Russia Denies Involvement in Yahoo Hack
Russia says it was not involved in any unlawful cyber activities, a day after the U.S. Justice Department announced indictments for two Russian spies and two other people suspected of stealing personal information of millions of people in a 2014 hack of Yahoo.
Kremlin spokesman Dmitry Peskov told reporters Thursday that no Russian office, including the Russian Federal Security Service (FSB) was involved.
U.S. Assistant Attorney General Mary McCord said the four indictments include two FSB officers and two hackers who helped them in the intrusion.
The FSB officers, identified as Dmitry Dokuchaev and Igor Sushchin, “protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the United States and elsewhere,” she said.
WATCH: McCord on Yahoo hack
McCord said the hackers targeted the accounts of government officials from both Russia and the United States, as well as journalists, financial services employees and military personnel.
The hackers
One of the co-conspirators, Alexsey Belan, has been indicted twice before by the United States for similar hacking exploits, and has been on the FBI’s most wanted cyber criminals list for more than three years.
The other hacker, Karim Baratov, was arrested Tuesday in Canada, McCord said.
The FSB is Russia’s intelligence agency. The unit within the FSB where the two defendants work, known as Center 18, is the main “point of contact in Moscow for cyber-crime matters,” according to McCord.
“The involvement and direction of FSB officers with law enforcement responsibilities makes this conduct that much more egregious,” she said. “There are no free passes for foreign state-sponsored criminal behavior.”
In 2014, Yahoo’s security team uncovered evidence that a hacker backed by an unnamed foreign government had pried into user accounts, but executives “failed to act sufficiently” on that knowledge, according to the results of an internal investigation. At that time, Yahoo only notified 26 people that their accounts had been breached.
500 million affected
That breach affected at least 500 million users whose email addresses, birth dates, answers to security questions, and other personal information may have been stolen.
Three months later, Yahoo revealed it had uncovered a separate hack in 2013 affecting about 1 billion accounts, including some that were also hit in 2014.
The company’s investigation into the mishandled hack led to the loss of an annual bonus for CEO Marissa Mayer and the resignation of Yahoo’s general counsel, Ronald Bell.
…
коментарі: