Head of #FBI #SF John Bennett addresses media regarding the Yahoo hack by alleged Russian FSB agents and criminal hackers. pic.twitter.com/qIDxsHfzcK
— FBI SanFrancisco (@FBISanFrancisco) March 15, 2017
Justice Department officials today announced the indictment (here) of four Russians, two alleged spies and two alleged criminal hackers, in connection with twin hacks of more than 500 million Yahoo users, the Washington Post reports.
The indictments grew out of a nearly two-year long investigation by the FBI's San Francisco office with help from international law enforcement, and the charges — hacking, wire fraud, trade secret theft, and economic espionage — are unique in that they represent the first US criminal cyber charges ever lodged against Russian officials. The spies are two members of the Russian intelligence agency FSB, we're told, and the hackers were hired by Russian officials to carry out their work.
According to the Post, the indictments of Dmitry Dukuchaev and Igor Sushchin are "particularly galling to US officials" because the FSB's cyber investigative arm where they were working is "a rough equivalent of the FBI’s Cyber Division." Dokuchaev was arrested in December in Moscow on treason charges for allegedly providing information to the CIA. Karim Baratov, a hacker-for hire, was arrested yesterday in Canada, where he has Citizenship, although he was born in Kazakhstan. The other hacker, Alexsey Belan, is likely being protected in Russia and is a known and wanted cyber criminal.
#Wanted by the #FBI: Igor Sushchin, Alexsey Belan and Dmitry Dokuchaev pic.twitter.com/ALPm0tateo
— FBI SanFrancisco (@FBISanFrancisco) March 15, 2017
One interesting note from the indictment: Like the hack of the Democratic National Committee, this intrusion may have hinged on a "spear phishing" attack, in which an email purports to be from some official source and asks for password information. As Ars Technica explains,
Malcolm Palmore, the FBI special agent in charge of the bureau’s Silicon Valley office, told Ars in an interview that the initial breach that led to the exposure of half a billion Yahoo accounts likely started with the targeting of a “semi-privileged” Yahoo employee and not top executives. He said social engineering or spear phishing “was the likely avenue of infiltration" used to gain the credentials of an “unsuspecting employee” at Yahoo.
Critics of Yahoo say the company bears responsibility in the massive intrusion as it was slow to reveal the hacks, disclosing the first, from 2014, last fall. That seemed to be the largest data breach in history... until after it released information regarding another hack, even larger than the first, that occurred in 2013.