US Charges Russian Spies with Directing Yahoo Hack – Vanity Fair
The U.S. Department of Justice announced charges Wednesday against two Russian spies and two hackers for stealing user data from half a billion Yahoo accounts in 2014. The massive cybersecurity breach, the second to affect Yahoo in two years, is believed to have been one of the largest in history.
The indictments confirm Yahoo’s suspicion, at the time the breach was disclosed, that the company had been hacked by a “state-sponsored actor.” According to the Department of Justice, the cyberattack was “protected, directed, facilitated, and paid” by Dmitry Dokuchaev and Igor Sushchin, both members of the Russian intelligence agency F.S.B. Alexsey Belan, another Russian defendant, is known for cyber crimes, and was named by the F.B.I. as one of the agency’s “cyber most wanted criminals” in 2013. Karim Baratov, a Canadian and Kazakh national, was arrested Tuesday in connection with the data breach.
“The criminal conduct at issue, carried out and otherwise facilitated by officers from an F.S.B. unit that serves as the F.B.I.’s point of contact in Moscow on cybercrime matters, is beyond the pale,” Mary McCord, acting assistant attorney general for national security, said at a press conference Wednesday, NBC News reports. According to U.S. officials, the scheme was designed to gather intelligence from “some victim accounts [that] were of predictable interest to the F.S.B.”—including “personal accounts belonging to Russian journalists; Russian and U.S. government officials; employees of a prominent Russian cybersecurity company; and numerous employees of other providers whose networks the conspirators sought to exploit”—while the two hackers “lined their pockets.”
U.S. officials have been stepping up actions against alleged cyber intrusions directed by the Russian government, which has also been accused by U.S. intelligence agencies of orchestrating a series of high-profile hacks directed against the Democratic Party last year. The fact that Yahoo was also targeted by the Kremlin only adds to the swirl of intrigue surrounding the ongoing cyberwar between the two countries. It also served as a small moment of vindication for a company that has been besieged with criticism in recent months for its handling of the attacks. “The indictment unequivocally shows the attacks on Yahoo were state-sponsored,” Yahoo assistant general counsel Chris Masden said in a statement. “We are deeply grateful to the F.B.I. for investigating these crimes and the D.O.J. for bringing charges against those responsible.”
Verizon, which has been in the process of acquiring Yahoo for the better part of the past year, had sought a discount on its Yahoo purchase as a result. Though Verizon had tried to reduce the price by $925 million in light of the hacks, the telecom company eventually settled for a $350 million discount, reducing Yahoo’s $4.83 billion sale price to $4.48 billion. Yahoo C.E.O. Marissa Mayer was criticized for her company’s slow response to the hacks, and Yahoo management also suffered for the scandal: Earlier this month, Mayer agreed to forgo her 2016 cash bonus and a 2017 stock award, worth a combined $14 million, in the wake of the hacks, and Yahoo chief legal counsel Ron Bell resigned without severance.
The hacks further tarnished Mayer’s tenure as C.E.O., a four-and-a-half-year stint during which Mayer was tasked with turning around the flailing 90s Internet company. She ultimately failed to do so, making pricy M&A deals and hiring expensive talent while struggling to invent a new mobile-first strategy to keep Yahoo moving forward. Mayer will step down when Yahoo closes its sale to Verizon, Yahoo announced in an S.E.C. filing on Monday, and Altaba, the holding company that will be created to hold the remainder of Yahoo’s assets after the deal closes, will be taken over by Yahoo board member Thomas McInerney.
This article has been updated.