The United States on Wednesday charged two Russian intelligence agents and two criminal hackers with masterminding the 2014 theft of 500 million Yahoo accounts, marking the first time the US government has criminally charged Russian spies for cyber offences.
The charges came amid a swirl of controversies relating to alleged Kremlin-backed hacking of the 2016 US presidential election and possible links between Russian figures and associates of US President Donald Trump, and uncertainty about whether Trump is willing to respond forcefully to aggression from Moscow in cyberspace and elsewhere.
The 47-count Justice Department indictment includes charges of conspiracy, computer fraud and abuse, economic espionage, theft of trade secrets, wire fraud, access device fraud and aggravated identify theft. It paints a picture of the Russian security services working hand-in-hand with cyber criminals, who helped spies further their intelligence goals in exchange for using the same exploits to make money.
"The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI's point of contact in Moscow on cyber crime matters, is beyond the pale," Acting Assistant Attorney General Mary McCord said at a press conference announcing the charges.
Russia's Federal Security Service (FSB) is the successor to the KGB.
Yahoo said when it announced the then-unprecedented breach last September that it believed the attack was state-sponsored, and on Wednesday the company said the indictment "unequivocally shows" that to be the case.
The charges announced Wednesday are not related to the hacking of Democratic Party emails during the 2016 US presidential election. US intelligence agencies have said they were carried out by Russian spy services, including the FSB, to help the campaign of Republican candidate Donald Trump.
The indictment named the FSB officers involved as Dmitry Dokuchaev and his superior, Igor Sushchin, who are both in Russia.
Dokuchaev was arrested for treason in December, according to the Russian news agency Interfax.
Reuters sent a request for comment to the FSB in Moscow on Wednesday evening but there was no immediate response.
The alleged criminals involved in the scheme include Alexsey Belan, who is among the FBI's most-wanted cyber criminals and was arrested in Europe in June 2013 but escaped to Russia before he could be extradited to the United States, according to the Justice Department.
Karim Baratov, who was born in Kazakhstan but has Canadian citizenship, was also named in the indictment.
The Justice Department said Baratov was arrested in Canada on Tuesday. Mark Pugash of Toronto police later confirmed the Tuesday arrest.
McCord said the hacking campaign was waged by the FSB to collect intelligence but that the two hackers used the collected information as an opportunity to "line their pockets."
The United States does not have an extradition treaty with Russia, but McCord said she was hopeful Russian authorities would cooperate in bringing criminals to justice. The United States often charges cyber criminals with the intent of deterring future state-sponsored activity.
Washington has not contacted Moscow over the charges, Russian news agencies reported on Wednesday, citing a "highly placed" source in Moscow.
The administration of former President Barack Obama brought similar charges against Chinese and Iranian hackers who have not been extradited.
In a statement, White House spokesman Michael Anton said the charges "are part of a broad effort across the government to defend the United States against cyber attacks and cyber-related crimes."
'Red notice'
Yahoo in December announced another breach that occurred in 2013 affecting one billion accounts. Special Agent Jack Bennett of the FBI's San Francisco Division said the 2013 breach is unrelated and that an investigation of that incident is ongoing.
The hacks forced Yahoo to accept a discount of $350 million in what had been a $4.83 billion deal to sell its main assets to Verizon Communications Inc.
At least 30 million of the Yahoo accounts in the 2014 breach were the most seriously affected, with Belan able to burrow deep into their accounts and take user contact lists that were later used for a financially motivated spam campaign, according to the indictment. Belan also stole financial information such as credit card numbers and gift cards, it said.
Yahoo had previously said about 32 million accounts had fallen victim to the deeper attack, which it said leveraged forged browser cookies to access accounts without the need for a password.
According to the indictment, FSB officers Sushchin and Dokuchaev also directed Baratov to use the information gained in the Yahoo breach to hack specific targets who possessed email accounts with other service providers, including Google.
When Baratov was successful, Dokuchaev would reward him with a bounty, the indictment charged.
Examples where Google accounts were targeted include an assistant to the deputy chairman of the Russian Federation, an officer of the Russian Ministry of Internal Affairs, and a physical training expert employed by the Russian government.
Details in the indictment reflect the often murky relationship in Russia between criminal hackers and government intelligence officers.
Interpol issued a "red notice" on Belan in relation to an earlier hacking campaign, according to the indictment. Instead of arresting Belan, however, the FSB recruited him to help with cyber espionage and provided tools to evade detection from other authorities.
Belan later gained unauthorized access to Yahoo's network that he shared with FSB, the indictment said.
© Thomson Reuters 2017
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.