Russian-Linked Canadian Hacker Faces Prison For Yahoo Breach

The FBI's San Francisco office led the investigation that indicted the 23-year-old and Russian intelligence officers who hacked 500 million Yahoo accounts.

In yet another reminder to delete your Yahoo email, a 23-year-old Canadian is facing a prison sentence for hacking on behalf of Russian intelligence officers using 500 million hacked Yahoo accounts.

A federal court in San Francisco sentenced Karim Baratov to five years on Tuesday and ordered him to hand over his remaining assets — up to $2,250,000 — in the form of a fine, according to the U.S. Justice Department. Baratov pleaded guilty in November to one count of conspiring to commit computer fraud and eight counts of identity theft from Gmail account owners he hacked between December 2014 and 2016. (Information from the Yahoo breach was used to hack the Gmail accounts.)

Baratov was extradited from Canada in March 2017 — thanks in part to officers mounted on horses — but the two Russian Federal Security Service (FSB) officers and another Russian citizen were indicted along with him in absentia. They are believed to be in Russia.

The indictment faults the FSB officers Dmitry Dokuchaev and Igor Sushchin not only for illegally accessing 500 million Yahoo accounts in 2014, but for hiring Baratov to hack additional the accounts using that information. The FBI’s San Francisco office led the investigation that led to the indictment.

“It’s difficult to overstate the unprecedented nature of this conspiracy, in which members of a foreign intelligence service directed and empowered criminal hackers to conduct a massive cyber-attack against 500 million victim user accounts,” said John F. Bennett, FBI’s designated Special Agent in Charge.

Prosecutors say that over the course of about two years, Baratov asked few questions as to who was paying him a bounty for each of the eight Gmail accounts he hacked, largely belonging to Russian or Eastern European officials and business folks. All the while, he bought a $650,000 house in an affluent Ontario suburb and flashed luxury cars like his Aston Martin, Lamborghini, and Porsche.

Baratov also admitted to hacking 11,000 email accounts during his hacking-for-hire tenure between 2010 and 2017, most of which were hosted by Russian service providers. He began charging for his work at age 14, two years after moving from Kazakhstan with his family, using his advanced computer programming skills.

Bay City News contributed to this report.

Tags: , ,

Related Stories