The Russian connectionHacker accused of aiding Russian spies in massive breach gets prison

A Kazakh-born computer hacker who U.S. prosecutors say unwittingly worked with a Russian spy agency in a massive Yahoo data breach has been sentenced to five years in prison.

U.S. District Judge Vince Chhabria also fined Karim Baratov $250,000 during a sentencing hearing in San Francisco on 29 May.

Baratov was named in an indictment last year that charged two Russian spies with orchestrating the 2014 Yahoo breach involving 500 million users — one of the largest breaches at any Internet company.

“Hacker for hire”

Baratov, who was born in Kazakhstan but most recently resided in Toronto, Canada, was charged with using the stolen data allegedly passed to him by Russia’s Federal Security Service (FSB) to hack dozens of e-mail accounts belonging to journalists, government officials, and business leaders.

He pleaded guilty in November to nine felony hacking charges. His guilty plea at the time spurred speculation that he might cooperate with U.S. prosecutors in pursuing the Russian spies.

U.S. attorneys are also investigating the role of Russian intelligence agencies in hacking U.S. political party computers during the 2016 presidential election.

But on May 29, prosecutors said Baratov, 23, was an “international hacker for hire” who did little or no research on his Russian clients and apparently was unknowingly used by them.

Assistant Attorney General for National Security John Demers said at Baratov’s sentencing that the case will nevertheless set an example for anyone contemplating such indiscriminate hacking in the future.

“Criminal hackers and the countries that sponsor them make a grave mistake when they target American companies and citizens. We will identify them wherever they are and bring them to justice,” he said.

Baratov was extradited from Canada last year to face charges in the United States.

The two Russian spies charged by the U.S. Justice Department with orchestrating the massive 2014 security breach at Yahoo were identified in court documents as Dmitry Aleksandrovich Dokuchaev and Igor Anatolyevich Sushchin.

They remain at large. Prosecutors said they believe the two are living in Russia, which doesn’t have an extradition treaty with the United States.

RFE/RL has reported that Dokuchaev was a deputy chief at the Center for Information Security of Russia’s Federal Security Service (FSB). He was one of several officials arrested in Moscow last year on treason charges for allegedly passing classified information to Western intelligence agencies.

Prosecutors said the Russian security service officials in 2014 paid Baratov to target dozens of e-mail accounts using information obtained from the Yahoo hack.

Prosecutors said “the targeted victims were of interest to Russian intelligence” and included “prominent leaders in the commercial industries and senior government officials of Russia and countries bordering Russia.”

Baratov and his attorneys claimed that his work with the Russia spy agency was unwitting. He is believed to have collected more than $1.1 million in fees from the agency, which he used to buy a house and expensive cars.

In his plea agreement, Baratov acknowledged that he began hacking as a teen seven years ago and admitted to charging customers $100 to obtain an unsuspecting person’s web-mail passwords by tricking them to enter their credentials into a fake password reset page.

Prosecutors said in court papers that Baratov’s Russian-language web site — dubbed “webhacker” — advertised services for “hacking of e-mail accounts without prepayment.”

In court documents, Baratov claimed he could access web-mail accounts maintained by Google and Russian providers such as Mail.Ru and Yandex. He would provide his customers with a screenshot of the hacked account and promised he could change security questions so they could maintain control of the account.

In deciding the length of Baratov’s jail sentence, Judge Chhabria said that “deterrence is particularly important in a case like this.” But he rejected prosecutors’ call for a prison sentence of nearly 10 years, noting Baratov’s young age and clean criminal record prior to his arrest.

Baratov, who has been in custody since his arrest, told the judge that his time behind bars had been “a very humbling and eye-opening experience.”

He apologized and promised “to be a better man” and obey the law upon his release. The judge said it is likely Baratov will be deported once he is released from prison.

This article is published courtesy of Radio Free Europe/Radio Liberty