Canadian Hacker Pleads Guilty to Conspiring with Russian Agents in Massive Yahoo Hack
Karim Baratov, a 23-year-old Canadian man, has pleaded guilty to multiple charges after being implicated in the hack of 500 million Yahoo accounts. Facing up to 20 years in prison, the hacker for hire has been charged with helping Russian spies breach targeted email accounts. He was indicted in February along with three alleged co-defendants who are based in Russia and remain at large.
Baratov has pleaded guilty to one count of conspiracy to commit computer fraud and abuse and eight counts of aggravated identity theft. According to reports, the recommended sentence is eight to nine years.
"Today’s plea exemplifies the Department’s commitment to pursuing, arresting and bringing to justice even those hackers who work for a foreign law enforcement or intelligence organization." Acting Assistant Attorney General Dana J Boente said.
US Attorney Brian Stretch said in a statement that Baratov is "a prolific criminal hacker who had sold his services to Russian government agents." Stretch added that the "prosecution should send a very clear message to hackers around the world that we will identify and pursue charges against individuals who compromise our country's computer infrastructure."
Being a Canadian citizen, he had waived his right to an extradition hearing in his native country and had initially submitted a non guilty plea. Earlier on Tuesday, appearing before a federal court in San Francisco, he pleaded guilty to federal crimes that were committed alongside three Russian nationals.
Targeted campaign launched through Yahoo breach to help FSB hack over 11,000 accounts
The Canadian hacker is accused of first stealing data of over 500 million Yahoo accounts, then sending phishing emails to selected users and tricking them into handing over their usernames and passwords. This targeted data was then sent to Russian Federal Security Service (FSB) agents. In total, he hacked more than 11,000 accounts on behalf of FSB in exchange for money.
"The defendants used unauthorized access to Yahoo’s systems to steal information from about at least 500 million Yahoo accounts and then used some of that stolen information to obtain unauthorized access to the contents of accounts at Yahoo, Google and other webmail providers, including accounts of Russian journalists, U.S. and Russian government officials and private-sector employees of financial, transportation and other companies. One of the defendants also exploited his access to Yahoo’s network for his personal financial gain, by searching Yahoo user communications for credit card and gift card account numbers, redirecting a subset of Yahoo search engine web traffic so he could make commissions and enabling the theft of the contacts of at least 30 million Yahoo accounts to facilitate a spam campaign." Earlier Press Release
The other three defendants are all Russians, including Igor Sushchin, an undercover Russian FSB agent, Dmitry Dokuchaev, a former FSB officer (arrested by the FSB for cooperating with the CIA!), and Alexsey Belan, a notorious Russian hacker who remains on the list of the FBI's most wanted.
Following the breach disclosures last year, Yahoo has continued to suggest that it was a victim of a state-sponsored attack. In its latest hearing before the Senate, former CEO Marissa Mayer admitted that the company is still unaware of how hackers breached into its networks.
Baratov is being detained in California without bail and will be sentenced on February 20, 2018 in the US District Court in San Francisco.