WASHINGTON ― Four people, including two officials working for the Russian equivalent of the FBI, have been charged by the U.S. government in a large-scale hacking scheme that targeted Yahoo users.
The hackers allegedly stole information about at least 500 million Yahoo accounts. They also gained access to the content of 6,500 individual accounts, including those belonging to “Russian journalists and politicians critical of the Russian government; Russian citizens and government officials; former officials from countries bordering Russia; and U.S. government officials, including cyber security, diplomatic, military, and White House personnel,” according to the indictment.
The three Russian suspects are Dmitry Aleksandrovich Dokuchaev, 33; Igor Anatolyevich Sushchin, 43; and Alexsey Alexseyevich Belan, 29. Dokuchaev and Sushchin are Russian Federal Security Service (FSB) officers, according to the department. Belan, who was previously indicted in separate cybercrimes in 2012 and 2013, was already wanted by the U.S. government. The two FSB officers allegedly gave Belan information to help him avoid being detained by U.S. authorities. The other suspect is Karim Baratov, 22, a Canadian resident from Kazakhstan who Canadian authorities arrested Tuesday.
This is believed to be the first time the U.S. government has charged Russian state actors with a cybercrime.
Hackers have breached Yahoo at least twice in recent years. Upwards of 1 billion accounts were compromised in August 2013, and an additional 500 million accounts were stolen in 2014. Yahoo discovered and disclosed both breaches in 2016, as Verizon explored purchasing the tech giant. Verizon owns AOL, which is The Huffington Post’s parent company.
The charges announced Wednesday by Mary McCord, the acting assistant attorney general for national security, are in connection to the 2014 hack. They are not related to the hacking of the Democratic National Committee during the 2016 U.S. presidential campaign, which is also believed to have been directed by Russian government agents. Officials described that investigation as “ongoing,” but deflected questions about whether any of the actors involved in the Yahoo breach were involved in the DNC hack.
Authorities say the hacking team employed Russian intelligence assets to avoid detection.
State actors may be using common criminals to access the data they want, but the indictment shows that our companies do not have to stand alone against this threat. Mary McCord, acting assistant attorney general for national security
The stolen information granted access to a number of other email providers, including Gmail. The indictment alleges that Dokuchaev gained “full access” to email accounts belonging to an investigative reporter for the Kommersant Daily and to a Nevada gaming official. Belan gained access to 14 employees of a Swiss bitcoin wallet and banking firm, as well as a senior officer of a major U.S. airline.
The suspects face a number of charges, including conspiracy, computer fraud and abuse, economic espionage, theft of trade secrets, wire fraud, access device fraud and aggravated identity theft. The most serious of those charges, conspiring to commit wire fraud, carries a maximum sentence of 20 years.
“The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI’s point of contact in Moscow on cybercrime matters, is beyond the pale,” McCord said in a press release. “State actors may be using common criminals to access the data they want, but the indictment shows that our companies do not have to stand alone against this threat.”
Attorney General Jeff Sessions, who has recused himself from any investigation connected to the presidential campaigns, is out of town to give a speech to law enforcement officials in Richmond, Virginia, and did not attend the rollout. But McCord told reporters that Sessions is not recused from this case. A press release quoted Sessions as stating that the U.S. will “prosecute the people behind such attacks to the fullest extend of the law.”
This article has been updated throughout.