Accessibility links

Breaking News

U.S. Indicts Two Russian FSB Officers In Yahoo Hack; One Charged By Moscow With Treason

Updated

Yahoo announced last year that 500 million user accounts had been breached, one of the largest such computer intrusions publicly reported.
Yahoo announced last year that 500 million user accounts had been breached, one of the largest such computer intrusions publicly reported.

WASHINGTON -- U.S. authorities have indicted two Russian intelligence officers for the massive 2014 hack against Yahoo, one of whom was arrested earlier in Moscow as part a widening scandal involving Russia’s top security agency.

In a March 15 announcement, the FBI, the Justice Department, and other officials said two criminal hackers were also being indicted.

U.S. officials told reporters that the indictments targeted two intelligence officers who worked for Russia’s lead intelligence agency, the Federal Security Service, also known as the FSB. They were identified as Dmitry Dokuchayev and his superior, Igor Sushchin.

The Justice Department linked to the two, along with a Russian man and a Kazakh man, to the 2014 hack of Yahoo, the Internet company that announced last year that 500 million user accounts had been breached. It was one of the largest such computer intrusions publicly reported.

The other two alleged hackers were identified as Aleksei Belan and Karim Baratov. U.S. officials said Baratov was arrested a day earlier in Canada at Washington’s request.

The charges appear to be unconnected to alleged Russian hacking of the Democratic National Committee and the FBI’s investigation into alleged Russian interference in the 2016 election.

Nikolai Lakhonin, a spokesman for the Russian Embassy in Washington, said that the Russian government had no official comment. He also referred RFE/RL to articles published on March 15 by the state-owned news agency Sputnik, which, among other things, asserted that U.S. officials never sought help from Russian authorities in tracking down the Yahoo hackers.

Dokuchayev was an officer with the FSB’s Center for Information Security, which oversees cybersecurity efforts by the agency. Dokuchayev was arrested in December, along with another officer with the Center for Information Security, and charged with high treason, according to Ivan Pavlov, a Russian lawyer who is representing a suspect in the treason case.

Russian media reports have said Dokuchayev is a former hacker who used the alias Forb.

The other arrested FSB officer -- whom Pavlov identified as Sergei Mikhailov -- does not appear in the newly announced U.S. indictments.

Both Mikhailov, whom Russian media reports said was detained during a high-level meeting in Moscow and taken from the room with a bag over his head, and Dokuchayev are alleged to have passed classified information to U.S. intelligence, Pavlov told RFE/RL last month.

In addition to confirming the arrest of Mikhailov and Dokuchayev, Pavlov confirmed to RFE/RL the arrest of Ruslan Stoyanov, a former employee of the Interior Ministry who had worked for Kaspersky Lab, a well-known private cyberresearch company.

The news that two FSB officers were arrested and charged with treason sent ripples through intelligence watchers and experts on cybersecurity.

The growing number of arrests, and a steady stream of leaks in Russian media over the past several weeks, have offered potential glimpses into Russia's formidable security apparatus and its ties to Russia's shadowy underground hacking networks.

The U.S. indictment offers further indications of those links.

In the announcement, U.S. authorities said that Belan, the hacker, had been indicted in 2012 and 2013, named a top wanted criminal by the FBI, and an arrest warrant was issued by Interpol in 2013. He was arrested in an unnamed European country, but then escaped to Russia.

Instead of detaining Belan under the Interpol arrest notice, U.S. officials said, Dokuchayev and Sushchin "used him to gain unauthorized access to Yahoo’s network." In late 2014, Belan allegedly stole Yahoo's propriety computer codes, the indictment said.

Sushchin’s name had not appeared in Russian media accounts of the earlier FSB arrests. Mikhailov, however, had been identified by Russian media as Dokuchayev’s superior.

Asked about Sushchin’s possible connections to the earlier arrests in Moscow, Pavlov told RFE/RL on March 15: "I can’t say."

Though Mikhailov’s name does not appear in the U.S. indictments, he is "well-known" among Russia's cybersecurity experts, according to Andrei Soldatov, an investigative journalist who has written widely about Russian intelligence services and their cyber capabilities.

Mikhailov was a prominent witness in the trial of Pavel Vrublevsky, who ran an electronic-payment company called Chronopay and in 2013 was convicted of cyberattacks on Russian companies, including state-owned airline Aeroflot.

Vrublevsky, meanwhile, is a successful entrepreneur and colorful figure among Russia's digital elite.

In a book published in 2014, Brian Krebs, an American investigative blogger, researched some of the Russian crime networks involved in the vast amounts of e-mail spam that clutter the Internet. His book, Krebs wrote in a blog post on January 29, was based on a cache of leaked e-mails from Vrublevksy's company.

Vrublevsky told Krebs that he believed Mikhailov was the one who stole the e-mails and leaked them. Krebs said Vrublevsky was also convinced Mikhailov was leaking sensitive information to U.S. intelligence -- one possible corroboration of the high-treason charges that Russian officials have levied on Mikhailov.

Both the U.S. indictments announced on March 15, and the earlier arrests in Russia, came on the heels of an assessment by U.S. intelligence agencies in early January that concluded that Russia orchestrated a hacking-and-propaganda campaign aimed at helping Republican Donald Trump defeat his Democratic rival, Hillary Clinton, in the presidential election.

The FBI is reportedly looking into alleged communications between some of Trump’s aides and Russian officials. At least five different congressional committees are also conducting different, Russian-related investigations.

  • 16x9 Image

    Mike Eckel

    Mike Eckel is a senior correspondent reporting on political and economic developments in Russia, Ukraine, and around the former Soviet Union, as well as news involving cybercrime and espionage. He's reported on the ground on Russia's invasion of Ukraine, the wars in Chechnya and Georgia, and the 2004 Beslan hostage crisis, as well as the annexation of Crimea in 2014.

  • 16x9 Image

    Carl Schreck

    Carl Schreck is an award-winning investigative journalist who serves as RFE/RL's enterprise editor. He has covered Russia and the former Soviet Union for more than 20 years, including a decade in Moscow. He has led investigations into corruption, cronyism, and disinformation campaigns in Russia and Central Asia, as well as on poisoning attacks against Kremlin opponents and assassinations of Iranian exiles in the West. Schreck joined RFE/RL in 2014.

RFE/RL has been declared an "undesirable organization" by the Russian government.

If you are in Russia or the Russia-controlled parts of Ukraine and hold a Russian passport or are a stateless person residing permanently in Russia or the Russia-controlled parts of Ukraine, please note that you could face fines or imprisonment for sharing, liking, commenting on, or saving our content, or for contacting us.

To find out more, click here.

XS
SM
MD
LG