Hacker gets five years for Russian-linked Yahoo security breach

May 29, 2018 by Paul Elias
Hacker gets 5 years for Russian-linked Yahoo security breach
In this April 11, 2017 file photo, Akhmet Tokbergenov, left, and Dinara Tokbergenova, parents of alleged Yahoo hacker Karim Baratov, leave the court after their son was denied bail, with lawyer Deepak Paradkar, right, in Hamilton, Ont. A Canadian computer hacker was sentenced to five years in prison in connection with a massive security breach at Yahoo that federal agents say was directed by Russian government spies. U.S. Judge Vince Chhabria also on Tuesday, May 29, 2018, fined Karim Baratov $250,000. (Mark Blinch/The Canadian Press via AP, File)

A young computer hacker who prosecutors say unwittingly worked with a Russian spy agency was sentenced to five years in prison Tuesday for using data stolen in a massive Yahoo data breach to gain access to private emails.

U.S. Judge Vince Chhabria also fined Karim Baratov $250,000 during a sentencing hearing in San Francisco.

Baratov was named in a federal indictment last year that charged two Russian spies with orchestrating the 2014 Yahoo breach involving 500 million users. Baratov was charged with using that stolen data passed to him by Russia's Federal Security Service to hack dozens of email accounts of journalists, business leaders and others.

Prosecutors said Baratov, 23, was an "international hacker for hire" who did little or no research of his customers.

He pleaded guilty in November to nine felony hacking charges. He acknowledged that he began hacking as a teen seven years ago and charged customers $100 a hack to access web-based emails.

Baratov, who was born in Kazakhstan but lived in Toronto, Canada, where he was arrested last year, charged customers to obtain another person's webmail passwords by tricking them to enter their credentials into a fake password reset page.

Prosecutors said in court papers that Baratov's Russian-language web site named "webhacker" advertised services for "hacking of email accounts without prepayment."

Prosecutors said Russian security service paid Baratov to target dozens of email accounts using information obtained from the Yahoo hack. Prosecutors argued that Russia's Federal Security Service targeted Russian journalists, U.S. and Russian government officials and employees of financial services and other private businesses.

Baratov and his attorneys also said his work with the Russia spy agency was unwitting.

In court documents Baratov claimed he could access webmail accounts maintained by Google and Russian providers such as Mail.Ru and Yandex. He would provide customers with a screenshot of the hacked account and promised he could change security questions so they could maintain control of the account.

The U.S. Justice Department charged two Russian spies with orchestrating the 2014 security breach at Yahoo to steal data from 500 million users. Dmitry Aleksandrovich Dokuchaev and Igor Anatolyevich remain at large and prosecutors believe they are living in Russia, which doesn't have an extradition treaty with the United States.

Baratov is believed to have collected more than $1.1 million in fees, which he used to buy a house and expensive cars.

"Deterrence is particularly important in a case like this," the judge said during the hearing. He rejected prosecutors call for a prison sentence of nearly 10 years, noting Baratov's age and clean criminal record prior to his arrest.

Baratov, who has been in custody since his arrest, told the judge that his time behind bars has been "a very humbling and eye-opening experience."

He apologized and promised "to be a better man" and obey the law upon his release. The judge said it is likely Baratov will be deported once he is released from prison.

"Criminal hackers and the countries that sponsor them make a grave mistake when they target American companies and citizens," said Assistant Attorney General for National Security John Demers. "We will identify them wherever they are and bring them to justice."

Explore further: 'Hacker-for-hire' pleads guilty to Yahoo breach

Related Stories

'Hacker-for-hire' pleads guilty to Yahoo breach

November 29, 2017

A Canadian man pleaded guilty Tuesday to charges stemming from a massive breach at Yahoo that authorities say was directed by two Russian intelligence agents and affected at least a half billion user accounts.

Recommended for you

Printing microelectrode array sensors on gummi candy

June 22, 2018

Microelectrodes can be used for direct measurement of electrical signals in the brain or heart. These applications require soft materials, however. With existing methods, attaching electrodes to such materials poses significant ...

EU copyright law passes key hurdle

June 20, 2018

A highly disputed European copyright law that could force online platforms such as Google and Facebook to pay for links to news content passed a key hurdle in the European Parliament on Wednesday.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.