Science

4 charged in massive Yahoo hack, including a Canadian

The United States has announced charges against a dual Canadian-Kazakh national, two Russian intelligence officers and a fourth man, who lives Russia, accusing them of a massive data breach at Yahoo that affected at least a half billion user accounts.

Person arrested in Canada is Karim Baratov, 22, who has dual Canadian-Kazakh citizenship

Karim Baratov, 22, was arrested Tuesday morning in Ancaster, Ont. (Instagram)

The United States announced charges Wednesday against a dual Canadian-Kazakh national, two Russian intelligence officers and a fourth man, accusing them of a massive data breach at Yahoo that affected at least a half billion user accounts.

The hack targeted the email accounts of Russian and U.S. officials, Russian journalists, and employees of financial services and other businesses, officials said.

"We will not allow individuals, groups, nation states or a combination of them to compromise the privacy of our citizens, the economic interests of our companies, or the security of our country," said acting assistant attorney general Mary McCord at a news conference.

The person arrested in Canada is Karim Baratov, 22, a dual Canadian-Kazakh national. He was taken into custody in Ancaster, Ont., on Tuesday. 

Accused of a massive data breach at Yahoo that affected at least a half billion user accounts are, clockwise from left, Alexsey Belan, Karim Baratov, Dmitry Dokuchaev and Igor Sushchin. (Reuters/FBI, Bartov: Instagram/Canadian Press)

"Our job was to locate and arrest one of the people," Toronto police spokesman Mark Pugash told The Canadian Press. "We did that safely without incident."

Toronto officers were involved because their fugitive squad has a strong reputation, Pugash said. He could offer no further information about Baratov but said the suspect had been turned over to the RCMP.

"This was a very large operation," Pugash added.

U.S. officials said Baratov also went by the names Kay, Karim Taloverov and Karim Akehmet Tokbergenov.

Baratov made a brief appearance in a Hamilton courthouse on Wednesday morning and was returned to custody.

Karim Baratov was an exotic car buff, according to Mike Le, owner of All In Detailings in Mississauga, Ont. (Facebook)

Mike Le, owner of All In Detailings in Mississauga, Ont., called Baratov an exotic car buff who had mentioned doing some "computer geek stuff." His client was popular and flashy but also reserved about anything personal, Le said.

"All my friends know him, too, and none of them know anything about his life," Le said. "He's very secret about his life."

Le said he worked on an Aston Martin for Baratov, who he said frequently bought and sold expensive cars.

Baratov's Facebook profile links to a Russian-language company website that offers a "server in Russia with any configuration and unlimited traffic" and "persistent domains in China."

A neighbour said police were at Baratov's home all day Tuesday, but said he didn't know him personally.

"He doesn't seem to work all day, he just drives up and down the street, and always has a different coloured car," said neighbour Kerry Carter.

Baratov was quiet except for "huge parties" he threw several times a year, said Carter. The home, which had security cameras installed, was listed for sale two days ago for about $930,000 but was abruptly delisted Wednesday.

3 others charged

Russian intelligence (FSB) agents Dmitry Aleksandrovich Dokuchaev, 33, and Igor Anatolyevich Sushchin, 43, also face charges. Russian national Alexsey Alexseyevich Belan, also known as "Magg," 29, has also been indicted.

Belan, who had previously been indicted in 2012 and 2013, was named one of the FBI's most wanted cybercriminals in November 2013.

The charges arise from a compromise of Yahoo user accounts that began at least as early as 2014. Though the Justice Department has previously charged Russian hackers with cybercrime — as well as hackers sponsored by the Chinese and Iranian governments — this is the first criminal case brought against Russian government officials.

According to the department, the four are alleged to have hacked into Yahoo's systems and stolen information from more than 500 million user accounts.

"(They) then used some of that stolen information to obtain unauthorized access to the contents of accounts at Yahoo, Google and other webmail providers, including accounts of Russian journalists, U.S. and Russian government officials, and private-sector employees of financial, transportation and other companies," the department alleged.

"One of the defendants also exploited his access to Yahoo's network for his personal financial gain, by searching user communications for credit-card and gift-card account numbers."

Acting assistant attorney general Mary McCord announced the charges at a news conference on Wednesday. (Susan Walsh/Associated Press)

The announcement comes as federal authorities investigate Russian interference through hacking in the 2016 presidential election.

Breach happened in 2014

Yahoo didn't disclose the 2014 breach until last September when it began notifying at least 500 million users that their email addresses, birth dates, answers to security questions and other personal information may have been stolen. Three months later, Yahoo revealed it had uncovered a separate hack in 2013 affecting about one billion accounts, including some that were also hit in 2014.

In a statement, Chris Madsen, Yahoo's assistant general counsel and head of global security, thanked law enforcement agencies for their work.

"We're committed to keeping our users and our platforms secure and will continue to engage with law enforcement to combat cybercrime," he said.

Read the indictment below:

Mobile users: View the document
(PDF 3377KB)
(Text 3377KB)
CBC is not responsible for 3rd party content

With files from CBC News and The Canadian Press