Wednesday, March 15, 2017

Russian Agents Were Behind Yahoo Hack, U.S. Says

In a development that can only heighten the distrust between American and Russian authorities on cybersecurity, the Justice Department on Wednesday charged two Russian intelligence officers with directing a sweeping criminal conspiracy that broke into 500 million Yahoo accounts in 2014.

The Russian government then used the information it obtained from the intelligence officers and two others named in the indictment — a Russian hacker and a Kazakh national living in Canada — to focus on foreign officials, business executives and journalists, federal prosecutors said. The targets included numerous financial executives, executives at an American cloud computing company, an airline official and even a casino regulator in Nevada.

Details of the wide-ranging attack come as the United States government is investigating other Russian cyberattacks against American targets, including the theft of emails last year from the Democratic National Committee and attempts to break in to state election systems. Investigators are also examining communications between associates of President Trump and Russian officials that occurred during the presidential campaign.

That American and Russian authorities are often at loggerheads in their approaches to criminal breaches was made clear in the indictment. The two Russian agents were supposed to be helping Americans hunt for hackers but were instead working against them.

And one of the outside hackers, a Russian named Alexsey Belan, had been indicted twice before for three intrusions into American e-commerce companies and had been arrested in Europe, but escaped to Russia before he could be extradited. Prosecutors said they received no response to their requests to the Russian government to turn over Mr. Belan to the American authorities.

The hackers also used the Yahoo data to send spam and steal credit card and gift card information. In addition, they sought to break into at least 50 Google accounts, including those of Russian officials and employees of a Russian cybersecurity firm.

On Wednesday, prosecutors unsealed an indictment containing 47 criminal charges against the two agents of Russia’s Federal Security Service, or F.S.B., as well as two outside hackers with whom they worked with on the scheme, one of the largest known thefts of data from a private corporation.

This is the first time officials of Russia’s F.S.B. have been indicted on cybercrime charges in the United States, said Jack Bennett, special agent in charge of the F.B.I.’s San Francisco office. Yahoo worked with the F.B.I. on the investigation for two years, he said.

The four men together face 47 criminal charges, including conspiracy, computer fraud, economic espionage, theft of trade secrets and aggravated identity theft, the Justice Department said in a news release.

The two agents of the F.S.B. who were charged are Dmitry Aleksandrovich Dokuchaev, 33, a Russian national and resident, and Igor Anatolyevich Sushchin, 43, a Russian national and resident.

The other two defendants are Mr. Belan, 29, a Russian national and resident; and Karim Baratov, 22, a Canadian and Kazakh national and a resident of Canada. Mr. Baratov was arrested on Tuesday in Canada.

“The criminal conduct at issue, carried out and otherwise facilitated by officers from an F.S.B. unit that serves as the F.B.I.’s point of contact in Moscow on cybercrime matters, is beyond the pale,” the acting assistant attorney general, Mary B. McCord, said in a statement.

Yahoo disclosed the theft of the data last September and said it was working with law enforcement authorities to trace the perpetrators. The hackers were able to use the stolen information, which included personal data as well as encrypted passwords, to create a tool that let them access 32 million accounts.

In a statement, Yahoo thanked the F.B.I. and Justice Department for its work.

Yahoo has said for months that it believed that hackers sponsored by a foreign state were behind the attack but it had refused to provide details of what occurred because the federal inquiry was ongoing.

However, an internal investigation by the internet company’s board found that some senior executives and information security personnel were aware of the breach shortly after it occurred but “failed to properly comprehend or investigate” the situation. Two weeks ago, the company’s top lawyer, Ronald S. Bell, resigned over the episode, and its chief executive, Marissa Mayer, lost her 2016 bonus and 2017 stock compensation.

A separate, larger breach of one billion accounts occurred in 2013 but was only disclosed by the company three months ago. Yahoo has said it has not been able to glean much information about that attack, which was uncovered by InfoArmor, an Arizona security firm.

That theft included phone numbers, birth dates and weakly encrypted passwords and compromised the accounts of several million military and civilian government employees from dozens of nations, including more than 150,000 Americans.

The two thefts, the largest known breaches of a private company’s computer systems, had threatened to scuttle a deal that Yahoo struck last summer to sell its internet businesses to Verizon Communications.

Verizon sought to shave $925 million from the original $4.8 billion deal following news of the attacks, according to a securities filing on Monday. Last month, the two companies finally agreed to a $350 million price reduction.

Vindu Goel reported from San Francisco and Eric Lichtblau from Washington. Nicole Perlroth and Daisuke Wakabayashi contributed reporting from San Francisco.

No comments:

Twitter Updates

Search This Blog

Total Pageviews