Two of the defendants are officers of Russia's Federal Security Service (FSB).
The FSB officers, Dmitry Dokuchaev and Igor Sushchin, are alleged to have directed and paid the hackers, Alexsey Belan and Karim Baratov, to breach Yahoo's systems.
According to the indictment, the defendants stole information from approximately 500 million Yahoo accounts, then used that information to access webmail accounts belonging to Russian journalists and U.S. and Russian government officials, as well as employees of financial, transportation and other companies.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
Belan also used his access for financial gain in several ways, including searching user communications for payment card numbers, redirecting search traffic to earn commissions, and leveraging at least 30 million Yahoo accounts to conduct a spam campaign.
"Working closely with Yahoo and Google, Department of Justice lawyers and the FBI were able to identify and expose the hackers responsible for the conduct described today, without unduly intruding into the privacy of the accounts that were stolen," U.S. Attorney Brian Stretch said in a statement. "We commend Yahoo and Google for providing exemplary cooperation while zealously protecting their users' privacy."
While Baratov was arrested in Canada on March 14, the other three defendants remain in Russia.
Verification of State-Sponsored Attacks
In a statement published yesterday, Yahoo assistant general counsel Chris Madsen said, "The indictment unequivocally shows the attacks on Yahoo were state-sponsored. We are deeply grateful to the FBI for investigating these crimes and the DOJ for bringing charges against those responsible."
Imperva vice president of marketing Tim Matthews told eSecurity Planet by email that there's an important lesson to be learned from this. "Organizations may have been under the false impression that state sponsored hacking was aimed at other governments -- or at worst, political parties," he said. "Now we have learned that elite teams of state sponsored conspirators and hackers are also seeking access to corporate data."
"It's more important than ever for organizations not to become complacent," Matthews added. "If a nation state hacked Yahoo, who's to know what other companies may have been or will be hacked? Those who don't carefully monitor their networks today may well regret it down the road."
A recent AlertSec survey of over 1,000 U.S. adults found that 25 percent of respondents said high-profile attacks like the Yahoo breach have prompted them to get more strategic about their online security.
When asked which hacker group or entity they're most worried about impacting their life, 20 percent of men and 16 percent of women said they were most concerned about Russian hackers.
Smoke and Fire from Russia
Carbon Black national security strategist Eric O'Neill noted in a blog post that the Russian response to the indictment is likely to be similar to China's response to the U.S. indictment of five Chinese military hackers back in 2014.
"China vehemently denounced the indictment and stated that the U.S. used 'fabricated facts' and that it 'grossly violates the basic norms governing international relations and jeapordizes China-U.S. cooperation,'" O'Neill wrote. "China's fierce denial of the espionage relied on the inherent difficulty in cyber security to attribute any attack 100 percent to a particular foreign actor."
Still, there may still be quite a bit more to this story -- Securonix chief scientist Igor Baikalov noted by email that Dokuchaev also happens to have been arrested by the Kremlin for treason last December.
"And who is the fourth Russian indicted, Igor Sushchin? He's mentioned as a superior of Dokuchaev, but apparently Dokuchaev was a deputy of Sergei Mikhailov, senior officer at the FSB known for his skills managing hackers, and who was also arrested back in December on treason charges," Baikalov said. "There's definitely plenty of smoke, but I'm not sure where the source of fire really is, and what it has to do with the Yahoo breach."