addresses and logins and credit card information.

"We've come to expect that you don't really figure out who performs these attacks," Mogull said. The fact that the indictment ties together the FSB and criminals is a new development, he said. "It will be very interesting to see what comes up in court, and how they tie those two together."

Explore further: US charges two Russian spies in massive Yahoo cyberattack (Update)