Guilty plea in case tied to massive 2014 Yahoo hack
Remember that massive Yahoo hack? Not the one in 2013 that resulted in the theft of around a billion users’ data, but the breach in 2014 that led to the compromising of some 500 million user accounts? Yeah, that one.
Well, one of the people involved in the scheme just pled guilty. And, surprise, he claims his role in the plot was to hack accounts the FSB, a Russian security agency, was interested in.
The Department of Justice issued a statement yesterday detailing the plea, which notes that the man, Karim Baratov, is a Canadian national but was in cahoots with the Russian government. Three other defendants were also named in the statement, although U.S. authorities say they remain at large in Russia.
Essentially, Baratov was tasked with hacking specific Yahoo accounts and passing their login credentials on to the folks at the FSB. He did this, reportedly, for money.
“This case is a prime example of the hybrid cyber threat we’re facing, in which nation states work with criminal hackers to carry out malicious activities,” Paul Abbate, Executive Assistant Director of the FBI’s Criminal, Cyber, Response and Services Branch, is quoted as saying in the DOJ statement.
Baratov, 22, copped to typically spearphishing his victims, sending them highly targeted fake emails in an attempt to get them to click on malicious links, and then exchanging the stolen credentials for cash. He advertised his services on Russia language hacking sites, where he apparently found customers all too eager for his particular set of skills.
His efforts are said to have allowed other individuals to gain direct access to Yahoo’s internal systems.
Baratov was arrested this past March in Canada, but was extradited to California where he is being held without bail. He pled guilty to conspiring to violate the Computer Fraud and Abuse Act and aggravated identity theft. In addition to any jail time he may serve, he will be faced with fines up to $2,250,000.
Sentencing is scheduled for February 20, 2018, and Baratov faces years in prison. However, regardless of whatever his exact sentence ends up being, the damage is long since done to Yahoo’s reputation.