SUBSCRIBE NOW
99¢ per month. Save 90%
SUBSCRIBE NOW
99¢ per month. Save 90%.

“Hacker-for-hire” pleads guilty to Yahoo breach

Sudhin Thanawala
The Associated Press

SAN FRANCISCO – A Canadian man pleaded guilty Tuesday to charges stemming from a massive breach at Yahoo that authorities say was directed by two Russian intelligence agents and affected at least a half billion user accounts.

FILE - In this Jan. 7, 2014, file photo, Yahoo president and CEO Marissa Mayer speaks during the International Consumer Electronics Show in Las Vegas. On Tuesday, June 13, 2017, Verizon took over Yahoo, completing a $4.5 billion deal that will usher in a new management team to attempt to wring more advertising revenue from one of the internet’s best-known brands. Tuesday’s closure of the sale ends Yahoo’s 21-year history as a publicly traded company. It also ends the nearly five-year reign of Yahoo CEO Marissa Mayer, who isn’t joining Verizon. (AP Photo/Julie Jacobson, File)

Karim Baratov appeared in a jail jumpsuit before a federal judge and entered the pleas to one count of conspiracy to commit computer fraud and abuse and eight counts of aggravated identity theft. He gave “yes” and “no” answers to questions from the judge about his pleas but said nothing more.

He is scheduled for sentencing Feb. 20.

U.S. law enforcement officials call the 22-year-old Baratov a “hacker-for-hire” and say as part of his plea deal, he acknowledged hacking more than 11,000 webmail accounts on behalf of the Russian Federal Security Service, or FSB, and other customers from about 2010 until his March arrest.

Outside court Tuesday, Baratov’s attorneys said their client hacked only eight accounts for the Russians and did not know that he was working for Russian agents connected to the Yahoo breach. Baratov was arrested in Hamilton, Ontario, and later agreed to forego an extradition hearing and face the U.S. charges.

“He’s been transparent and forthright with the government since he got here,” said one of his attorneys, Andrew Mancilla.

Spying: The Russian agents, Dmitry Dokuchaev and Igor Sushchin, used the information they stole from Yahoo to spy on Russian journalists, U.S. and Russian government officials and employees of financial services and other private businesses, according to prosecutors.

Dokuchaev, Sushchin and a third Russian national, Alexsey Belan, also were named in the indictment filed in February, though it’s not clear whether they will ever set foot in an American courtroom since there’s no extradition treaty with Russia.

Though the U.S. government had previously charged individual Russian hackers with cybercrime — as well as hackers directly linked to the Chinese and Iranian governments — this was the first criminal case to name as defendants sitting members of the FSB for hacking charges, the Justice Department said.

Yahoo user accounts began being compromised at least as early as 2014.

Dokuchaev and Sushchin turned to Baratov after learning that one of their targets had accounts at webmail providers other than Yahoo, prosecutors said.