500M Yahoo accounts hacked US just blamed 2 Russian Spies

Moderators: Elvis, DrVolin, Jeff

500M Yahoo accounts hacked US just blamed 2 Russian Spies

Postby seemslikeadream » Wed Mar 15, 2017 1:38 pm

500 million Yahoo accounts were hacked. The US just blamed it on 2 Russian spies.
The timing is pretty awful for Trump.
Updated by Zack Beauchamp@zackbeauchampzack@vox.com Mar 15, 2017, 1:17pm EDT

The United States rarely blames foreign governments for hacks targeting US corporations. Yet in a Wednesday presser, the Department of Justice did just that — announcing indictments against two agents of the Russian FSB spy agency, Dmitry Dokuchaev and Igor Sushchin, for a 2014 breach of Yahoo that got access to 500 million users’ data.

“They worked ... to steal information including information about individual users and access the private contents of their accounts,” acting Assistant Attorney General Mary McCord said during the presser. “They also targeted Russian journalists, numerous employees of other providers’ networks that the conspirators sought to exploit, and employees of financial services and other commercial entities.”

This is a big deal. The Yahoo hack was one of the largest cyber crimes in history. This is also the first time the US government has ever brought charges against Russian officials for cyber-related crimes. (Two private hackers who allegedly worked with Dokuchaev and Sushchin were also indicted, and one was apprehended on Tuesday.) It speaks to how significant a threat Russian hacking operations have become to Western companies, journalists, and private citizens — and to how the Kremlin has made it a key part of its espionage arsenal.

The indictments come at a very uncomfortable time for the Trump administration. Russia-related scandals forced the resignation of National Security Adviser Michael Flynn and the recusal of Attorney General Jeff Sessions from any Russia-related FBI inquiries. Either the president will have to stand up to Russia on hacking, which he’s been loath to do, or he’ll face a continuing and growing cascade of questions about his relationship with the Kremlin and his own integrity and honesty, as well as that of his closest aides.

Why Russia would hack Yahoo
One interesting thing here is the way Dokuchaev and Sushchin allegedly went about hacking Yahoo. Instead of just doing it on their own, they hired two cyber criminals — Alexsey Belan and Karim Baratov — to help them breach the corporation’s defenses.

The Russian agents were looking for information on dissidents and US corporations — information that had “intelligence value,” as McCord put it, though she didn’t say exactly what it was they took. But the hackers were in it for themselves.

“Belan used his access to Yahoo to search for and steal financial information such as gift card and credit card numbers from users’ email accounts,” McCord said. “He also gained access to more than 30 million Yahoo accounts whose contacts he then stole to facilitate an email scam.”

The FSB, apparently, did not care. Belan lives in Russia where, according to the Washington Post’s Ellen Nakashima, he is being protected by the Russian government (Baratov was not so lucky; he was arrested in Canada on Tuesday).

“The FSB unit that [Dokuchaev and Sushchin] worked for, the Center for Information Security also known as Center 18, is also the FBI’s point of contact in Moscow for cyber crime matters,” McCord explained. “The involvement and direction of FSB officers with law-enforcement responsibilities makes this conduct that much more egregious.”

Russia, in other words, has some specific objectives (like acquiring information on domestic dissidents) and has shown it willing to employ tactics (partnering with cyber-criminals) that are very likely to hurt innocent civilians.

Russian strategic doctrine suggests that it sees cyber-espionage as a valid and increasingly important kind of warfare. In an influential 2013 article, Russian Chief of the General Staff Valery V. Gerasimov argued that "non-military means,” including “new information technologies,” have eclipsed traditional weaponry in their strategic importance.

“In the 21st century we have seen a tendency toward blurring the lines between the states of war and peace,” Gerasimov writes. "The role of non-military means of achieving political and strategic goals has grown, and, in many cases, they have exceeded the power of force of weapons in their effectiveness.”

This is why it makes sense to hack Yahoo, even at the expense of exposing tens of millions of innocent people to email scams from a random hacker. Putin’s regime sees the world as existing in a perpetual grey area of pseudo-conflict; stealing information on dissidents and corporations that play major roles in the US economy is one way of strengthening Russia’s hand in that fight. The Kremlin doesn’t really care who gets hurt in the process.

This is a problem for Trump
President Trump Signs Executive Order In Oval Office
(Michael Reynolds/Pool/Getty Images)
The Yahoo hack, as far as we can tell, isn’t linked in any operational sense to the Russian hack of the Democratic National Committee and Clinton aide John Podesta. “That’s an ongoing and separate investigation,” McCord said in response to a question about connections between the two.

But that hack, too, fits with the Gerasimov Doctrine.

His article uses the Arab Spring as a key example of the new way warfare works, which is telling. The Arab Spring wasn’t about wars between countries, but rather upheaval inside countries. Gerasimov’s ideas, then, are explicitly designed to be used in attempts to influence other countries’ internal politics and conflicts. We’ve seen this kind of information warfare used in Russian hacks against neighbors like Estonia and Ukraine. The strategic goal of the 2016 hacks — weakening a foreign politician that Russia sees as hostile to its interests — make a lot of sense under his playbook.

What this all suggests, then, is that Russian hacking is not going away as a threat. The Russians have, for years, targeted American corporations and political actors. They have done so with the clear intent of acquiring intelligence and meddling with domestic politics, in a way that’s clearly in line with their strategic doctrine. And they’ve succeeded at it, which means there’s no reason to think they won’t try again.

This is a major problem for President Trump. It’s clear, from his own statements, that he’d like to develop a closer relationship with Russia. But that will be very hard if evidence keeps surfacing that Russia is intentionally attacking US interests in cyberspace. It’ll put pressure on the president to do something, both from the public and from influential corporations worried they’ll be next.

If Trump takes meaningful action, perhaps imposing new sanctions on Russia, then his efforts to buddy up to Putin won’t amount to very much. If he doesn’t, concerns about what, exactly, his administration’s relationship with the Kremlin is will mount.

This line of inquiry has already cost Trump one of his most important advisers, former NSA Flynn. It may yet do more: FBI Director James Comey is appearing before the Senate on at 2:30 to update senators on the status of the FBI’s investigation into Trump’s Russia ties.

So while the Yahoo indictments may not have anything to do with the Trump and Russia scandals directly, it creates yet another headache for the president on the issue that has most damaged his young presidency.
http://www.vox.com/world/2017/3/15/1493 ... ndictments
Last edited by seemslikeadream on Wed Mar 15, 2017 9:50 pm, edited 1 time in total.
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: 500ml Yahoo accounts hacked US just blamed 2 Russian Spi

Postby Rory » Wed Mar 15, 2017 1:42 pm

Another RUSSIA HACKED THE FREE WORLD propaganda thread.
Rory
 
Posts: 1596
Joined: Tue Jun 10, 2008 2:08 pm
Blog: View Blog (0)

Re: 500ml Yahoo accounts hacked US just blamed 2 Russian Spi

Postby brekin » Wed Mar 15, 2017 1:47 pm

Rory » Wed Mar 15, 2017 12:42 pm wrote:Another RUSSIA HACKED THE FREE WORLD propaganda thread.


Rory, harassing a poster across threads with no contributing material?
Do you hear that sound of rushing air coming?
It's the ban hammer falling from up high.

Image
If I knew all mysteries and all knowledge, and have not charity, I am nothing. St. Paul
I hang onto my prejudices, they are the testicles of my mind. Eric Hoffer
User avatar
brekin
 
Posts: 3229
Joined: Tue Oct 09, 2007 5:21 pm
Blog: View Blog (1)

Re: 500ml Yahoo accounts hacked US just blamed 2 Russian Spi

Postby Rory » Wed Mar 15, 2017 1:48 pm

brekin » Wed Mar 15, 2017 9:47 am wrote:
Rory » Wed Mar 15, 2017 12:42 pm wrote:Another RUSSIA HACKED THE FREE WORLD propaganda thread.


Rory, harassing a poster across threads with no contributing material?
Do you hear that sound of rushing air coming?
It's the ban hammer falling from up high.

Image


I never got this. You love this marvel garbage and hate True Detective. It's like your brain works funny. Did the Russians hack you?
Rory
 
Posts: 1596
Joined: Tue Jun 10, 2008 2:08 pm
Blog: View Blog (0)

Re: 500ml Yahoo accounts hacked US just blamed 2 Russian Spi

Postby seemslikeadream » Wed Mar 15, 2017 1:54 pm

U.S. indicts Russian spies, hackers over massive Yahoo hack

Acting AAG for National Security Mary McCord speaks in front of a poster of a suspected Russian hacker during FBI National Security Division and the U.S. Attorney's Office for the Northern District of California joint news conference at the Justice Department in Washington, U.S., March 15, 2017. REUTERS/Yuri
By Dustin Volz | WASHINGTON
The U.S. government on Wednesday unsealed charges against two Russian spies and two criminal hackers for allegedly pilfering 500 million Yahoo user accounts in 2014.

The indictments, announced at a news conference in Washington, represent the first time the U.S. government has criminally charged Russian officials for cyber offences.

The contents of at least 30 million accounts were accessed as part of a spam campaign and at least 18 people who used other internet service providers, such as Google, were also victimized, the government charged.

The officers of the FSB, Russia’s Federal Security Service, which is a successor to the KGB, were identified as Dmitry Dokuchaev and his superior, Igor Sushchin, the government said.

Both men are in Russia, it said.

Alexsey Belan, who is on the list of most-wanted cyber criminals, and Karim Baratov, who was born in Kazakhstan but has Canadian citizenship, were also named in the indictment.

The Justice Department said Baratov was arrested in Canada on Tuesday and his case is pending with Canadian authorities.

Belan was arrested in Europe in June 2013 but escaped to Russia before he could be extradited to the United States, according to the Justice Department.

"The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI’s point of contact in Moscow on cyber crime matters, is beyond the pale,” said Acting Assistant Attorney General Mary McCord.

McCord said the hacking campaign was waged by the FSB to collect intelligence but that the two hackers used the collected information as an opportunity to "line their pockets."

The United States does not have an extradition treaty with Russia, but McCord said she was hopeful Russian authorities would cooperate in bringing criminals to justice. The United States often charges cyber criminals with the intent of deterring future state-sponsored activity.

The administration of former President Barack Obama brought similar charges against Chinese and Iranian hackers who have not been extradited.

The 47-count indictment includes conspiracy, computer fraud and abuse, economic espionage, theft of trade secrets, wire fraud, access device fraud and aggravated identify theft.

The charges are not related to the hacking of Democratic Party emails during the 2016 U.S. presidential election. Intelligence agencies have said they were carried out by Russia to help the campaign of Republican candidate Donald Trump.

Yahoo said when it announced the then-unprecedented breach last September that it believed the attack was state-sponsored, and on Wednesday the company said the indictment "unequivocally shows" that to be the case.

RELATED COVERAGE

Washington has not contacted Moscow over Yahoo hack - agencies
Yahoo in December also announced a breach that occurred in 2013 affecting one billion accounts, though it has not linked that intrusion to the one in 2014.

The Russian hacking conspiracy, which began as early as 2014, allowed Belan to use his relationship with the Russian spy agency and access to Yahoo's network to engage in financial crimes, according to the indictment.

The breaches were the latest in a series of setbacks for the Internet pioneer, which has fallen on hard times in recent years after being eclipsed by younger, fast-growing rivals including Alphabet Inc's Google and Facebook Inc.

Yahoo’s disclosure of the years-old cyber invasions and its much-criticized slow response forced it to accept a discount of $350 million in what had been a $4.83 billion deal to sell its main assets to Verizon Communications Inc.

Shares of Yahoo were down 0.9 percent.

"We’re committed to keeping our users and our platforms secure and will continue to engage with law enforcement to combat cyber crime," Chris Madsen, Yahoo's assistant general counsel, said in a statement.

(Reporting by Dustin Volz and Joseph Menn; Additional reporting by Julia Edwards; Editing by Jeffrey Benkoe and James Dalgleish)
http://uk.reuters.com/article/uk-yahoo- ... KKBN16M25Y
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: 500ml Yahoo accounts hacked US just blamed 2 Russian Spi

Postby brekin » Wed Mar 15, 2017 1:56 pm

Rory » Wed Mar 15, 2017 12:48 pm wrote:
brekin » Wed Mar 15, 2017 9:47 am wrote:
Rory » Wed Mar 15, 2017 12:42 pm wrote:Another RUSSIA HACKED THE FREE WORLD propaganda thread.


Rory, harassing a poster across threads with no contributing material?
Do you hear that sound of rushing air coming?
It's the ban hammer falling from up high.

Image

I never got this. You love this marvel garbage and hate True Detective. It's like your brain works funny. Did the Russians hack you?


I actually think most of the Marvel stuff is on par with the True Detective stuff.
And I wasn't "hacked" by the Russians.
It was more of an arrangement to pay for college.
Part of the Covert G.I. Bill.

(Pledge week my Freshman Year.)
Image
If I knew all mysteries and all knowledge, and have not charity, I am nothing. St. Paul
I hang onto my prejudices, they are the testicles of my mind. Eric Hoffer
User avatar
brekin
 
Posts: 3229
Joined: Tue Oct 09, 2007 5:21 pm
Blog: View Blog (1)

Re: 500ml Yahoo accounts hacked US just blamed 2 Russian Spi

Postby seemslikeadream » Wed Mar 15, 2017 1:56 pm

6 personal attacks in 5 minutes..I think he's above the limit


Malcolm Nance Retweeted
Hasani Gittens‏Verified account @hgitty 2h2 hours ago

Crazy when you have to break away from a news conf. about Russian hacking of elex to cover another news conf. about Russian hacking of Yahoo


TAPSTRI CYBER-MEDIA‏ @TAPSTRIMEDIA 2h2 hours ago

The FSB officers worked for Russian Center for Information Security, same as Sergei Mikhailov, arrested for treason in Russia.
Last edited by seemslikeadream on Wed Mar 15, 2017 2:03 pm, edited 1 time in total.
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: 500ml Yahoo accounts hacked US just blamed 2 Russian Spi

Postby Rory » Wed Mar 15, 2017 2:02 pm

brekin » Wed Mar 15, 2017 9:56 am wrote:
Rory » Wed Mar 15, 2017 12:48 pm wrote:
brekin » Wed Mar 15, 2017 9:47 am wrote:
Rory » Wed Mar 15, 2017 12:42 pm wrote:Another RUSSIA HACKED THE FREE WORLD propaganda thread.


Rory, harassing a poster across threads with no contributing material?
Do you hear that sound of rushing air coming?
It's the ban hammer falling from up high.

Image

I never got this. You love this marvel garbage and hate True Detective. It's like your brain works funny. Did the Russians hack you?


I actually think most of the Marvel stuff is on par with the True Detective stuff.
And I wasn't "hacked" by the Russians.
It was more of an arrangement to pay for college.
Part of the Covert G.I. Bill.

(Pledge week my Freshman Year.)
Image


Well good for you. Hate to think someone is doing this shit for free
Rory
 
Posts: 1596
Joined: Tue Jun 10, 2008 2:08 pm
Blog: View Blog (0)

Re: 500ml Yahoo accounts hacked US just blamed 2 Russian Spi

Postby seemslikeadream » Wed Mar 15, 2017 2:03 pm

make that 7
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: 500ml Yahoo accounts hacked US just blamed 2 Russian Spi

Postby brekin » Wed Mar 15, 2017 2:15 pm

Rory » Wed Mar 15, 2017 1:02 pm wrote:
brekin » Wed Mar 15, 2017 9:56 am wrote:
Rory » Wed Mar 15, 2017 12:48 pm wrote:
brekin » Wed Mar 15, 2017 9:47 am wrote:
Rory » Wed Mar 15, 2017 12:42 pm wrote:Another RUSSIA HACKED THE FREE WORLD propaganda thread.


Rory, harassing a poster across threads with no contributing material?
Do you hear that sound of rushing air coming?
It's the ban hammer falling from up high.

Image

I never got this. You love this marvel garbage and hate True Detective. It's like your brain works funny. Did the Russians hack you?


I actually think most of the Marvel stuff is on par with the True Detective stuff.
And I wasn't "hacked" by the Russians.
It was more of an arrangement to pay for college.
Part of the Covert G.I. Bill.

(Pledge week my Freshman Year.)
Image


Well good for you. Hate to think someone is doing this shit for free


So, I told you who was paying me.
Whose paying you to do this shit?
If I knew all mysteries and all knowledge, and have not charity, I am nothing. St. Paul
I hang onto my prejudices, they are the testicles of my mind. Eric Hoffer
User avatar
brekin
 
Posts: 3229
Joined: Tue Oct 09, 2007 5:21 pm
Blog: View Blog (1)

Re: 500ml Yahoo accounts hacked US just blamed 2 Russian Spi

Postby Rory » Wed Mar 15, 2017 2:22 pm

brekin » Wed Mar 15, 2017 10:15 am wrote:
Rory » Wed Mar 15, 2017 1:02 pm wrote:
brekin » Wed Mar 15, 2017 9:56 am wrote:
Rory » Wed Mar 15, 2017 12:48 pm wrote:
brekin » Wed Mar 15, 2017 9:47 am wrote:
Rory » Wed Mar 15, 2017 12:42 pm wrote:Another RUSSIA HACKED THE FREE WORLD propaganda thread.


Rory, harassing a poster across threads with no contributing material?
Do you hear that sound of rushing air coming?
It's the ban hammer falling from up high.

Image

I never got this. You love this marvel garbage and hate True Detective. It's like your brain works funny. Did the Russians hack you?


I actually think most of the Marvel stuff is on par with the True Detective stuff.
And I wasn't "hacked" by the Russians.
It was more of an arrangement to pay for college.
Part of the Covert G.I. Bill.

(Pledge week my Freshman Year.)
Image


Well good for you. Hate to think someone is doing this shit for free


So, I told you who was paying me.
Whose paying you to do this shit?


Soros, I think. Never signs the checks, the nefarious imp
Rory
 
Posts: 1596
Joined: Tue Jun 10, 2008 2:08 pm
Blog: View Blog (0)

Re: 500ml Yahoo accounts hacked US just blamed 2 Russian Spi

Postby brekin » Wed Mar 15, 2017 2:27 pm

^ Who am I to judge? It's a living I guess. Life's not like the French Riviera.

If I knew all mysteries and all knowledge, and have not charity, I am nothing. St. Paul
I hang onto my prejudices, they are the testicles of my mind. Eric Hoffer
User avatar
brekin
 
Posts: 3229
Joined: Tue Oct 09, 2007 5:21 pm
Blog: View Blog (1)

Re: 500ml Yahoo accounts hacked US just blamed 2 Russian Spi

Postby seemslikeadream » Wed Mar 15, 2017 2:31 pm

Malcolm Nance Retweeted
Scott Dworkin‏Verified account @funder 2h2 hours ago
You have to be morally bankrupt to do biz with the Russian govt & u have to be pure evil to vouch for them #trumprussia #russiagate #resist
16 replies 500 retweets 777 likes
Reply 16 Retweet 500
Like 777
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: 500ml Yahoo accounts hacked US just blamed 2 Russian Spi

Postby Rory » Wed Mar 15, 2017 2:34 pm

brekin » Wed Mar 15, 2017 10:27 am wrote:^ Who am I to judge? It's a living I guess. Life's not like the French Riviera.




Amen to that. How's the weather up your way, komrade?
Rory
 
Posts: 1596
Joined: Tue Jun 10, 2008 2:08 pm
Blog: View Blog (0)

Re: 500ml Yahoo accounts hacked US just blamed 2 Russian Spi

Postby seemslikeadream » Wed Mar 15, 2017 5:08 pm

Coming back from the intentional derailing of this thread by Rory I will continue with information about the OP...

take it elsewhere Rory ...your excuses and disgusting purposeful derailing/distraction is noted

here you must be so hungry from all that hard work
Image

The United States rarely blames foreign governments for hacks targeting US corporations. Yet in a Wednesday presser, the Department of Justice did just that — announcing indictments against two agents of the Russian FSB spy agency, Dmitry Dokuchaev and Igor Sushchin, for a 2014 breach of Yahoo that got access to 500 million users’ data.





Russia Biggest Cybersecurity Firm Head Arrested For Treason

Dmitry Dokuchaev

Sergei Mikhailov, who worked for the FSB, the successor to the KGB, was arrested in December, along with Ruslan Stoyanov, a top manager for Russia's largest cybersecurity firm, according to the economic newspaper Kommersant. Stoyanov was also charged with suspicion of treason.

In addition, two other people, including Major Dmitry Dokuchaev, also an FSB officer, were arrested in connection with the case, according to Russia's REN-TV.
viewtopic.php?f=8&t=40330




(((aweisburd)))‏
@webradius

The Insider notes one indicted by DoJ is among FSB arrested in Moscow after the Steele dossier dropped.




U.S. Indicts 2 Russian Security Officials Over Yahoo Hack
By MERRIT KENNEDY • 4 HOURS AGO
Image
The FBI issued a series of "wanted" posters for Russians accused of cybercrimes Wednesday, including Igor Anatolyevich Sushchin, who is alleged to be a Russian Federal Security Service (FSB) officer. VIEW SLIDESHOW 1 of 2
The FBI issued a series of "wanted" posters for Russians accused of cybercrimes Wednesday, including Igor Anatolyevich Sushchin, who is alleged to be a Russian Federal Security Service (FSB) officer.
COURTESY OF FBI
Originally published on March 15, 2017 12:11 pm
Updated at 2:40 p.m. ET

The Justice Department has announced charges against four people, including two Russian security officials, over cybercrimes linked to a massive hack of millions of Yahoo user accounts.

Two of the defendants — Dmitry Dokuchaev and his superior Igor Sushchin — are officers of the Russian Federal Security Service, or FSB. According to court documents, they "protected, directed, facilitated and paid" two criminal hackers, Alexsey Belan and Karim Baratov, to access information that has intelligence value. Belan also allegedly used the information obtained for his personal financial gain.

"The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI's point of contact in Moscow on cybercrime matters, is beyond the pale," Acting Assistant Attorney General Mary McCord said.

She told reporters that U.S. investigators believe Dokuchaev and Sushchin were working in their official capacity as FSB agents at the time.

Baratov was arrested Tuesday in Canada. NPR's Greg Myre reports that the U.S. plans to seek his extradition, and that three other defendants are in Russia, which has no extradition treaty with the U.S.

Belan is one of the world's most notorious hackers. There's an Interpol "Red Notice" for his arrest, and he has been listed as one of the FBI's Most Wanted hackers since 2012.

"Rather than arrest him, however, the FSB officers used him," the indictment reads. It alleges that the officers also "provided him with sensitive FSB law enforcement and intelligence information that would have helped him avoid detection by law enforcement."

The massive hack against at least 500 million Yahoo user accounts happened in 2014. The company publicly acknowledged the breach last September, saying at the time that it believed a "state-sponsored actor" was responsible, without naming any foreign government. The disclosure prompted an investigation by U.S. authorities.

Some of the accounts breached had obvious intelligence value. According to court documents, these included: "Russian journalists and politicians critical of the Russian government; Russian citizens and government officials; former officials from countries bordering Russia; and U.S. government officials, including cyber security, diplomatic, military, and White House personnel."

Other targets included businesses, such as a Russian investment banking firm as well as "a French transportation company; U.S. financial services and private equity firms; a Swiss bitcoin and banking firm; and a U.S. airline."

The court documents state that Belan "provided his FSB conspirators ... with the unauthorized access to Yahoo's network." He is also accused of using the access to the network for personal financial gain. For example, he allegedly stole financial and gift card information from the Yahoo accounts, and implemented a spam marketing scheme that impacted millions of users, according to the documents.

Baratov allegedly helped the FSB agents access accounts at other providers such as Google, often assisted by information stolen from the breached Yahoo accounts. He was allegedly paid about $100 per account accessed.

You can read more details of the allegations in the indictment:

The company has also indicated in regulatory filings that forged cookies may have been used to access user accounts. It said today that those cookies are also part of the alleged Russian security breach.

"We appreciate the FBI's diligent investigative work and the DOJ's decisive action to bring to justice those responsible for the crimes against Yahoo and its users," the company said in a statement Wednesday. "We're committed to keeping our users and our platforms secure and will continue to engage with law enforcement to combat cybercrime."

This wasn't the only major breach Yahoo has reported in recent years. The company revealed an even larger hacking incident impacting more than 1 billion accounts that occurred in 2013, as we reported. It's not clear whether the intrusions are related.

Today's charges are also distinct from the U.S. intelligence community's conclusion that Russia launched an "influence campaign" in order to help President Trump win the election.

The Department of Justice is trying to ratchet up pressure on foreign hackers accused of carrying out cyberattacks on U.S. targets. Federal officials have also recently charged individuals from China and Iran over hacking allegations.

In 2014, as NPR's Carrie Johnson reported, the Department of Justice "charged five uniformed members of Unit 61398 of the People's Liberation Army of China with stealing secrets from American business competitors."

Last year, U.S. officials indicted seven hackers with links to the Iranian government for cyberattacks. "Court papers said the intruders attacked the web sites of dozens of major U.S. banks and breached controls at a dam in Rye, N.Y., raising alarms about safeguards in American infrastructure," Carrie reported.

http://radio.krcb.org/post/us-indicts-2 ... k#stream/0



Justice Department: Russia’s security services ‘protected, directed, facilitated, and paid’ hackers behind the massive breach of Yahoo
Steve Kovach

Two members of a Russian intelligence agency “protected, directed, facilitated, and paid” hackers to break into Yahoo’s systems in 2014, compromising 500 million user accounts, the Department of Justice said in an indictment Wednesday.

Two other people, one Russian and one Canadian, were also charged in connection with the hacks, which are believed to be one of the largest of all time.

The DOJ named Dmitry Dokuchaev and Igor Sushchin as the two members of the Russian intelligence agency FSB involved in the hacks.

The Canadian that was charged in connection with the hacks, Karim Baratov, was arrested Tuesday, the DOJ said.

The DOJ said that Dokuchaev and Sushchin paid the two other defendants to hack into the Yahoo accounts and obtain personal and financial information from users, including government officials and journalists.

The third Russian defendant, Alexsey Belan, has a history of cyber criminal activity, the DOJ said. He was named as one of the FBI’s “cyber most wanted criminals” in 2013 and was indicted on separate charges in 2012. Belan escaped from Europe to Russia before he could be extradited, the DOJ said.

The US does not have an extradition treaty with Russia, so the three Russian defendants in this case can’t be arrested unless Russian authorities decide to cooperate with the US.

The Russian embassy in the US did not immediately return a request for comment.

After Belan escaped to Russia, the DOJ says Dokuchaev and Sushchin hired him to access Yahoo’s network. They also provided Belan with intelligence that would help him evade detection, according to the DOJ. Dokuchaev and Sushchin also hired Baratov to hack into more than 80 other webmail accounts outside of Yahoo, using data gleaned from the Yahoo account hacks, the DOJ said. The indictment says some Google accounts were compromised and that Google helped with the investigation.

In a statement, Yahoo’s assistant general council Chris Masden said, “The indictment unequivocally shows the attacks on Yahoo were state-sponsored. We are deeply grateful to the FBI for investigating these crimes and the DOJ for bringing charges against those responsible.”

Yahoo didn’t disclose the 2014 cyber attacks until last year. Yahoo later disclosed another attack that happened in 2013 that affected about 1 billion users.

Yahoo’s public disclosures about the attacks threatened to kill Verizon’s offer to buy Yahoo. In the end, Verizon and Yahoo agreed to shave $350 million off the acquisition, bringing the cost to $4.48 billion. Verizon originally wanted to reduce the cost of the deal by $925 million, according to a filing by Yahoo. The acquisition is expected to close in the second quarter of this year.

The Yahoo hacks were billed as the largest in history, likely affecting the majority of Yahoo accounts. An internal Yahoo investigation into the hacks found that Yahoo executives didn’t “properly comprehend or investigate” the situation. Following the investigation, CEO Marissa Mayer gave up her 2016 bonus. Mayer also announced that she was voluntarily giving up her 2017 bonus and equity grants. Yahoo’s top lawyer, Ronald S. Bell, resigned as a result of the investigation.

Here’s the full announcement from the DOJ:

A grand jury in the Northern District of California has indicted four defendants, including two officers of the Russian Federal Security Service (FSB), for computer hacking, economic espionage and other criminal offenses in connection with a conspiracy, beginning in January 2014, to access Yahoo’s network and the contents of webmail accounts. The defendants are Dmitry Aleksandrovich Dokuchaev, 33, a Russian national and resident; Igor Anatolyevich Sushchin, 43, a Russian national and resident; Alexsey Alexseyevich Belan, aka “Magg,” 29, a Russian national and resident; and Karim Baratov, aka “Kay,” “Karim Taloverov” and “Karim Akehmet Tokbergenov,” 22, a Canadian and Kazakh national and a resident of Canada.

The defendants used unauthorized access to Yahoo’s systems to steal information from about at least 500 million Yahoo accounts and then used some of that stolen information to obtain unauthorized access to the contents of accounts at Yahoo, Google and other webmail providers, including accounts of Russian journalists, U.S. and Russian government officials and private-sector employees of financial, transportation and other companies. One of the defendants also exploited his access to Yahoo’s network for his personal financial gain, by searching Yahoo user communications for credit card and gift card account numbers, redirecting a subset of Yahoo search engine web traffic so he could make commissions and enabling the theft of the contacts of at least 30 million Yahoo accounts to facilitate a spam campaign.

The charges were announced by Attorney General Jeff Sessions of the U.S. Department of Justice, Director James Comey of the FBI, Acting Assistant Attorney General Mary McCord of the National Security Division, U.S. Attorney Brian Stretch for the Northern District of California and Executive Assistant Director Paul Abbate of the FBI’s Criminal, Cyber, Response and Services Branch.

“Cyber crime poses a significant threat to our nation’s security and prosperity, and this is one of the largest data breaches in history,” said Attorney General Sessions. “But thanks to the tireless efforts of U.S. prosecutors and investigators, as well as our Canadian partners, today we have identified four individuals, including two Russian FSB officers, responsible for unauthorized access to millions of users’ accounts. The United States will vigorously investigate and prosecute the people behind such attacks to the fullest extent of the law.”

“Today we continue to pierce the veil of anonymity surrounding cyber crimes,” said Director Comey. “We are shrinking the world to ensure that cyber criminals think twice before targeting U.S. persons and interests.”

“The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI’s point of contact in Moscow on cybercrime matters, is beyond the pale,” said Acting Assistant Attorney General McCord. “Once again, the Department and the FBI have demonstrated that hackers around the world can and will be exposed and held accountable. State actors may be using common criminals to access the data they want, but the indictment shows that our companies do not have to stand alone against this threat. We commend Yahoo and Google for their sustained and invaluable cooperation in the investigation aimed at obtaining justice for, and protecting the privacy of their users.”

“This is a highly complicated investigation of a very complex threat. It underscores the value of early, proactive engagement and cooperation between the private sector and the government,” said Executive Assistant Director Abbate. “The FBI will continue to work relentlessly with our private sector and international partners to identify those who conduct cyber-attacks against our citizens and our nation, expose them and hold them accountable under the law, no matter where they attempt to hide.”

“Silicon Valley’s computer infrastructure provides the means by which people around the world communicate with each other in their business and personal lives. The privacy and security of those communications must be governed by the rule of law, not by the whim of criminal hackers and those who employ them. People rightly expect that their communications through Silicon Valley internet providers will remain private, unless lawful authority provides otherwise. We will not tolerate unauthorized and illegal intrusions into the Silicon Valley computer infrastructure upon which both private citizens and the global economy rely,” said U.S. Attorney Stretch. “Working closely with Yahoo and Google, Department of Justice lawyers and the FBI were able to identify and expose the hackers responsible for the conduct described today, without unduly intruding into the privacy of the accounts that were stolen. We commend Yahoo and Google for providing exemplary cooperation while zealously protecting their users’ privacy.”

Summary of Allegations

According to the allegations of the Indictment:

The FSB officer defendants, Dmitry Dokuchaev and Igor Sushchin, protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the U.S. and elsewhere. In the present case, they worked with co-defendants Alexsey Belan and Karim Baratov to obtain access to the email accounts of thousands of individuals.

Belan had been publicly indicted in September 2012 and June 2013 and was named one of FBI’s Cyber Most Wanted criminals in November 2013. An Interpol Red Notice seeking his immediate detention has been lodged (including with Russia) since July 26, 2013. Belan was arrested in a European country on a request from the U.S. in June 2013, but he was able to escape to Russia before he could be extradited.

Instead of acting on the U.S. government’s Red Notice and detaining Belan after his return, Dokuchaev and Sushchin subsequently used him to gain unauthorized access to Yahoo’s network. In or around November and December 2014, Belan stole a copy of at least a portion of Yahoo’s User Database (UDB), a Yahoo trade secret that contained, among other data, subscriber information including users’ names, recovery email accounts, phone numbers and certain information required to manually create, or “mint,” account authentication web browser “cookies” for more than 500 million Yahoo accounts.

Belan also obtained unauthorized access on behalf of the FSB conspirators to Yahoo’s Account Management Tool (AMT), which was a proprietary means by which Yahoo made and logged changes to user accounts. Belan, Dokuchaev and Sushchin then used the stolen UDB copy and AMT access to locate Yahoo email accounts of interest and to mint cookies for those accounts, enabling the co-conspirators to access at least 6,500 such accounts without authorization.

Some victim accounts were of predictable interest to the FSB, a foreign intelligence and law enforcement service, such as personal accounts belonging to Russian journalists; Russian and U.S. government officials; employees of a prominent Russian cybersecurity company; and numerous employees of other providers whose networks the conspirators sought to exploit. However, other personal accounts belonged to employees of commercial entities, such as a Russian investment banking firm, a French transportation company, U.S. financial services and private equity firms, a Swiss bitcoin wallet and banking firm and a U.S. airline. During the conspiracy, the FSB officers facilitated Belan’s other criminal activities, by providing him with sensitive FSB law enforcement and intelligence information that would have helped him avoid detection by U.S. and other law enforcement agencies outside Russia, including information regarding FSB investigations of computer hacking and FSB techniques for identifying criminal hackers. Additionally, while working with his FSB conspirators to compromise Yahoo’s network and its users, Belan used his access to steal financial information such as gift card and credit card numbers from webmail accounts; to gain access to more than 30 million accounts whose contacts were then stolen to facilitate a spam campaign; and to earn commissions from fraudulently redirecting a subset of Yahoo’s search engine traffic. When Dokuchaev and Sushchin learned that a target of interest had accounts at webmail providers other than Yahoo, including through information obtained as part of the Yahoo intrusion, they tasked their co-conspirator, Baratov, a resident of Canada, with obtaining unauthorized access to more than 80 accounts in exchange for commissions. On March 7, the Department of Justice submitted a provisional arrest warrant to Canadian law enforcement authorities, requesting Baratov’s arrest. On March 14, Baratov was arrested in Canada and the matter is now pending with the Canadian authorities. An indictment is merely an accusation, and a defendant is presumed innocent unless proven guilty in a court of law. The FBI, led by the San Francisco Field Office, conducted the investigation that resulted in the charges announced today. The case is being prosecuted by the U.S. Department of Justice National Security Division’s Counterintelligence and Export Control Section and the U.S. Attorney’s Office for the Northern District of California, with support from the Justice Department’s Office of International Affairs.

Defendants: At all times relevant to the charges, the Indictment alleges as follows:

Dmitry Aleksandrovich Dokuchaev, 33, was an officer in the FSB Center for Information Security, aka “Center 18.” Dokuchaev was a Russian national and resident. Igor Anatolyevich Sushchin, 43, was an FSB officer, a superior to Dokuchaev within the FSB, and a Russian national and resident. Sushchin was embedded as a purported employee and Head of Information Security at a Russian investment bank. Alexsey Alexseyevich Belan, aka “Magg,” 29, was born in Latvia and is a Russian national and resident. U.S. Federal grand juries have indicted Belan twice before, in 2012 and 2013, for computer fraud and abuse, access device fraud and aggravated identity theft involving three U.S.-based e-commerce companies and the FBI placed Belan on its “Cyber Most Wanted” list. Belan is currently the subject of a pending “Red Notice” requesting that Interpol member nations (including Russia) arrest him pending extradition. Belan was also one of two criminal hackers named by President Barack Obama on Dec. 29, 2016, pursuant to Executive Order 13694, as a Specially Designated National subject to sanctions. Karim Baratov, aka “Kay,” “Karim Taloverov” and “Karim Akehmet Tokbergenov,” 22. He is a Canadian and Kazakh national and a resident of Canada. Victims: Yahoo; more than 500 million Yahoo accounts for which account information about was stolen by the defendants; more than 30 million Yahoo accounts for which account contents were accessed without authorization to facilitate a spam campaign; and at least 18 additional users at other webmail providers whose accounts were accessed without authorization.
Time Period: As alleged in the Indictment, the conspiracy began at least as early as 2014 and, even though the conspirators lost their access to Yahoo’s networks in September 2016, they continued to utilize information stolen from the intrusion up to and including at least December 2016.
https://webcache.googleusercontent.com/ ... ent=safari
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Next

Return to General Discussion

Who is online

Users browsing this forum: No registered users and 39 guests