‘Hacker-for-hire’ pleads guilty to Yahoo! breach

SAN FRANCISCO — A Canadian man pleaded guilty on Tuesday to charges stemming from a massive breach at Yahoo that authorities said was directed by two Russian intelligence agents and affected at least a half billion user accounts.

Karim Baratov appeared in a jail jumpsuit before a federal judge and entered the pleas to one count of conspiracy to commit computer fraud and abuse, and eight counts of aggravated identity theft.

He gave “yes” and “no” answers to questions from the judge about his pleas, but said nothing more. He is scheduled for sentencing on February 20.

US law enforcement officials called the 22-year-old Baratov a “hacker-for-hire” and said he was paid by members of the Russian Federal Security Service, or FSB, to access more than 80 accounts.

Outside court on Tuesday, Baratov’s lawyers said their client hacked only eight accounts and did not know that he was working for Russian agents connected to the Yahoo breach.

Baratov was arrested in Hamilton, Ontario, in March and later agreed to forego an extradition hearing and face the charges in the US.

“He’s been transparent and forthright with the government since he got here,” said one of his attorneys, Andrew Mancilla.

The Russian agents, Dmitry Dokuchaev and Igor Sushchin, used the information they stole from Yahoo! to spy on Russian journalists, US and Russian government officials and employees of financial services, and other private businesses, prosecutors said.

Dokuchaev, Sushchin, and a third Russian national, Alexsey Belan, were also named in the indictment filed in February.

Though it is not clear whether they will ever step foot in an American courtroom since the US has no extradition treaty with Russia.

Though the US government had previously charged individual Russian hackers with cybercrime — as well as hackers directly linked to the Chinese and Iranian governments — this was the first criminal case to name as defendants sitting members of the FSB for hacking charges, the Justice Department said.

Yahoo user accounts began being compromised as early as 2014, at the least.

Prosecutors said Dokuchaev and Sushchin turned to Baratov after learning that one of their targets had accounts at webmail providers other than Yahoo.

Read more...