United States authorities charge Russian spies, hackers in huge Yahoo hack

Yahoo CEO Marissa Mayer

In the Yahoo case unsealed Wednesday, the Department of Justice alleged that two Russian intelligence agents hired a pair of hackers to engineer a heist that affected at least a half billion user accounts.

US authorities say he and three others - including two men alleged to be officers of the Russian Federal Security Service - were indicted for computer hacking, economic espionage and other crimes.

United States officials said on Wednesday they were not certain if the Dokuchaev arrested in December was the same man as the one in the indictment.

But there is plenty of intrigue swirling about Dokuchaev, 33, who the indictment describes as wanted cyber criminal Alexsey Belan's direct FSB contact.

According to the Justice Department, the data stolen by the two intelligence officers were used by the Russian government to spy on a range of targets, reports The New York Times. A state-backed attack led by elite hackers, on the other hand, can be more hard to repel - or so a company can argue. The company said it'll continue to work with law enforcement to make its platforms more secure.

While Russian intelligence officials were interested only in a limited number of accounts, hackers used access to Yahoo's network for their own financial gain. It penetrated yahoo's sensitive user database and changed their very system against Yahoo accounts users. Belan was arrested in Europe in June 2013 but fled to Russian Federation before he could be deported to the United States, according to the Justice Department. It contained information like user names, different recovery email addresses, and phone numbers.

Between them, the four men have been charged with over 47 counts of hacking and espionage-related offences, including conspiracy to commit wire fraud, aggravated identity theft and theft of trade secrets. Three months later, Yahoo revealed it had uncovered a separate hack in 2013 affecting about 1 billion accounts, including some that were also hit in 2014.

A scheme uncovered during a federal investigation into a huge Yahoo security breach may have opened a window into other hacks potentially instigated by foreign governments, according to computer security experts. Companies like Yahoo typically use bits of data called cookies to let you stay signed into an account via a web browser.

Whatever Dokuchaev and Sushchin's motives, they were obviously not paying the hackers Belan and Baratov enough because Belan was running a scam on the side taking a cut on sales of "erectile dysfunction drugs" and searching accounts for gift cards and credit card information.

Malcolm Palmore of the Federal Bureau of Investigation told Ars Technica that spear-phishing "was the likely avenue of infiltration" that led to the gang stealing the credentials of an "unsuspecting employee", allowing them access to Yahoo's internal networks.

Related News: