US charges Russian spies, hackers over Yahoo data breach
Issued on: Modified:
The United States announced charges Wednesday against two Russian intelligence officers and two "criminal hackers", accusing them of a massive data breach at Yahoo that affected at least a half billion user accounts.
"We will not allow individuals, groups, nation states or a combination of them to compromise the privacy of our citizens, the economic interests of our companies, or the security of our country," said the acting assistant attorney general, Mary McCord.
The hack targeted the email accounts of Russian and US officials, Russian journalists, and employees of financial services and other businesses, officials said.
One of the defendants has been taken into custody in Canada and another is on the list of the FBI's most wanted cyber criminals.
The charges arise from a compromise of Yahoo user accounts that began at least as early as 2014. Though the Justice Department has previously charged Russian hackers with cybercrime – as well as hackers sponsored by the Chinese and Iranian governments – this is the first criminal case brought against Russian government officials.
The Russian agents were identified as Dmitry Dokuchaev and Igor Sushchin, both of whom worked for the FSB inteligence agency, the successor to Russia's KGB.
Dokuchaev was an officer in the FSB Center for Information Security, known as "Center 18", which is supposed to investigate hacking and is the FBI's point of contact in Moscow for cyber crimes.
The 33-year-old was reported to have been arrested in Moscow earlier this year on treason charges. He is accused of directing the Yahoo hack along with his superior, the 43-year-old Sushchin.
The two officers "protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the United States and elsewhere", McCord told reporters.
They hired Alexsey Belan and Karim Baratov, described as "criminal hackers", to carry out the attacks, which continued until late 2016.
McCord said the attack was directed at gathering information, "clearly some of which has intelligence value", but added that "the criminal hackers used this to line their own pockets for private financial gain".
The hackers sought to cash in on the breach by accessing stolen credit or gift card numbers, and through a series of spam marketing schemes.
The US indictment includes 47 criminal charges including conspiracy, computer fraud, economic espionage, theft of trade secrets and identity theft.
The announcement comes as federal authorities continue to investigate Russian interference and hacking during the 2016 presidential election campaign.
Asked if there were any links between the Yahoo hack and the wider question of Russian election interference, McCord said, "We don't have anything that suggests... any relationship," adding that the election case "is an ongoing investigation".
Targets of the Yahoo breach included Russian and US government officials, cyber security experts, diplomatic and military personnel, journalists and others, McCord said.
The US statement said some targets were "of predictable interest" to the Russian spy agency, including the Russian and US officials and employees of a prominent Russian cybersecurity company.
Other accounts compromised belonged to employees of commercial entities, such as a Russian investment banking firm, a French transportation company, US financial services and private equity firms, a Swiss bitcoin wallet and banking firm, and a US airline, according to the Justice Department.
Yahoo didn't disclose the 2014 breach until last September when it began notifying at least 500 million users that their email addresses, birth dates, answers to security questions and other personal information may have been stolen. Three months later, Yahoo revealed it had uncovered a separate hack in 2013 affecting about 1 billion accounts, including some that were also hit in 2014.
In a statement, Chris Madsen, Yahoo's assistant general counsel and head of global security, thanked law enforcement agencies for their work.
"We're committed to keeping our users and our platforms secure and will continue to engage with law enforcement to combat cybercrime," he said.
(FRANCE 24 with AP and AFP)