By Heather Hamilton, contributing writer
Two Russian spies and two criminal hackers have been indicted in connection with the 2014 breach of 500 million Yahoo accounts, the Justice Department announced Wednesday. This is the first time that criminal cyber-charges have ever been brought against Russian government officials, according to an article in the Washington Post.
Two members of the FSB, a Russian intelligence agency, and two hired hackers are charged with hacking, wire fraud, trade secret theft, and economic espionage — indictments from the biggest hacking case ever brought by the United States.
The men in question are Dmitry Dokuchaev and his boss, Igor Sushchin, who worked for the FSB, an agency that is meant to function, at least vaguely, like the Cyber Division at the FBI. Dokuchaev (hacker alias Forb) was arrested in Moscow in December on charges of state treason. He was working for the FSB to avoid prosecution for bank card fraud.
Alexsey Belan, on the most-wanted cyber-criminal list, is among those facing charges. He’s been charged two times before in connection with intrusions at three major U.S. tech firms. He was in custody in Greece but is now in Russia under the protection of authorities. Helping Belan was Canadian citizen Karim Baratow, born in Kazakhstan and arrested in Canada.
The hacks happened in the fall of 2014 and were the largest known data breach ever to happen. After, Yahoo mentioned that approximately 1 billion accounts had been hacked the year before. It is still unknown whether the two were related, but we do know that the hack could have affected other Yahoo services — Flikr, Tumblr, fantasy sports, and other Yahoo properties.
While Russia has been in the news with some frequency, these charges are unrelated to the hacking of the Democratic National Committee and any potential hacking during the 2016 presidential campaign.
The United States government is more interested than ever in holding foreign governments accountable for crimes committed in cyberspace, a realm that has been less regulated. And, while the U.S. does not have an extradition treaty with Russia, pressing charges and imposing sanctions can act as a deterrent. There is also the possibility that criminals accidentally travel to a place that will transfer them to the United States.
“They have the effect of galvanizing other countries that are watching what’s happening. They show that we have the resources and capabilities to identify the people at the keyboard, even in the most sophisticated cases,” said Luke Dembosky, former deputy assistant attorney general for national security, told the Washington Post.
In the 2014 hack, the KGB successor (the Federal Security Service) wanted the information for intelligence purposes and targeted journalists and dissidents of U.S. government officials, though they also allowed the hackers access to the emails for financial gain. They targeted White House officials, military, bank executives, cloud computing companies, an airline, and a gambling regulator.
Milan Patel, a former supervisory special agent for the FBI’s Cyber Division and current managing director at cyber-firm K2 Intelligence believes that the charges “illustrate the murky world of Russian intel services using criminal hackers in a wide variety of ways.” This case is one of the first that proves that, though the FBI has long theorized it.
This two-year investigation utilized the FBI’s San Francisco office as well as international law enforcement.
Though Russian Embassy spokesman, Nikolay Lakhonin, directed reporters to two articles, including this one, in which the writer suggests that the media isn’t telling the whole story, he maintained that the embassy had no official reaction.
Sources: NYTimes, Washington Post, and Justice.gov
Learn more about Electronic Products Magazine