Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

How Karim Baratov helped Russian spies with Yahoo hack
SECURITY

How Karim Baratov helped Russian spies with Yahoo hack 

In it he also posted a slew of photos of him posing beside luxury sports cars like a BMW 7, and Aston Martin, and a Lamborgini, having fun with friends in bars, showing some body ink and more.

“I was well off in high school to be able to afford driving a BMW 7 series and pay off a mortgage on my first house; however, all the extra free time allowed me to make triple and even quadruple the normal amount,” he wrote.

Related Content

CANADIAN, RUSSIAN SPIES, CHARGED IN YAHOO HACK

BREACH OF 500-M YAHOO ACCOUNTS DRIVE HOME IMPORTANCE OF DATA SECURITY STRATEGY

But how did he do it? 

Neighbours living beside his expensive home in Ancaster, Ont. thought the wealthy 22-year-old was a clever programmer who made a pile of money off a program he had sold. But they too had their suspicions.

After Baratov was picked up by Toronto Police the other day following news reports shed some light on the mysterious life of their neighbour.

Baratov, along with a hacker named Alexsey Belan, as well as Dmitry Dokuchaev and Igor Sushchin, officers of the Russian Federal Security Service (FSB), were charged by the U.S. Department of Justice for breaching Yahoo’s network and stealing information from 500 million user accounts, they finally knew the truth.

“Dmitry Dokuchaev and Igor Sushchin, both FSB officers, protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the United States and elsewhere,” Acting Assistant Attorney General Mary B. McCord said in a statement released Wednesday. “They worked with co-conspirators Alexsey Belan and Karim Baratov to hack into computers of American companies providing email and internet-related services, to maintain unauthorized access to those computers and to steal information, including information about individual users and the private contents of their accounts.”

How they hacked Yahoo

Baratov and Belan were approached by Sushchin and Dokuchaev to crack Yahoo’s security. They did it over a number of months or even years.  

U.S. officials said the hackers breached the accounts of hundreds of million Yahoo users. They took personal information, passwords, answers to security questions, phone numbers and more – some of the data were encrypted, some were not. They used the information to breach other email services and social media accounts.

According to the Federal Bureau of Investigation, Baratov was hired to hack certain emails and provide the log-in information to the FSB which paid him US$100 for each address.

A report from the Associated Press said Baratov and Belan did not use a technological universal key to get into any Yahoo Mail account.

Passwords would not have helped the duo either because the data they stole contained encrypted user passwords.

Instead, the hackers “used those passwords in combination with malware to create fake cookies which would fool Yahoo’s servers into thinking that the account owners would sign in rather than an attacker,” AP said.

Early this year, Yahoo revealed that some 32 million Yahoo accounts were breached using the same cookie method.

“We believe that some of this activity is connected to the same state-sponsored actor believed to be responsible for the 2014 Security Incident. The forged cookies have been invalidated by the Company so they cannot be used to access user accounts,” Yahoo said.

Yahoo warned users that if they hadn’t changed their passwords after November 2014, this method would allow hackers to grab information from their accounts.

Baratov innocent says, lawyer

 Baratov faces four charges which carry sentences ranging from two to 20 years in prison. The charges are conspiring to commit access device fraud, conspiring to commit wire fraud, aggravated identity theft and conspiring to commit computer fraud and abuse.

His alleged co-conspirators FSB agents Dokuchev, 33, and Sushchin, 43, and Belan are also facing charges. However, the three are in Russia.

Baratov has retained Jag Virk of Jag Virk Criminal Lawyers, as one of his lawyers.

In an interview with the CBC, Virk said U.S. President Donald Trump “is trying to make it appear like he’s going after Russian hackers, but he’s going after a 22-year-old kid from Ancaster” and that his client is “being used as a scapegoat.”

“My client maintains his innocence,” Virk told CBC. “We believe the charges against him may be politically motivated by the U.S. He is a 22-year-old young man with no criminal record. Everyone should wait for the facts to come out before rushing to judgment.”

Related posts