The Daily Swig Web security digest

Canadian national pleads guilty to Yahoo hack

James Walker | 30 November 2017 at 15:39

‘Hacker for hire’ will be sentenced on February 20.

A 22-year-old Canadian man has pleaded guilty to charges related to his role in a 2014 hack against Yahoo, which resulted in 500 million email accounts being compromised.

Karim Baratov and three other defendants, including two officers of the Russian Federal Security Service (FSB), were charged with computer hacking and other criminal offenses in connection with a conspiracy to access Yahoo’s network and the contents of email accounts that began in January 2014.

Baratov’s co-defendants, all of whom remain at large, all are Russian nationals and residents: Dmitry Aleksandrovich Dokuchaev, Igor Anatolyevich Sushchin, and Alexsey Alexseyevich Belan.

As part of his plea agreement with the Northern District of California’s US Attorney’s Office, Baratov not only admitted to agreeing and attempting to hack at least 80 email accounts on behalf of one of his FSB co-conspirators, but also to hacking more than 11,000 email accounts in total from in or around 2010 until his March 2017 arrest by Canadian authorities.

Baratov is understood to have advertised his services through a network of primarily Russian-language ‘hacker for hire’ web pages hosted on servers around the world.

He admitted that he generally spearphished his victims, sending them emails from accounts he established to appear to belong to the webmail provider at which the victim’s account was hosted, US lawmakers said.

Once Baratov collected the victims’ account credentials, he sent his customers screenshots of the victims’ account contents to prove that he had obtained access and, upon receipt of payment, provided his customers the victims’ log-in credentials.

“The illegal hacking of private communications is a global problem that transcends political boundaries,” said US Attorney Brian Stretch. “Cybercrime is not only a grave threat to personal privacy and security, but causes great financial harm to individuals who are hacked and costs the world economy hundreds of billions of dollars every year.”

Baratov waived extradition from Canada and is being detained in California without bail. His sentencing hearing is scheduled to take place in San Francisco on February 20, 2018.