nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Accused! Yahoo! hacker! pleads! not! guilty! in! US! court!

It wasn't me nor the FSB, claims Karim Baratov

By Iain Thomson, 24 Aug 2017

One of four men accused of carrying out the megahack of 500 million Yahoo! email accounts has pleaded not guilty in a San Francisco district court.

Karim Baratov, 22, was extradited from his Canadian home last weekend after waiving his right to fight going to America for the court case. He denied 47 separate charges of computer hacking, identity theft, wire fraud and industrial espionage.

According to court documents [PDF], Baratov and criminal hacker Alexsey Belan, 29, were hired by two Russian FSB officers – Dmitry Dokuchaev and his boss Igor Sushchin – in October 2014 to hack into Yahoo!'s servers. Over the next 18 months the two hackers ran riot through the poorly secured servers of the portal, accessing email accounts of journalists, business people, and politicians around the world.

The US government alleges that the two used highly targeted emails to get access to Yahoo! personel, and then used internal company software to generate cookies to access webmail accounts without all that tricky password-stealing business.

In all, the government claims that the two accessed over 6,500 webmail accounts, going initially for Russian journalists, businessfolk and politicians. But then they widened their net to carry out industrial espionage against selected Western targets, it's claimed.

Belan is also accused of hijacking Yahoo!'s search engine results for profit, according to the charges. If a visitor searched for the term "erectile dysfunction," they were redirected to an online pharmacy that was paying Belan a commission for hits, according to the Feds.

He is also accused of trawling through people's email accounts looking for credit card information, online gift cards, and using his cookie-making skills to run a spam campaign against 30 million Yahoo! users.

The charge sheet also states that Baratov was directed to try similar hacking tricks with Gmail users. Up to 50 Google accounts were illegally accessed, the government states, including those of senior Russian politicians and business leaders. The hacking continued until December 2016.

It's likely that Baratov is going to be the only one of the four to face a trial. Belan is living in Russia and is unlikely to leave, in part because the FBI has put a $100,000 bounty on his head.

Meanwhile Sushchin is still working for the FSB in Russia and is presumably being very careful about which countries he travels to – only those with no extradition treaty with the US or who won't hand him over anyway. Dokuchaev, on the other hand, has legal issues of his own and has been charged with treason by the Russian authorities. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing