Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Spear-Phisher Gets Five Years for Helping FSB Yahoo Hackers

A Canadian man has been handed down a five-year prison sentence for his part in a Russian government conspiracy which resulted in the compromise of 500 million Yahoo accounts.

Kazakhstan-born Karim Baratov, 23, pleaded guilty in November 2017 to spear-phishing at least 80 webmail accounts belonging to “individuals of interest” for the Russian intelligence service the FSB. He’s then said to have sent the account passwords to a co-conspirator in exchange for money.

Baratov is also said to have hacked more than 11,000 webmail accounts in total from around 2010 until his March 2017 arrest in Canada.

Although he wasn’t directly responsible for the Yahoo breach, his co-conspirators in the FSB and fellow “hacker-for-hire” Alexsey Belan were, according to the Department of Justice. Baratov’s job was in fact to hack user accounts for non-Yahoo providers such as Gmail.

The persons of interest Baratov helped the FSB to monitor included Russian journalists, US and Russian government officials and private-sector employees of financial, transportation and other companies, the DoJ said in a detailed description of the case back in March 2017.

“It's difficult to overstate the unprecedented nature of this conspiracy, in which members of a foreign intelligence service directed and empowered criminal hackers to conduct a massive cyber-attack against 500 million victim user accounts,” said FBI special agent in charge John Bennett.

“Today's sentencing demonstrates the FBI's unwavering commitment to disrupt and prosecute malicious cyber actors despite their attempts to conceal their identities and hide from justice.”

The judge also ordered Baratov to pay a fine of $250,000, apparently claiming the large sum would make up for the relatively lenient sentence, which prosecutors wanted doubled.

The compromise of 500 million user accounts at Yahoo is not thought to be linked to the other breaches affecting billions of customers.

What’s Hot on Infosecurity Magazine?