WASHINGTON -- U.S. authorities have indicted two Russian intelligence officers for the massive 2014 hack against Yahoo, one of whom was arrested earlier in Moscow as part a widening scandal involving Russia’s top security agency.
In a March 15 announcement, the FBI, the Justice Department, and other officials said two criminal hackers were also being indicted.
U.S. officials told reporters that the indictments targeted two intelligence officers who worked for Russia’s lead intelligence agency, the Federal Security Service, also known as the FSB. They were identified as Dmitry Dokuchayev and his superior, Igor Sushchin.
The Justice Department linked to the two, along with a Russian man and a Kazakh man, to the 2014 hack of Yahoo, the Internet company that announced last year that 500 million user accounts had been breached. It was one of the largest such computer intrusions publicly reported.
The other two alleged hackers were identified as Aleksei Belan and Karim Baratov. U.S. officials said Baratov was arrested a day earlier in Canada at Washington’s request.
The charges appear to be unconnected to alleged Russian hacking of the Democratic National Committee and the FBI’s investigation into alleged Russian interference in the 2016 election.
Nikolai Lakhonin, a spokesman for the Russian Embassy in Washington, said that the Russian government had no official comment. He also referred RFE/RL to articles published on March 15 by the state-owned news agency Sputnik, which, among other things, asserted that U.S. officials never sought help from Russian authorities in tracking down the Yahoo hackers.
Dokuchayev was an officer with the FSB’s Center for Information Security, which oversees cybersecurity efforts by the agency. Dokuchayev was arrested in December, along with another officer with the Center for Information Security, and charged with high treason, according to Ivan Pavlov, a Russian lawyer who is representing a suspect in the treason case.
Russian media reports have said Dokuchayev is a former hacker who used the alias Forb.
The other arrested FSB officer -- whom Pavlov identified as Sergei Mikhailov -- does not appear in the newly announced U.S. indictments.
Both Mikhailov, whom Russian media reports said was detained during a high-level meeting in Moscow and taken from the room with a bag over his head, and Dokuchayev are alleged to have passed classified information to U.S. intelligence, Pavlov told RFE/RL last month.
In addition to confirming the arrest of Mikhailov and Dokuchayev, Pavlov confirmed to RFE/RL the arrest of Ruslan Stoyanov, a former employee of the Interior Ministry who had worked for Kaspersky Lab, a well-known private cyberresearch company.
The news that two FSB officers were arrested and charged with treason sent ripples through intelligence watchers and experts on cybersecurity.
The growing number of arrests, and a steady stream of leaks in Russian media over the past several weeks, have offered potential glimpses into Russia's formidable security apparatus and its ties to Russia's shadowy underground hacking networks.
The U.S. indictment offers further indications of those links.
In the announcement, U.S. authorities said that Belan, the hacker, had been indicted in 2012 and 2013, named a top wanted criminal by the FBI, and an arrest warrant was issued by Interpol in 2013. He was arrested in an unnamed European country, but then escaped to Russia.
Instead of detaining Belan under the Interpol arrest notice, U.S. officials said, Dokuchayev and Sushchin "used him to gain unauthorized access to Yahoo’s network." In late 2014, Belan allegedly stole Yahoo's propriety computer codes, the indictment said.
Sushchin’s name had not appeared in Russian media accounts of the earlier FSB arrests. Mikhailov, however, had been identified by Russian media as Dokuchayev’s superior.
Asked about Sushchin’s possible connections to the earlier arrests in Moscow, Pavlov told RFE/RL on March 15: "I can’t say."
Though Mikhailov’s name does not appear in the U.S. indictments, he is "well-known" among Russia's cybersecurity experts, according to Andrei Soldatov, an investigative journalist who has written widely about Russian intelligence services and their cyber capabilities.
Mikhailov was a prominent witness in the trial of Pavel Vrublevsky, who ran an electronic-payment company called Chronopay and in 2013 was convicted of cyberattacks on Russian companies, including state-owned airline Aeroflot.
Vrublevsky, meanwhile, is a successful entrepreneur and colorful figure among Russia's digital elite.
In a book published in 2014, Brian Krebs, an American investigative blogger, researched some of the Russian crime networks involved in the vast amounts of e-mail spam that clutter the Internet. His book, Krebs wrote in a blog post on January 29, was based on a cache of leaked e-mails from Vrublevksy's company.
Vrublevsky told Krebs that he believed Mikhailov was the one who stole the e-mails and leaked them. Krebs said Vrublevsky was also convinced Mikhailov was leaking sensitive information to U.S. intelligence -- one possible corroboration of the high-treason charges that Russian officials have levied on Mikhailov.
Both the U.S. indictments announced on March 15, and the earlier arrests in Russia, came on the heels of an assessment by U.S. intelligence agencies in early January that concluded that Russia orchestrated a hacking-and-propaganda campaign aimed at helping Republican Donald Trump defeat his Democratic rival, Hillary Clinton, in the presidential election.
The FBI is reportedly looking into alleged communications between some of Trump’s aides and Russian officials. At least five different congressional committees are also conducting different, Russian-related investigations.
