The FBI released the below
report:
Four individuals—two Russian
Federal Security Service (FSB) officers and two criminal hackers—have been
charged by a federal grand jury in the Northern District of California in
connection with one of the largest cyber intrusions in U.S. history, which compromised
the information of at least 500 million Yahoo accounts.
One of the criminal hackers
was arrested yesterday by Canadian authorities. The two FSB officers and the
second hacker, last known to have been in Russia, are currently fugitives
wanted by the FBI.
The indictments were
announced today by U.S. Department of Justice Acting Assistant Attorney General
Mary McCord, FBI Executive Assistant Director Paul Abbate, and Northern
District of California U.S. Attorney Brian Stretch during a press conference in
Washington, D.C.
The FSB is an intelligence
and law enforcement agency of the Russian Federation, and it’s believed that
the two FSB officers work in an FSB unit that serves as the FBI’s point of
contact in Moscow on cyber crime matters. According to McCord, “The involvement
and direction of FSB officers with law enforcement responsibilities make this
conduct that much more egregious—there are no free passes for foreign
state-sponsored criminal behavior.”
According to the indictment,
from about April 2014 up to at least December 2016, FSB officers Dmitry
Dokuchaev and Igor Sushchin directed this cyber intrusion conspiracy—which
involved malicious files and software tools being downloaded onto Yahoo’s
network—that resulted in the compromise of that network and the theft of
subscriber information from at least 500 million accounts. This stolen
information was then used to obtain unauthorized access to the contents of
accounts at Yahoo, Google, and other webmail providers.
The indictment says that Dokuchaev
and Sushchin paid, directed, and protected two known criminal hackers who took
part in the scheme—Alexsey Belan, a Russian national and resident, and Karim
Baratov, born in Kazakhstan and a naturalized Canadian citizen and resident.
Belan, who has been indicted twice in the U.S. in the past for cyber-related
crimes, is currently on the FBI’s Cyber’s Most Wanted list and is the subject
of a Red Notice for Interpol nations, which includes Russia.
“This is a highly complicated
investigation of a very complex threat. It underscores the value of early,
proactive engagement and cooperation between the private sector and the
government.”
FBI Executive Assistant
Director Paul Abbate
The information stolen from
the 500 million user accounts came from Yahoo’s proprietary user data base,
which contained information such as users’ names, recovery e-mail addresses,
phone numbers, and certain information needed to manually create account
authentication web browser cookies.
What were the alleged
perpetrators after? In part, they used access to Yahoo’s networks to identify
and access accounts of possible interest to the FSB, including those of Russian
journalists, U.S. and Russian government officials, and employees of U.S.,
Russian, and other providers whose networks the conspirators sought to exploit.
Additional victim accounts belonged to private sector employees of financial,
transportation, and other types of companies.
However, the co-conspirators
were not above using the information they stole for personal financial gain.
For example, Belan allegedly searched Yahoo user communications for credit card
and gift card account numbers. He also leveraged the contact lists obtained
from at least 30 million Yahoo accounts to perpetrate his own spam scheme.
Computer intrusions, by their
very nature, are international in scope, so they require an international
effort to unmask the worldwide hacking networks responsible for them. And this
case was no different. Abbate expressed the Bureau’s gratitude to our international
partners for their assistance and support leading up to these criminal charges
today—specifically mentioning the Royal Canadian Mounted Police, the Toronto
Police Service, and the United Kingdom’s MI5.
Another important aspect of
this case involved the victim companies—including Yahoo and Google—coming
forward and working with law enforcement. This collaboration ultimately
resulted in countering the malicious activities of state actors and bringing
criminals to justice. It also illustrates that the FBI can successfully work
these kinds of investigations with victim companies while respecting the
various concerns and considerations businesses might have about the impact of
going public.
“This is a highly complicated
investigation of a very complex threat,” said Abbate. “It underscores the value
of early, proactive engagement and cooperation between the private sector and
the government.”
Among the FBI’s major
investigative priorities are to protect the U.S. against foreign intelligence
operations and espionage and to protect the U.S. against cyber-based attacks
and high-technology crimes. This case involved both. And it doesn’t matter to
us whether the perpetrators of such crimes are run-of-the-mill criminals or
sophisticated foreign states and their agents. With the help of our partners
here and/or abroad, we will identify those responsible and hold them
accountable for their actions.
Note: In the above USDOJ
photo FBI Executive Assistant Director Paul Abbate and DOJ Acting Assistant
Attorney General Mary McCord announce the indictments in the Yahoo intrusion
case.at a March 15, 2017 press conference in Washington, D.C.
No comments:
Post a Comment