Friday, June 1, 2018
Baratov, whose aliases include Kay, Karim Taloverov and Karim Akehmet Tokbergenov, will serve five years in prison and was ordered to pay restitution of $250,000 to millions of consumers whose identities and personal information were compromised, authorities stated. His sentencing concluded a multinational FBI investigation and led to the arrest of other offenders Baratov named as part of a plea deal.
Baratov testified he was hired by Dmitry Dokuchaev and Igor Sushchin, officers of the Russian Federal Security Service (FSB), who directed him and others to hack webmail accounts at Yahoo and other hosting services. The spear-phishing campaign was active between January 2014 and December 2016, according to court records. The campaign used data stolen in the Yahoo breach to gain access to private emails.
John C. Demers, Assistant Attorney General for National Security, thanked Canadian law enforcement for their cooperation and assistance in bringing Baratov to justice. "Criminal hackers and the countries that sponsor them make a grave mistake when they target American companies and citizens," Demers stated. "We will identify them wherever they are and bring them to justice."
Northern California Acting U.S. Attorney Alex G. Tse said Baratov's five-year prison term sends a message of zero tolerance to the criminal masterminds behind state-sponsored cyberattacks. "Hackers such as Baratov ply their trade without regard for the criminal objectives of the people who hire and pay them," Tse said. "These hackers are not minor players; they are a critical tool used by criminals to obtain and exploit personal information illegally."
John F. Bennett, special agent in charge of the FBI's San Francisco Field Office, said Baratov was a functionary in an orchestrated attack against 500 million user accounts. "It's difficult to overstate the unprecedented nature of this conspiracy, in which members of a foreign intelligence service directed and empowered criminal hackers to conduct a massive cyber-attack against 500 million victim user accounts," Bennett said. "Today's sentencing demonstrates the FBI's unwavering commitment to disrupt and prosecute malicious cyber actors despite their attempts to conceal their identities and hide from justice."
Baratov was transferred to the Northern District of California in August 2017 and pled guilty in November to conspiring to violate the Computer Fraud and Abuse Act by stealing information from protected computers and causing damage to protected computers. Baratov's legal team claimed he had no knowledge of the scope of the cyberattack and had only compromised a handful of consumer accounts.
The U.S. Department of Justice noted this is the first time sitting members of the Russian FSB have been charged with cybercrime. Dokuchaev, Sushchin and Russian agent Alexsey Belan, were indicted in February 2018, but they will likely never be tried in the United States, which has no extradition treaty with Russia. The DOJ claims the FSB agents were looking for information on individuals and organizations.
"In some cases, the conspirators sought unauthorized access to information of predictable interest to the FSB," court documents stated. "For example, as described in more detail below, the conspirators sought access to the Yahoo, Inc. ('Yahoo') email accounts-of Russian journalists; Russian and U.S. government officials; employees of a prominent Russian cybersecurity company; and numerous employees of U.S., Russian, and other foreign webmail and internet-related service providers whose networks the conspirators sought to further exploit.
"In other cases, the conspirators sought access to accounts of employees of commercial entities, including executives and other managers of a prominent Russian investment banking firm (the 'Russian Financial Firm'); a French transportation company; U.S. financial services and private equity firms; a Swiss bitcoin wallet and banking firm; and a U.S. airline."
Editor's Note:
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
