The US has indicted four defendants, including two officers of the Russian Federated Security Service (FSB), in the 2014 hack of 500 million Yahoo accounts.

The defendants are Dmitry Aleksandrovich Dokuchaev and Igor Anatolyevich Sushchin, both FSB officers, as well as fellow Russian Alexsey Alexseyevich Belan. Also indicted was Karim Baratov, a Canadian and Kazakh national and a resident of Canada. They were charged with computer hacking, economic espionage and other criminal offenses, and indicted by a grand jury in the Northern District of California according to a statement Wednesday by the US Department of Justice.

The defendants used unauthorized access to Yahoo's systems to steal information from at least 500 million Yahoo accounts. They used some of that information to get access to accounts at Yahoo, Google and other webmail providers. Targets included Russian journalists, US and Russian government officials, and private sector employees of financial, transportation and other companies, according to the DoJ statement.

One defendant also exploited his access to Yahoo's network for personal financial gain, according to the DoJ. He searched Yahoo user communications for credit card and gift card account numbers, redirected some Yahoo search traffic so he could earn commissions, and enabled theft of contacts of at least 30 million Yahoo accounts to facilitate a spam campaign.

Dokuchaev and Sushchin, the FSB officer defendants, worked with criminal hackers, including Belan and Baratov. Belan was arrested in Europe in 2013, but escaped to Russia. Dokuchaev and Sushchin put Belan to work on their criminal acts rather than detaining him, the DoJ says. Belan made the FBI's "Cyber Most Wanted" list.

Figure 1: Russian Connection? Kremlin Regiment, changing of the guard, Moscow Tomb of the Unknown Soldier.
Photo: Andrew Shiva / Wikipedia / CC BY-SA 4.0

The DoJ has more details on the allegations in its statement as well as the indictment.

The indictments come as cyberspace tensions ratchet up between the US and Russia, with the US investigating connections between Russia and an attack on the Democratic National Committee and alleged ties between Russia and President Donald Trump's election campaign.

The charges don't relate to another theft of personal information from 1 billion users fro Yahoo, dating back to 2013, that resulted in significant reduction of the sales price of Yahoo to Verizon. (See Another Hack Announced by Yahoo and Verizon Knocks $350M off the Price of Yahoo.)

In a federal filing this week, Yahoo announced outgoing CEO Marissa Mayer will get $23 million parting pay. (See Yahoo's Marissa Mayer Gets $23M Kiss-Off.)

— Mitch Wagner Editor, Enterprise Cloud News