“Hacker-for-hire” pleads guilty to Yahoo breach
SAN FRANCISCO – A Canadian man pleaded guilty Tuesday to charges stemming from a massive breach at Yahoo that authorities say was directed by two Russian intelligence agents and affected at least a half billion user accounts.
Karim Baratov appeared in a jail jumpsuit before a federal judge and entered the pleas to one count of conspiracy to commit computer fraud and abuse and eight counts of aggravated identity theft. He gave “yes” and “no” answers to questions from the judge about his pleas but said nothing more.
He is scheduled for sentencing Feb. 20.
U.S. law enforcement officials call the 22-year-old Baratov a “hacker-for-hire” and say as part of his plea deal, he acknowledged hacking more than 11,000 webmail accounts on behalf of the Russian Federal Security Service, or FSB, and other customers from about 2010 until his March arrest.
Outside court Tuesday, Baratov’s attorneys said their client hacked only eight accounts for the Russians and did not know that he was working for Russian agents connected to the Yahoo breach. Baratov was arrested in Hamilton, Ontario, and later agreed to forego an extradition hearing and face the U.S. charges.
“He’s been transparent and forthright with the government since he got here,” said one of his attorneys, Andrew Mancilla.
Spying: The Russian agents, Dmitry Dokuchaev and Igor Sushchin, used the information they stole from Yahoo to spy on Russian journalists, U.S. and Russian government officials and employees of financial services and other private businesses, according to prosecutors.
Dokuchaev, Sushchin and a third Russian national, Alexsey Belan, also were named in the indictment filed in February, though it’s not clear whether they will ever set foot in an American courtroom since there’s no extradition treaty with Russia.
Though the U.S. government had previously charged individual Russian hackers with cybercrime — as well as hackers directly linked to the Chinese and Iranian governments — this was the first criminal case to name as defendants sitting members of the FSB for hacking charges, the Justice Department said.
Yahoo user accounts began being compromised at least as early as 2014.
Dokuchaev and Sushchin turned to Baratov after learning that one of their targets had accounts at webmail providers other than Yahoo, prosecutors said.