Yahoo, computer, laptop, hacking

At least one of the four Russian hackers being charged by federal prosecutors with breaching millions of Yahoo e-mail accounts cut his teeth by stealing customer data from e-commerce sites.

Acting assistant attorney general Mary McCord said Alexsey Belan had been on the government’s criminal radar for years given his past breaches of e-commerce sites before he took part in an alleged conspiracy with three other men to steal the personal information of at least 500 million Yahoo users.

McCord said Wednesday’s charges mark the third time Belan has been indicted in the U.S., with the first indictments coming in 2012 for his alleged role in breaching the computer networks of what the Federal Bureau of Investigation has referred to as “three major e-commerce companies.” Belan is thought to have stolen the entire user database of the companies, including encrypted passwords, and then negotiated the sale of the information.

McCord said Belan’s prior actions “victimized millions of customers,” but neither she nor the FBI has specified which companies were hacked previously.

Copyright 2017 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission.Mandatory Credit: Photo by AP/REX/Shutterstock (8521171j) Mary McCord, Brian Stretch, Vaughn Ary, Paul Abbate Acting Assistant Attorney General Mary McCord, second from left, speaks during a news conference at the Justice Department in Washington, . The Justice Department announced charges against four defendants, including two officers of Russian security services, for a mega data breach at Yahoo. From left are, U.S. Attorney for the Northern District Brian Stretch, McCord, FBI Executive Director Paul Abbate, Office of International Affairs Director Vaughn Ary Yahoo Security Breach, Washington, USA - 15 Mar 2017

Mary McCord and other government attorneys detailed charges being brought against four men for the 2014 hacking of 500 million Yahoo e-mail accounts.  AP/REX/Shutterstock

As for his role in the Yahoo breach, Belan allegedly worked with three co-conspirators, two of whom are officers of the Russian Federal Security Service, a post-Soviet Union version of the KGB, to access the account information of at least 500 million users of the web and e-mail platform. They then used that information to obtain information related to other online accounts and e-mail providers, including Google.

While federal prosecutors claim the hacking enterprise targeted the accounts of Russian and U.S. government officials, Russian journalists, employees of other web providers and employees of financial services and other commercial entities, Belan allegedly had other things in mind.

According to McCord, the Latvian-born Russian citizen “used his relationship with the two FSB officers and his access to Yahoo to commit additional crimes to line his own pockets with money,” namely by stealing gift card and credit card numbers from users’ e-mail accounts and redirecting a selected portion of Yahoo search engine traffic in order to steal commission payments.

“He also gained access to more than 30 million Yahoo accounts, whose contacts were then stolen to facilitate an e-mail spam scheme,” McCord said.

Although Belan was arrested in Europe in June 2013 related to the earlier charges against him, he escaped to Russia before being extradited to the U.S., according to the Department of Justice.

Despite being put on Red Notice through Interpol, FSB officers and defendants Dmitry Dokuchaev and Igor Sushchin allegedly “protected, directed, facilitated and paid” Belan and another hacker, Karim Baratov, a resident of Canada and Kazakh, to hack Yahoo and other targeted accounts.

During the alleged conspiracy, Dokuchaev and Sushchin also purportedly aided Belan’s “other criminal activities” by keeping him apprised of intelligence information and helped him avoid detection by U.S. and non-Russian law enforcement.

As of Wednesday afternoon, only Baratov has been arrested.

For More on Data Breaches, See:

Target Updates Data Breach

Kmart Latest to Be Impacted by Data Breach

Neiman Marcus a Victim of Data Breach

RILA Opposes Data Breach Notification Bill

load comments
blog comments powered by Disqus