Canadian Programmer Connected to Yahoo Security Breach Handed Five Year Prison Sentence

A Kazakhstani born Canadian living in Hamilton, Ontario, who was associated with the infamous 2014 Yahoo security hack, received a five-year prison sentence. The security breach saw over 500 million Yahoo user accounts compromised, including personal credentials such as names, passwords, emails, phone numbers, and security questions. Some of the stolen credentials were eventually dumped on the dark web by the hackers. During that time, the web service provider announced that they did not believe bank or credit card credentials were affected by the breach. Yahoo notified affected users and urged clients to change their account passwords and report any suspicious activities.

Reports from U.S. federal agents suggested the breach was coordinated by the Russian Government and its spies. On May 29th, 23-year-old Karim Baratov was ordered by District Judge Vince Chhabria to a $250,000 fine for each of his nine charges, amounting to a total of $2.25 million. “Deterrence is particularly important in a case like this,” Judge Chhabria said after the court hearing.

Baratov was believed to have performed back up attacks which targeted specific users, in the Yahoo security breach. According to the U.S. Attorney’s Office, he reportedly hacked into over thousands of email accounts as desired by his clients. He was charged, together with three others by the U.S. Department of Justice last year for their role in the 2014 Yahoo hack.

Baratov’s arrest came in March last year at the request of U.S. prosecutors and he entered into guilty pleas in November in San Francisco to eight counts of aggravated identity theft and a conspiracy to commit computer fraud. This happened after he had yielded his right to contest an extradition to the United States. Prior to his latest guilty pleas, he pleaded not guilty in September to charges of gaining illegal access into over 80 Yahoo accounts in a California court as well as helping Russian spies carry out the cyber-attack on Yahoo.

Court documents at that time showed that Baratov, together with a 29-year-old Russian Hacker named Alexsey Belan was contacted to break into Yahoo’s network by two specialists of Russia’s Federal Security Service (FSB) intelligence organization, Dmitry Dokuchaev, and his superior, Igor Sushchin.

John F. Bennett, the Special agent in charge speaking after the sentencing stated that “It’s difficult to overstate the unprecedented nature of this conspiracy, in which members of a foreign intelligence service directed and empowered criminal hackers to conduct a massive cyber-attack.”

Baratov’s lawyers in an earlier court filing sought a sentence of three years and three months, against the seven years and 10 months, the prosecutors were after. According to them, their client was just a young man, younger than the majority of the defendants in hacking cases in who once hacked emails for $100 per hack. According to reports, Baratov advertised his hacking services on the dark web and had no time to examine his clients before getting into business with them. During the trial, he said that he had no clue that two of his customers worked for the FSB. The two specialists supposedly paid Baratov around $1.1 million to acquire his services.

He then organized phishing attacks against his victims, which was made up of members of the Russian and American press, top government officials in neighboring Eastern European countries and workers in the commercial sector. He developed emails to look like they were from legitimate sources and deceived victims into entering their passwords on false login pages. However, only eight of the Russian government related hacks he was contacted to do were successful.

One of the former FSB officers who supposedly recruited Baratov, Dmitry Dokuchaev who is also charged as a co-conspirator in this case, is also battling some legal matters of his own. In December 2016, he was arrested by his own agency for his alleged violation of Article 275 of the Russian Criminal code and subsequently charged with treason. There is however little information on his fellow counterpart Igor Sushchin, except the news that he worked as an undercover agent at Renaissance Capital, one of the largest Investment Bank in Moscow and was fired after the allegations passed.