Canadian hacker pleads guilty to charges of being a co-conspirator in FSB-funded hack of over 500 mn Yahoo! accounts

The 2014 Yahoo! data breach that compromised the security of over 500 million user accounts was one of the largest data breaches of its kind. So far, this breach has only been topped by the disclosure of yet another, earlier breach that impacted every single one of the 3 billion accounts in Yahoo!’s database in 2013. [caption id=“attachment_4232891” align=“alignleft” width=“380”] Image: Reuters[/caption] On 28 November, one of the perpetrators of the former breach pleaded guilty to the crime and claimed to have done so as an operative of Russia’s domestic law enforcement and intelligence service, the FSB. He was arrested in March. The hacker who pleaded guilty to these charges is Karim Baratov, a 22-year old Canadian national, and has named Dmitry Aleksandrovich Dokuchaev, Igor Anatolyevich Sushchin and Alexsey Alexseyevich Belan as co-conspirators. The three are currently at large in Russia. Dokuchaev and Sushchin are officers of the FSB. According to the indictment, the two FSB officers paid hackers to hack into specific accounts. Belan and Baratov were tasked with hacking into select accounts operated by Yahoo!, Google and Yandex and were paid to transmit the relevant information to the FSB officers. Belan was the one who hacked infiltrated Yahoo!’s network and stole a portion of its User Database (UDB). The UDB contained personally identifiable information that was used to create account authentication tokens (cookies) for over 500 million Yahoo! accounts. Belan is also alleged to have gained access to Yahoo’s Account Management Tool (AMT), which is a tool used by Yahoo! to manage user accounts, change passwords, etc. This tool was allegedly used to gain direct access to over 6,500 accounts. Baratov, the only conspirator who was caught, was tasked with gaining access to specific accounts not on Yahoo!’s database. These accounts, at least 80 in number, belonged to US and Russia-based journalists, among others. The accounts were targeted using data obtained from the Yahoo! hack. Baratov was paid a commission for every account that was compromised.