2014 Yahoo Data Breach Suspects Charged, Ties to Russia

In 2014, four men with suspected connections with the FSB – the Russian Federal Security Service and successor of the KGB, hacked into Yahoo compromising some 500 million e-mail accounts, including those of Russian and US government officials. Due to the nature of e-mails, e-mail accounts can be particularly vulnerable to hack attacks due to their often personal nature, and a wide variety of information can be gleaned from them.

Yesterday, Wednesday March 15^th, federal authorities indicted the four men in a Northern District of California Grand Jury court on charges ranging from identity theft, the theft of trade secrets and economic espionage. A fifth suspect, still on the run and whose identity is unknown, was likely used by the four men to gain access to Yahoo’s servers, and breached Gmail accounts in tandem with Yahoo accounts to gain progressively higher-level access.

One of the men, Karim Beratov, was arrested in Canada on Tuesday. Whether or not the Russian government sanctioned the 2014 is as yet unknown, but two of the four confirmed suspects involved are agents of the Russian Federal Security Service; involvement of the Russian government is certainly not a stretch of the imagination.

The suspects involved are Aleksey Alekseyevich Belan, 29, who has faced previous computer-related charges in the United States and is suspected to have been involved in the hacking; Igor Anatolyevich Sushchin, 43, a Federal Security Service officer; his junior, also of the FSB, Dmitry Aleksandrovich Dokuchaev, 33; and Karim Baratov, 22; Baratov is a native of Kazakhstan as well as a Canadian citizen.

These are the first cyber-crime-related charges brought in a US court against Russian officials, and underscores the omniscience of intelligence and information warfare in a post-Cold War setting. This was a server-side attack against Yahoo’s infrastructure, and there is little end-users could’ve done to defend against it; however, regular virus scans and, of course, using different passwords and e-mail addresses for different websites can go a long way! In the salad bowl of information, nothing is one-hundred percent secure, and we are sure to see more and more cases like these as time drags on.