This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.nytimes.com/2017/03/15/technology/yahoo-hack-indictment.html

The article has changed 5 times. There is an RSS feed of changes available.

Version 3 Version 4
Russian Agents Were Behind Yahoo Hack, U.S. Says Russian Agents Were Behind Yahoo Hack, U.S. Says
(about 7 hours later)
In a development that can only heighten the distrust between American and Russian authorities on cybersecurity, the Justice Department on Wednesday charged two Russian intelligence officers with directing a sweeping criminal conspiracy that broke into 500 million Yahoo accounts in 2014. SAN FRANCISCO The Justice Department charged two Russian intelligence officers on Wednesday with directing a sweeping criminal conspiracy that stole data on 500 million Yahoo accounts in 2014, deepening the rift between American and Russian authorities on cybersecurity.
The Russian government then used the information it obtained from the intelligence officers and two others named in the indictment a Russian hacker and a Kazakh national living in Canada to focus on foreign officials, business executives and journalists, federal prosecutors said. The targets included numerous financial executives, executives at an American cloud computing company, an airline official and even a casino regulator in Nevada. The Russian government used the information obtained by the intelligence officers and two other men to spy on a range of targets, from White House and military officials to executives at banks, two American cloud computing companies, an airline and even a gambling regulator in Nevada, according to an indictment. The stolen data was also used to spy on Russian government officials and business executives, federal prosecutors said.
Details of the wide-ranging attack come as the United States government is investigating other Russian cyberattacks against American targets, including the theft of emails last year from the Democratic National Committee and attempts to break in to state election systems. Investigators are also examining communications between associates of President Trump and Russian officials that occurred during the presidential campaign. Russians have been accused of other cyberattacks on the United States most notably the theft of emails last year from the Democratic National Committee. But the Yahoo case is the first time that federal prosecutors have brought cybercrime charges against Russian intelligence officials, according to the Justice Department.
That American and Russian authorities are often at loggerheads in their approaches to criminal breaches was made clear in the indictment. The two Russian agents were supposed to be helping Americans hunt for hackers but were instead working against them. Particularly galling to American investigators was that the two Russian intelligence agents they say directed the scheme, Dmitry Aleksandrovich Dokuchaev and Igor Anatolyevich Sushchin, worked for an arm of Russia’s Federal Security Service, or F.S.B., that is supposed to help foreign intelligence agencies catch cybercriminals. Instead, the officials helped the hackers avoid detection.
And one of the outside hackers, a Russian named Alexsey Belan, had been indicted twice before for three intrusions into American e-commerce companies and had been arrested in Europe, but escaped to Russia before he could be extradited. Prosecutors said they received no response to their requests to the Russian government to turn over Mr. Belan to the American authorities. “The involvement and direction of F.S.B. officers with law enforcement responsibilities makes this conduct that much more egregious,” said Mary B. McCord, the acting assistant attorney general, at a news conference in Washington to announce the charges.
The hackers also used the Yahoo data to send spam and steal credit card and gift card information. In addition, they sought to break into at least 50 Google accounts, including those of Russian officials and employees of a Russian cybersecurity firm. The two other men named in the indictment include a Russian hacker already indicted in connection with three other computer network intrusions and a Kazakh national living in Canada. One of the hackers also conducted an extensive spamming operation, stole credit and gift card information, and diverted Yahoo users looking for erectile dysfunction drugs to a particular pharmacy.
On Wednesday, prosecutors unsealed an indictment containing 47 criminal charges against the two agents of Russia’s Federal Security Service, or F.S.B., as well as two outside hackers with whom they worked with on the scheme, one of the largest known thefts of data from a private corporation. Nikolay Lakhonin, a spokesman for the Russian embassy in Washington, said that Moscow had no “official reaction” to the indictments. But Mr. Lakhonin did point a reporter to two articles posted Wednesday in the Russian-sponsored Sputnik News that were openly skeptical of the charges. One was headlined “Yahoo Hack: What US Mainstream Media Don’t Tell You About Russian ‘Spy.’”
This is the first time officials of Russia’s F.S.B. have been indicted on cybercrime charges in the United States, said Jack Bennett, special agent in charge of the F.B.I.’s San Francisco office. Yahoo worked with the F.B.I. on the investigation for two years, he said. Indeed, one of the two Russian intelligence agents indicted in the Yahoo case, Mr. Dokuchaev, was arrested in early December in what amounted to a purge of the Center for Information Security, the cyberwing of the F.S.B. Mr. Dokuchaev, who was reportedly a former hacker recruited to work in the F.S.B. at least seven years ago, and a fellow officer were accused of treason for passing secret information to the United States.
The four men together face 47 criminal charges, including conspiracy, computer fraud, economic espionage, theft of trade secrets and aggravated identity theft, the Justice Department said in a news release. United States officials said Wednesday that they were not certain if the Dmitry Dokuchaev arrested in December was the same man as the one named in the indictment.
The two agents of the F.S.B. who were charged are Dmitry Aleksandrovich Dokuchaev, 33, a Russian national and resident, and Igor Anatolyevich Sushchin, 43, a Russian national and resident. The Justice Department’s 47-count indictment, which was filed under seal in Federal District Court in San Francisco on Feb. 28, immediately threatened to escalate diplomatic tensions over Russia’s meddling in the November election.
The other two defendants are Mr. Belan, 29, a Russian national and resident; and Karim Baratov, 22, a Canadian and Kazakh national and a resident of Canada. Mr. Baratov was arrested on Tuesday in Canada. “The indictments are intended to be a clear, public signal of what we will not accept,” said James A. Lewis, a cybersecurity expert at the Center for Strategic Studies, a research organization in Washington. “If you’re one of these people, you can’t leave Russia. You know you’ve been caught. There is an Interpol warrant out for your arrest.”
“The criminal conduct at issue, carried out and otherwise facilitated by officers from an F.S.B. unit that serves as the F.B.I.’s point of contact in Moscow on cybercrime matters, is beyond the pale,” the acting assistant attorney general, Mary B. McCord, said in a statement. Karim Baratov is the only one of the accused hackers who has been arrested in connection with the case. He was captured by the authorities in Canada on Tuesday. The chances of the United States taking the other three into custody any time soon appear slim, especially because the United States has no extradition treaty with Russia.
Yahoo disclosed the theft of the data last September and said it was working with law enforcement authorities to trace the perpetrators. The hackers were able to use the stolen information, which included personal data as well as encrypted passwords, to create a tool that let them access 32 million accounts. The fourth person involved in the scheme, a Russian named Alexsey Belan, had been indicted twice before for three intrusions into American e-commerce companies. At one point, he was arrested in Europe, but he escaped to Russia before he could be extradited. Prosecutors said they had repeatedly asked the Russian government to hand over Mr. Belan but had gotten no response.
In a statement, Yahoo thanked the F.B.I. and Justice Department for its work. Nonetheless, officials said that they believe criminal charges serve as a powerful tool to deter cyberattacks. For example, they said, China’s hacking against United States targets decreased after charges were brought against five military officials there in 2014 over damaging attacks against government and private-sector systems.
Yahoo has said for months that it believed that hackers sponsored by a foreign state were behind the attack but it had refused to provide details of what occurred because the federal inquiry was ongoing. The action on Wednesday was the latest in a series of criminal prosecutions that American officials have brought since 2014 against cyberattackers who they charge were acting on behalf of foreign governments, including China, North Korea, and Iran.
However, an internal investigation by the internet company’s board found that some senior executives and information security personnel were aware of the breach shortly after it occurred but “failed to properly comprehend or investigate” the situation. Two weeks ago, the company’s top lawyer, Ronald S. Bell, resigned over the episode, and its chief executive, Marissa Mayer, lost her 2016 bonus and 2017 stock compensation. Yahoo disclosed the theft of its data in September and said it was working with the law enforcement authorities to trace the perpetrators. The hackers were able to use the stolen information, which included personal data as well as encrypted passwords, to create a tool that gave them access to 32 million accounts over a period of two years.
A separate, larger breach of one billion accounts occurred in 2013 but was only disclosed by the company three months ago. Yahoo has said it has not been able to glean much information about that attack, which was uncovered by InfoArmor, an Arizona security firm. In a statement on Wednesday, Yahoo thanked the F.B.I. and the Justice Department for their work.
That theft included phone numbers, birth dates and weakly encrypted passwords and compromised the accounts of several million military and civilian government employees from dozens of nations, including more than 150,000 Americans. Jack Bennett, the special agent in charge of the F.B.I.’s San Francisco office, said that his investigators had worked on the case for two years, although the inquiry intensified last year.
The two thefts, the largest known breaches of a private company’s computer systems, had threatened to scuttle a deal that Yahoo struck last summer to sell its internet businesses to Verizon Communications. It remains unclear why Yahoo users were not informed about the hack during that time. An internal investigation by the company’s board found that some senior executives and information security personnel were aware of the breach shortly after it occurred but “failed to properly comprehend or investigate” the situation. Two weeks ago, the company’s top lawyer, Ronald S. Bell, resigned over the episode, and its chief executive, Marissa Mayer, lost her 2016 bonus and 2017 stock compensation.
Verizon sought to shave $925 million from the original $4.8 billion deal following news of the attacks, according to a securities filing on Monday. Last month, the two companies finally agreed to a $350 million price reduction. Mr. Bennett said the F.B.I. was still investigating a separate, larger breach of one billion Yahoo accounts that occurred in 2013 but was disclosed by the company only three months ago. Yahoo has said it has not been able to glean much information about that attack, which was uncovered by InfoArmor, an Arizona security firm.
The two thefts, the largest known breaches of a private company’s computer systems, had threatened to scuttle a deal that Yahoo struck last summer to sell its internet businesses to Verizon Communications. Verizon sought to shave $925 million from the original $4.8 billion deal following news of the attacks, but last month, the two companies finally agreed to a $350 million price reduction.
Ms. McCord and other officials would not discuss any connection between the charges in the Yahoo case and an ongoing investigation into Russia’s meddling in the November election and a large-scale hack at the Democratic National Committee. Some investigators believe that the F.S.B. orchestrated the D.N.C. hack to help President Trump win the election.
Democrats were quick to link the attacks. Senator Dianne Feinstein of California, the top Democrat on the Intelligence Committee, said that with Russia blamed in the cyberattacks involving both Yahoo and the presidential election, “the United States must take steps not only to bring those responsible to justice but also ensure future attacks are not allowed to occur in the first place.”
The main purpose of the Yahoo hack was to gather political and economic intelligence, officials said. The hackers stole a database of 500 million Yahoo users and other Yahoo software code which they used to falsify cookies, a technique that gave them full access to millions of Yahoo accounts without needing the passwords.
They found accounts of interest by searching non-Yahoo, recovery email addresses that users provided, allowing them to target employees of specific companies or organizations for other attacks. At least 50 Gmail accounts were targeted, as were accounts at financial firms and other technology providers.
Mr. Belan, one of the F.B.I.’s most-wanted cybercriminals, was also making money on the side as part of the scheme, officials said. He used information from the Yahoo accounts to steal credit and gift card numbers, send spam and redirect searches for erectile dysfunction treatments to an online pharmacy that paid for the traffic, according to the indictment.