'Hacker-for-hire' pleads guilty to charges stemming from Yahoo! breach which affected half a BILLION user accounts and was 'directed by Russian intelligence agents'

  • A Canadian man pleaded guilty Tuesday to charges stemming from a massive breach at Yahoo!?
  • Authorities say the 2014 breach was directed by two Russian intelligence agents and affected at least a half billion user accounts
  • Karim Baratov entered the pleas to one count of conspiracy to commit computer fraud and abuse and eight counts of aggravated identity theft
  • The 22-year-old Kazakhstan-born Baratov appeared in a federal court in San Francisco?
  • US law enforcement officials say Baratov acknowledged hacking more than 11,000 web mail accounts on behalf of the Russian Federal Security Service
  • Baratov's attorneys said he hacked only eight accounts for the Russians and did not know that he was working for Russian agents connected to Yahoo! breach?

A Canadian man pleaded guilty Tuesday to charges stemming from a massive breach at Yahoo! that authorities say was directed by two Russian intelligence agents and affected at least a half billion user accounts.

Karim Baratov appeared in a jail jumpsuit before a federal judge and entered the pleas to one count of conspiracy to commit computer fraud and abuse and eight counts of aggravated identity theft.?

He gave 'yes' and 'no' answers to questions from the judge about his pleas but said nothing more.

He is scheduled for sentencing on February 20.

Karim Baratov (above), a Canadian man, pleaded guilty Tuesday to charges stemming from a massive breach at Yahoo! that authorities say was directed by two Russian intelligence agents and affected at least a half billion user accounts

Karim Baratov (above), a Canadian man, pleaded guilty Tuesday to charges stemming from a massive breach at Yahoo! that authorities say was directed by two Russian intelligence agents and affected at least a half billion user accounts

Baratov appeared in a jail jumpsuit before a federal judge and entered the pleas to one count of conspiracy to commit computer fraud and abuse and eight counts of aggravated identity theft
Baratov appeared in a jail jumpsuit before a federal judge and entered the pleas to one count of conspiracy to commit computer fraud and abuse and eight counts of aggravated identity theft

Baratov appeared in a jail jumpsuit before a federal judge and entered the pleas to one count of conspiracy to commit computer fraud and abuse and eight counts of aggravated identity theft

US law enforcement officials call the 22-year-old Baratov a 'hacker-for-hire' and say as part of his plea deal, he acknowledged hacking more than 11,000 web mail accounts on behalf of the Russian Federal Security Service, or FSB, and other customers from around 2010 until his March arrest.

Outside court Tuesday, Baratov's attorneys said their client hacked only eight accounts for the Russians and did not know that he was working for Russian agents connected to the Yahoo! breach.?

Baratov was arrested in Hamilton, Ontario, and later agreed to forego an extradition hearing and face the US charges.

'He's been transparent and forthright with the government since he got here,' said one of his attorneys, Andrew Mancilla.

Baratov's attorneys said their client hacked only eight accounts for the Russians and did not know that he was working for Russian agents connected to the Yahoo! breach

Baratov's attorneys said their client hacked only eight accounts for the Russians and did not know that he was working for Russian agents connected to the Yahoo! breach

The Russian agents, Dmitry Dokuchaev and Igor Sushchin, used the information they stole from Yahoo! to spy on Russian journalists, US and Russian government officials and employees of financial services and other private businesses, according to prosecutors. The Kremlin is seen above in Moscow

The Russian agents, Dmitry Dokuchaev and Igor Sushchin, used the information they stole from Yahoo! to spy on Russian journalists, US and Russian government officials and employees of financial services and other private businesses, according to prosecutors. The Kremlin is seen above in Moscow

The Russian agents, Dmitry Dokuchaev and Igor Sushchin, used the information they stole from Yahoo! to spy on Russian journalists, US and Russian government officials and employees of financial services and other private businesses, according to prosecutors.

Dokuchaev, Sushchin and a third Russian national, Alexsey Belan, were also named in the indictment filed in February, though it's not clear whether they will ever set foot in an American courtroom since there's no extradition treaty with the Kremlin.

Though the US government had previously charged individual Russian hackers with cybercrime - as well as hackers directly linked to the Chinese and Iranian governments - this was the first criminal case to name as defendants sitting members of the FSB for hacking charges, the Justice Department said.

Yahoo user accounts began being compromised at least as early as 2014.

Dokuchaev and Sushchin turned to Baratov after learning that one of their targets had accounts at webmail providers other than Yahoo, prosecutors said.

YAHOO! DATA BREACH TIMELINE

Former Yahoo! CEO Marissa Mayer is seen above in this 2014 file photo

Former Yahoo! CEO Marissa Mayer is seen above in this 2014 file photo

During the second half of 2016, Yahoo! reported two major data breaches perpetrated by hackers.

In September 2016, the company said that at least 500 million of its accounts were hacked in 2014 by what it believed was a state-sponsored actor, a theft that appeared to be the world's biggest known cyber breach by far.?

Cyber thieves may have stolen names, email addresses, telephone numbers, dates of birth and encrypted passwords, the company said.?

But unprotected passwords, payment card data and bank account information did not appear to have been compromised, signaling that some of the most valuable user data was not taken.?

In December 2016, it was learned that an even bigger breach took place in August 2013.

The company admitted last month that all three billion of Yahoo!'s users were affected by the 2013 data theft that the company originally said had only affected 1 billion users.

The additional two billion data theft victims came to light as Yahoo! was being integrated with Verizon, which bought the company in June for $4.5billion.

'During integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft,' the company said in a statement posted on its website.?

The investigation found that the stolen user account information did not include passwords in clear text, payment card data, or bank account information.

'While this is not a new security issue, Yahoo! is sending email notifications to the additional affected user account, the firm said.

'The investigation indicates that the user account information that was stolen did not include passwords in clear text, payment card data, or bank account information.

The company said it 'is continuing to work closely with law enforcement'.

Yahoo! said it would send email notifications to the additional affected user accounts.

'Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats,' said Chandra McMahon, Chief Information Security Officer, Verizon.?

'Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon's experience and resources.'?

'Online intrusions and thefts by state-sponsored actors have become increasingly common across the technology industry,' Yahoo! said in a statement at the time of the attacks.

Source: Reuters, DailyMail.com?

The comments below have not been moderated.

The views expressed in the contents above are those of our users and do not necessarily reflect the views of MailOnline.

What's This?

By posting your comment you agree to our house rules.