Federal Bureau of Investigation charges two Russian spies and two hackers in Yahoo data breach
- Author: Leroy Wright Mar 15, 2017,
Mar 15, 2017, 20:23
The four charged in the cybercrime, two of whom worked for Russia's Federal Security Service (FSB), stand accused of hacking the accounts in an effort to target USA and Russian government officials, journalists, and businesspeople from a variety of sectors.
The men together face 47 criminal charges, including fraud, economic espionage, theft of trade secrets and hacking.
Bloomberg cited a person briefed on the matter as saying that one person was being tracked down in Canada and the others were in Russian Federation.
The indictments come amid a high-stakes U.S. investigation into claims of Russian cyber-meddling in the United States election, potentially to aid the winning efforts of Donald Trump.
But the Department of Justice has laid out clear details of how the Russian FSB - the successor to the KGB - went about one of the biggest hacks in history. At the time it disclosed the 2014 data breach past year, Yahoo said it may have been hacked by a "state-sponsored actor".
Any extradition seems highly unlikely, however, as Russian Federation and the U.S.do not share a governing treaty, and it is doubtful Moscow would willfully hand over officials, or individuals accused of working on its behalf.
The company's investigation into the mishandled hack led to the loss of an annual bonus for CEO Marissa Mayer and the resignation of Yahoo's general counsel, Ronald Bell. He also used his access to Yahoo accounts for further crimes, stealing financial information such as gift and credit card numbers and hacking more than 30 million accounts whose contacts were stolen for a massive spam campaign, according to the indictment.
"The defendants targeted Yahoo accounts of Russian and US government officials, including cybersecurity, diplomatic and military personnel", the Department of Justice said in a press release.
The U.S. Justice Department on Wednesday unsealed charges against four people - including a Canadian-Kazakh national - for allegedly pilfering 500 million Yahoo user accounts in 2014.
Baratov was arrested Tuesday in Canada. Yahoo failed to disclose either attack until 2016, resulting in a considerable cut to the company's sale price in a deal with Verizon.
Yahoo's most recent SEC filing revealed that 32 million user accounts have also been accessed over the past two years by state-sponsored hackers using forged cookies. "We are deeply grateful to the FBI for investigating these crimes and the DOJ for bringing charges against those responsible", Yahoo's Chris Madsen, assistant general counsel and head of global law enforcement, security & safety, said Wednesday in a statement. Yahoo at the time advised all users to update their passwords and security settings, but was and still remains unclear what the full ramification of the breach will be.
A subsequent regulatory disclosure revealed the firm knew about the 2014 hack that year, but failed to inform users, investors or the public for almost two years. However, while it's all well and good that those responsible have been found, Yahoo really should face some sort of reprimand for its lack of disclosure, leaving 500 million of its own customers vulnerable for nearly two years.