DOJ Charges Russian Intelligence in Huge Yahoo Hack

Investigators say FSB agents teamed up with criminal hackers to pull off one of the largest data breaches in history.


The Justice Department on Wednesday alleged that two Russian intelligence agents joined forces with criminal hackers to pull off one of the largest computer breaches in U.S. history, the 2014 hack of internet giant Yahoo, which exposed the usernames and passwords of some 500 million users.

The indictment, unveiled by prosecutors at a Washington press conference, highlighted the symbiotic relationship between Russian security services and its criminal hacker underground — and how the two have combined to become a crucial tool of the Kremlin’s foreign policy.

High-profile indictments can also serve to put foreign governments on notice. Almost three years ago, then-Attorney General Eric Holder strode a Washington podium to announce what was then an unprecedented indictment: charges against three People’s Liberation Army officers for their role in a campaign of intellectual property theft targeting American firms.

That marked the beginning of a campaign of pressure against China that eventually resulted in an agreement between Washington and China not to use digital tools to steal business secrets from one another. While it didn’t end all Chinese hacking, it did result in a marked decrease in Chinese digital attacks on American firms, according to several computer security companies.

But Wednesday’s indictment will be unlikely to produce similar dividends in the case of Russian state-sanctioned hacking, experts said.

“What’s critical here is the larger geopolitical relationship,” said Michael Sulmeyer, the director of the Cyber Security Project at Harvard’s Belfer Center. “Real change will have to come from a change in belief that this kind of behavior will have real costs to their national interests.”

Prosecutors allege that two officers of Russia’s FSB — the successor agency to the KGB — teamed up with criminal hackers to steal user data from hundreds of millions of Yahoo accounts.

FSB officers Dmitry Dokuchaev and Igor Sushchin allegedly directed two hackers, Alexsey Belan and Karim Baratov, to break into Yahoo’s central computer systems, harvest user credentials, and acquire tools to break into email accounts. The attack exposed the email accounts of millions of users and embarrassed the internet giant.

Dokuchaev and Sushchin’s scheme married criminal and foreign intelligence objectives, according to the Justice Department, who charged the two with a bevy of offenses, including computer hacking, economic espionage, and wire fraud. If arrested, tried, and convicted — a very long shot for three of the four suspects — they could face more than 100 years in prison.

The two FSB officers allegedly used the information stolen from Yahoo to target the email accounts of Russian journalists, foreign diplomats, and Russian government officials. At the same time, Belan and Baratov allegedly pursued a variety of criminal schemes to cash in on the heist.

In one, Belan allegedly used his access to Yahoo servers to present users who searched for erectile dysfunction medication to be shown a link that he had created. That link then redirected users to an online pharmacy that paid marketers who funneled traffic to the site.

Only Baratov, a 22-year-old Canadian national who was born in Kazakhstan, is in custody; he was arrested Tuesday by Canadian authorities. The other three are thought to be in Russia and are unlikely to ever see the inside of a U.S. courtroom. The United States does not have an extradition treaty with Russia, and Moscow will all but certainly refuse to hand over members of its own security services to American authorities.

Belan has been indicted twice before and for three years has been on the FBI’s list of most wanted cyber criminals.

Russian criminal hackers typically enjoy the protection of the state as long as they do not attack targets within Russia. Evgeniy Bogachev, accused of stealing hundreds of millions of dollars, reportedly lives in comfort in the Black Sea resort town of Anapa and has reportedly allowed Russian security services to search the computers he has infected.

By allowing criminal hackers to flourish within Russian borders, the Kremlin has a cadre of computer savvy operatives at its disposal. It can use these hackers to carry out digital attacks with a modicum of plausible deniability by mingling intelligence operations with criminal schemes, making the former harder to detect.

Both Russia and China use cyber operations as a tool of statecraft, but they have different objectives in mind. Much of Chinese cyber espionage is targeted at stealing corporate secrets. And as much as Beijing seeks to shape the world order to its benefit, ultimately President Xi Jinping has made clear he considers China a status quo power that is interested in upholding the existing order, said James Lewis, cybersecurity expert at the Center for Strategic and International Studies.  

Moscow, in contrast, has a darker view of the world, making them less amenable to conventional forms of suasion.

“They think there is a Western plot to destroy Russia. They really believe that,” Lewis said. “So for them it’s a very different kind of struggle.“

One noteworthy element of the case: The FSB division that employed Dokuchaev and Sushchin is nominally responsible for cyber defense and is the FBI’s Russian point of contact for collaborating in hunting down criminal hackers. Earlier this year,  Russian authorities reportedly arrested Dokuchaev and other FSB officials as part of a shake-up that, according to unconfirmed reports, targeted a CIA spy ring.

But the big question remains: how can Washington persuade Russia to alter its behavior in cyberspace? In the waning days of the Obama administration, Washington slapped sanctions on the FSB and expelled dozens of Russian diplomats, in reprisal for the election meddling.

So far, though, Washington’s retaliatory moves appear to have had little effect. Even after American intelligence called out Russian election meddling in October, and the White House slapped sanctions on FSB operatives and Belan in December, Moscow has continued its influence operations in Europe, seeking to boost its preferred candidates in France, Germany, and the Netherlands.

For now, Washington has a limited toolkit to strike back. “What can we do to the Russians? We are sort of maxed out on sanctions. We know we are not going to arrest these people. So we need to find new punishments,” Lewis said.

Such punishments might include embarrassing revelations about Russian state-sponsored doping efforts, financial dealings, and perhaps covert action, he said.

But that would depend on the willingness of the Trump administration to take a tougher line on Russia. On the campaign trail, Trump staked a series of Kremlin-friendly positions, as FSB hackers mounted an information war that U.S. intelligence officials concluded was meant to boost his candidacy. Since taking office, Trump has suggested forming a closer partnership with Russia, but he has also picked several Russia hawks for key administration positions, making it unclear just what kind of policy the administration will pursue.

Congressional and FBI investigators are now examining whether Trump campaign officials colluded with Moscow, as part of wide-ranging probes examining communications between the Trump team and Moscow and their financial ties to Russia. The House Intelligence Committee will hold its first public hearing on the matter next week, and the Senate intelligence panel is also conducting an investigation.

A pair of top Republican senators, Chuck Grassley (R-Iowa) and Lindsey Graham (R-S.C.) on Wednesday demanded more cooperation from the FBI. Grassley bemoaned the agency’s reluctant cooperation with congressional investigators, and Graham demanded to know by Wednesday if the bureau is conducting a criminal investigation of Trump’s ties to Russia.

One Justice Department official, who is not authorized to speak to the press, said on Wednesday: “There are lots of tentacles at play here.”

Update: Though the FBI described Karim Baratov as a dual Canadian-Kazakh national, Kazakhstan’s embassy to the United States reports his citizenship was annulled in 2011, as Kazakh law does not permit dual nationality. 

Photo by Alex Wong/Getty Images


Elias Groll is a staff writer at Foreign Policy. Twitter: @EliasGroll

Trending Now Sponsored Links by Taboola

By Taboola

More from Foreign Policy

By Taboola