15 March 2017
A grand jury in California (Northern D) has indicted four defendants, including two officers of the Russian Federal Security Service (FSB), for computer hacking, economic espionage and other criminal offenses in connection with a conspiracy
justice.gov/opa/pr/us-char…
A grand jury in California (Northern D) has indicted four defendants, including two officers of the Russian Federal Security Service (FSB), for computer hacking, economic espionage and other criminal offenses in connection with a conspiracy
justice.gov/opa/pr/us-char…
Beginning in Jan 2014, they conspired to access Yahoo’s network and the contents of webmail accounts. The defendants are:
Dmitry Aleksandrovich Dokuchaev, 33, a Russian national and resident
Igor Anatolyevich Sushchin, 43, a Russian national and resident
Dmitry Aleksandrovich Dokuchaev, 33, a Russian national and resident
Igor Anatolyevich Sushchin, 43, a Russian national and resident
Alexsey Alexseyevich Belan, aka “Magg,” 29, a Russian national and resident
Karim Baratov, aka “Kay,” “Karim Taloverov” and “Karim Akehmet Tokbergenov,” 22, a Canadian and Kazakh national and a resident of Canada
Karim Baratov, aka “Kay,” “Karim Taloverov” and “Karim Akehmet Tokbergenov,” 22, a Canadian and Kazakh national and a resident of Canada
The defendants used unauthorized access to Yahoo’s systems to steal information from about at least 500M Yahoo accounts and then used some of that stolen information to obtain unauthorized access to the contents of accounts at Yahoo, Google and other webmail providers, including
accounts of Russian journalists, U.S. and Russian government officials and private-sector employees of financial, transportation and other companies.
One of the defendants also exploited his access to Yahoo’s network for his personal financial gain, by searching Yahoo user communications for credit card and gift card account numbers,
redirecting a subset of Yahoo search engine web traffic so he could make commissions and enabling the theft of the contacts of at least 30 million Yahoo accounts to facilitate a spam campaign.
The charges were announced by
AG Sessions
Director Comey
AAAG Mary McCord, NSD
USA Brian Stretch Northern District of California
EAD Paul Abbate of the FBI’s Criminal, Cyber, Response and Services Branch.
AG Sessions
Director Comey
AAAG Mary McCord, NSD
USA Brian Stretch Northern District of California
EAD Paul Abbate of the FBI’s Criminal, Cyber, Response and Services Branch.
“ The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI’s point of contact in Moscow on cybercrime matters, is beyond the pale,” said Acting Assistant Attorney General McCord
"State actors may be using common criminals to access the data they want. We commend Yahoo and Google for their sustained and invaluable cooperation in the investigation aimed at obtaining justice for, and protecting the privacy of their users.”
The FSB officer defendants, Dmitry Dokuchaev and Igor Sushchin, protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the U.S. and elsewhere.
In the present case, they worked with co-defendants Alexsey Belan and Karim Baratov to obtain access to the email accounts of thousands of individuals.
Belan had been publicly indicted in Sept 2012 and June 2013 and was named one of FBI’s Cyber Most Wanted criminals in Nov 2013.
An Interpol Red Notice seeking his immediate detention has been lodged (including with Russia) since 26 July 2013.
An Interpol Red Notice seeking his immediate detention has been lodged (including with Russia) since 26 July 2013.
Belan was arrested in a European country on a request from the U.S. in June 2013, but he was able to escape to Russia before he could be extradited.
Instead of acting on the U.S. government’s Red Notice and detaining Belan after his return, Dokuchaev and Sushchin subsequently used him to gain unauthorized access to Yahoo’s network.
In or around Nov & Dec 2014, Belan stole a copy of at least a portion of Yahoo’s User Database (UDB), a Yahoo trade secret that contained,
among other data, subscriber information including users’ names, recovery email accounts, phone numbers and certain information required to manually create, or “mint,” account authentication web browser “cookies” for more than 500 million Yahoo accounts.
Belan also obtained unauthorized access on behalf of the FSB conspirators to Yahoo’s Account Management Tool (AMT), which was a proprietary means by which Yahoo made and logged changes to user accounts.
Belan, Dokuchaev and Sushchin then used the stolen UDB copy and AMT access to locate Yahoo email accounts of interest and to mint cookies for those accounts, enabling the co-conspirators to access at least 6,500 such accounts without authorization.
Some victim accounts of interest to the FSB:
Russian journalists
Russian and US govt officials
employees of a prominent Russian cybersecurity company
and numerous employees of other providers whose networks the conspirators sought to exploit.
Russian journalists
Russian and US govt officials
employees of a prominent Russian cybersecurity company
and numerous employees of other providers whose networks the conspirators sought to exploit.
Other personal accounts belonged to employees of commercial entities
Russian investment banking firm
French transport company
US financial services and private equity firms
Swiss bitcoin wallet and banking firm
US airline
Russian investment banking firm
French transport company
US financial services and private equity firms
Swiss bitcoin wallet and banking firm
US airline
FSB officers facilitated Belan’s criminal activities, providing him with sensitive FSB LE and intel info to help him avoid detection by US and other LE agencies, including info regarding FSB investigations of computer hacking and FSB techniques for identifying criminal hackers
While working w/ FSB conspirators to compromise Yahoo’s network and its users, Belan used his access to
steal financial info such as gift card and credit card numbers from webmail accounts
gain access to more than 30M accounts whose contacts were stolen to facilitate spam
steal financial info such as gift card and credit card numbers from webmail accounts
gain access to more than 30M accounts whose contacts were stolen to facilitate spam
earn commissions from fraudulently redirecting a subset of Yahoo’s search engine traffic
Dokuchaev & Sushchin learned a target of interest had accounts at webmail providers other than Yahoo, including through info obtained as part of the Yahoo intrusion, they paid Baratov, a resident of Canada to obtain unauthorized access to more than 80 accounts
Dmitry Aleksandrovich Dokuchaev, 33
was an officer in the FSB Center for Information Security, aka “Center 18.” Dokuchaev was a Russian national and resident.
was an officer in the FSB Center for Information Security, aka “Center 18.” Dokuchaev was a Russian national and resident.
Igor Anatolyevich Sushchin, 43
was an FSB officer, a superior to Dokuchaev within the FSB, and a Russian national and resident. Sushchin was embedded as a purported employee and Head of Information Security at a Russian investment bank.
was an FSB officer, a superior to Dokuchaev within the FSB, and a Russian national and resident. Sushchin was embedded as a purported employee and Head of Information Security at a Russian investment bank.
Alexsey Alexseyevich Belan, aka “Magg,” 29
born in Latvia and is a Russian national and resident.
US grand juries have indicted Belan before, in 2012 and 2013, for
computer fraud and abuse
access device fraud
born in Latvia and is a Russian national and resident.
US grand juries have indicted Belan before, in 2012 and 2013, for
computer fraud and abuse
access device fraud
aggravated identity theft involving three U.S.-based e-commerce companies
Belan was also 1 of 2 criminal hackers named by President Barack Obama on Dec. 29, 2016, pursuant to Executive Order 13694, as a Specially Designated National subject to sanctions. [Details in link below]
Belan was also 1 of 2 criminal hackers named by President Barack Obama on Dec. 29, 2016, pursuant to Executive Order 13694, as a Specially Designated National subject to sanctions. [Details in link below]
Karim Baratov, aka “Kay,” “Karim Taloverov” and “Karim Akehmet Tokbergenov,” 22. He is a Canadian and Kazakh national and a resident of Canada.
1. BOGACHEV, Evgeniy Mikhaylovich
Anapa, Russia
DOB 28 Oct 1983 (individual) [CYBER2]
a.k.a.
BOGACHEV, Evgeniy Mikhailovich
“Lastik”
“lucky12345”
“Monstr”
“Pollingsoon”
“Slavik”
federalregister.gov/documents/2017…
Anapa, Russia
DOB 28 Oct 1983 (individual) [CYBER2]
a.k.a.
BOGACHEV, Evgeniy Mikhailovich
“Lastik”
“lucky12345”
“Monstr”
“Pollingsoon”
“Slavik”
federalregister.gov/documents/2017…
2. BELAN, Aleksey Alekseyevich, Krasnodar, Russia
DOB 27 Jun 1987, Riga, Latvia
nationality Latvia Passport RU03*** (Russia)
alt. Passport 03*** (Russia)
(individual) [CYBER2]
DOB 27 Jun 1987, Riga, Latvia
nationality Latvia Passport RU03*** (Russia)
alt. Passport 03*** (Russia)
(individual) [CYBER2]
a.k.a.
Abyr Valgov
BELAN, Aleksei
BELAN, Aleksey Alexseyevich
BELAN, Alexsei
BELAN, Alexsey
“Abyrvaig”
“Abyrvalg”
“Anthony Anthony”
“Fedyunya”
“M4G”
“Mag”
“Mage”
“Magg”
“Moy.Yawik”
“Mrmagister”
Abyr Valgov
BELAN, Aleksei
BELAN, Aleksey Alexseyevich
BELAN, Alexsei
BELAN, Alexsey
“Abyrvaig”
“Abyrvalg”
“Anthony Anthony”
“Fedyunya”
“M4G”
“Mag”
“Mage”
“Magg”
“Moy.Yawik”
“Mrmagister”
25 Aug 2017
Belan had been arrested in Greece in 2013 on an Interpol “red notice” issued by the US in relation to separate charges, and has been on the list of the FBI’s “most wanted hackers” since 2012.
greekreporter.com/2017/08/25/rus…
Belan had been arrested in Greece in 2013 on an Interpol “red notice” issued by the US in relation to separate charges, and has been on the list of the FBI’s “most wanted hackers” since 2012.
greekreporter.com/2017/08/25/rus…
But after posting bail in Greece, he fled to Russia, where Dokuchaev and Sushchin put him to work hacking into Yahoo accounts, according to the indictment.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
