by Betsy Woodruff · March 15, 2017
In 2012 and again in 2013, federal judges in the U.S. indicted 29-year-old Russian Alexsey Belan on hacking charges. Law enforcement officials hoped the Russians would extradite him.
Instead, they hired him.
The tale is part of the the bombshell indictment the Justice Department announced Tuesday morning alleging that Belan and another hacker worked with two members of the Russian government’s security agency, the FSB, to hack into Yahoo in 2014. That hack was one of the largest data breaches in world history, impacting more than 500 million email accounts.
Belan, as well as alleged co-conspirators Karim Baratov and Dmitry Dokuchaev and Igor Sushchin, were indicted on a total of 47 counts, including computer hacking and economic espionage. It’s the first time Russian government officials have been indicted in the U.S. for cyber crimes.
And, in a deeply ironic twist, those officials work for the FSB Center for Information Security (known as Center 18) which is the FBI’s point of contact in Moscow on cybercrime issues. FBI and DOJ officials made a point of noting to reporters that Belan was subject to an Interpol Red Notice seeking for him to immediately be detained. Russia is a member of Interpol, but––obviously––didn’t detain him.
When asked if the FSB officials were acting on their own or doing official business, National Security Division Acting head Mary McCord hinted at the latter.
“As our indictment alleges and as we have reason to believe based on our evidence, they were acting in their capacity as FSB officials,” she said.
And asked if it was possible for the FBI to have a trusting, functional relationship with the FSB, Paul Abbate––the executive assistant director of the FBI’s Criminal, Cyber, Response and Services Branch––said the news makes things complicated.
“I think that’s a challenge,” he said. “It’s something we’re going to continue to work at, and I think this case is going to be a great test of that so we can gauge the level of cooperation we get from them, now having charged these individuals, we would like to see their full cooperation and assistance in bringing these individuals to justice and further aiding us in expanding the scope of the investigation.”
Lawrence Muir, an attorney with the firm Dunlap Bennett & Ludwig who drafted policy briefs on Russian cybercrime for now-Attorney General Jeff Sessions before his confirmation hearing, told The Daily Beast it’s likely the two indicted FSB officials aren’t the only members of the Russian government who were involved in the hacking.
“These attacks are sophisticated, and they require the development of a lot of sophisticated malicious code, and that is expensive,” he said. “So I believe the Russian government has effectively outsourced this sophisticated attack to two very sophisticated hackers, and that they have been using state resources––meaning state money and any other type of intellectual capital––in order to control these hackers through FSB agents.”
“The indicators are that these types of attacks are very sophisticated and very expensive,” he added, “and that points toward state sponsorship.”
You are now subscribed to the Daily Digest and Cheat Sheet. We will not share your email with anyone for any reason
The hack had a substantial economic impact. Verizon ended up paying $350 million less to purchase Yahoo than it initially offered because the hack damaged its brand so much, as Variety detailed.
The hackers gathered information on 500 million Yahoo email accounts––including recovery emails and information on security questions––and were able to read the contents of emails for 6,500 accounts, according to the indictment. The indictment said the hackers also used their access to Yahoo’s network to target Russian journalists, Kremlin critics, former officials from countries that border Russia, and U.S. government officials––including White House personnel.
According to the indictment, Sushchin was Dokuchaev’s superior at the FSB, and the two hired Belan and Baratov for their hacking services. But the FSB wasn’t their only source of income. Belan also used information he stole from Yahoo to manipulate their search engines. For a time, some people who searched for erectile dysfunction drugs saw a fraudulent link he made. That link directed them to an online pharmacy’s website, which paid him a commission for the extra traffic.
The Justice Department also said one of the men, Baratov, was arrested yesterday in Canada. The other three haven’t been arrested yet, and it would be surprising if Russia decided to extradite them. But there are other ways the U.S. government could try to punish them. For instance, then-President Barack Obama signed an executive order in 2015 allowing the Treasury Department to sanction cybercriminals. Mary McCord, the acting director of the DOJ’s National Security Division, told reporters that it was possible the Treasury could use that authority to freeze the assets of the indicted Russians.
And though there’s been a barrage of news stories about investigations of Russian hacking as it related to the 2016 presidential campaign, this investigation doesn’t appear to involve any of that; McCord said Attorney General Jeff Sessions isn’t recused from it.