A Canadian hacker pleaded guilty to the charges made against him following his involvement in the 2014 Yahoo data breach.
Karim Baratov is one of four men indicted and accused of being behind the Yahoo data breach that affected 3 billion user accounts. The other three men are still at large in Russia with no expectation that they will be extradited. Two of the three are officers in the Russian Federal Security Service and the other is a known hacker who is already wanted in the United States on other charges.
Baratov admitted to his involvement in the Yahoo data breach, which included hacking more than 11,000 webmail accounts from 2010 until his arrest earlier this year. He advertised on a Russian hacker-for-hire website and said he mostly spear phished his victims by sending them emails that linked to legitimate-looking websites where they would be prompted to provide their username and password. Once he received payments from his customers, Baratov would then send them the victims’ credentials.
In the case of the Yahoo data breach, Baratov pleaded guilty to one count of violating the Computer Fraud and Abuse Act by stealing information off of protected computers and causing damage to them. He also pleaded guilty to eight counts of aggravated identity theft.
“This case is a prime example of the hybrid cyber threat we’re facing, in which nation states work with criminal hackers to carry out malicious activities,” said Paul Abbate, the FBI’s Executive Assistant Director of Criminal, Cyber, Response and Services in a press release. “Today’s guilty plea illustrates how the FBI continues to work relentlessly with our private sector, law enforcement and international partners to identify and hold accountable those who conduct cyberattacks against our nation, no matter who they’re working with or where they attempt to hide.”
Baratov was arrested in Canada in March 2017 and indicted shortly after.
“The illegal hacking of private communications is a global problem that transcends political boundaries,” said Brian Stretch, U.S. Attorney for the Northern District of California. “Cybercrime is not only a grave threat to personal privacy and security, but causes great financial harm to individuals who are hacked and costs the world economy hundreds of billions of dollars every year. These threats are even more insidious when cyber criminals such as Baratov are employed by foreign government agencies acting outside the rule of law. With the assistance of our law enforcement partners in Canada, we were able to track down and apprehend a prolific criminal hacker who had sold his services to Russian government agents. This prosecution again illustrates that we will identify and pursue charges against hackers who compromise our country’s computer infrastructure.”
Baratov is being held in California without bail and is scheduled to be sentenced in February 2018.
In other news
- A group of NATO allies are considering using offensive cyberattack measures in response to the growing threat of state-sponsored cyberwarfare. The U.S., Britain, Germany, Norway, Spain, Denmark and the Netherlands are looking to come to an agreement by 2019 on cyberwarfare principles for the military use of cyberattacks. Currently, NATO uses only defensive measures to deal with cybercrime, but recently cyberthreats have become a bigger priority for the organization as state-sponsored cyberattacks have played a bigger role in international relations. “There’s a change in the (NATO) mindset to accept that computers, just like aircraft and ships, have an offensive capability,” U.S. Navy Commander Michael Widmann told Reuters. This follows a move by the organization earlier this year to establish cyber as a military domain and join the ranks of land, air and sea — meaning that a cyberattack on one NATO ally would mean an attack on all NATO allies.
- The China-based security research company Qihoo 360 Netlab has issued an early warning of a new variant of the Mirai malware that is spreading quickly on port 23 and 2323. Starting Nov. 22, Netlab wrote in a blog post, “we noticed big upticks on port 2323 and 23 scan traffic, with almost 100k unique scanner IP came from Argentina (sic). After investigation, we are quite confident to tell this is a new mirai variant (sic).” The researchers wondered whether this new attack was focusing on specific types of internet of things devices, similar to what happened in the 2016 Mirai attack on Deutsche Telekom, which took down the internet for approximately 1 million customers of the German telecom. The Mirai botnet attacks, and several variants after them, have plagued IoT devices globally since 2016.
- According to an investigation by the Associated Press (AP), the FBI failed to notify U.S. government officials that they were targeted by the Russian hacking group Fancy Bear, despite having the information for the last year. AP received a list from cybersecurity firm SecureWorks of targeting data and was able to identify 500 U.S. targets on this list. Of the 500, AP contacted 190 of them and interviewed 80. Of those contacted, only two were notified by the FBI that they were targets. Even some senior officials were only informed that they were targeted by Fancy Bear when AP contacted them. According to AP, there is an FBI policy that says the Bureau should notify victims of ongoing and future hacking attempts as a means of protection. Many of the U.S. officials targeted by the Fancy Bear attacks had their email accounts compromised and inboxes posted on the DCLeaks website.