Hacker gets five years for Russian-linked Yahoo security breach

May 29, 2018 by Paul Elias
Hacker gets 5 years for Russian-linked Yahoo security breach
In this April 11, 2017 file photo, Akhmet Tokbergenov, left, and Dinara Tokbergenova, parents of alleged Yahoo hacker Karim Baratov, leave the court after their son was denied bail, with lawyer Deepak Paradkar, right, in Hamilton, Ont. A Canadian computer hacker was sentenced to five years in prison in connection with a massive security breach at Yahoo that federal agents say was directed by Russian government spies. U.S. Judge Vince Chhabria also on Tuesday, May 29, 2018, fined Karim Baratov $250,000. (Mark Blinch/The Canadian Press via AP, File)

A young computer hacker who prosecutors say unwittingly worked with a Russian spy agency was sentenced to five years in prison Tuesday for using data stolen in a massive Yahoo data breach to gain access to private emails.

U.S. Judge Vince Chhabria also fined Karim Baratov $250,000 during a sentencing hearing in San Francisco.

Baratov was named in a federal indictment last year that charged two Russian spies with orchestrating the 2014 Yahoo breach involving 500 million users. Baratov was charged with using that stolen data passed to him by Russia's Federal Security Service to hack dozens of email accounts of journalists, business leaders and others.

Prosecutors said Baratov, 23, was an "international hacker for hire" who did little or no research of his customers.

He pleaded guilty in November to nine felony hacking charges. He acknowledged that he began hacking as a teen seven years ago and charged customers $100 a hack to access web-based emails.

Baratov, who was born in Kazakhstan but lived in Toronto, Canada, where he was arrested last year, charged customers to obtain another person's webmail passwords by tricking them to enter their credentials into a fake password reset page.

Prosecutors said in court papers that Baratov's Russian-language web site named "webhacker" advertised services for "hacking of email accounts without prepayment."

Prosecutors said Russian security service paid Baratov to target dozens of email accounts using information obtained from the Yahoo hack. Prosecutors argued that Russia's Federal Security Service targeted Russian journalists, U.S. and Russian government officials and employees of financial services and other private businesses.

Baratov and his attorneys also said his work with the Russia spy agency was unwitting.

In court documents Baratov claimed he could access webmail accounts maintained by Google and Russian providers such as Mail.Ru and Yandex. He would provide customers with a screenshot of the hacked account and promised he could change security questions so they could maintain control of the account.

The U.S. Justice Department charged two Russian spies with orchestrating the 2014 security breach at Yahoo to steal data from 500 million users. Dmitry Aleksandrovich Dokuchaev and Igor Anatolyevich remain at large and prosecutors believe they are living in Russia, which doesn't have an extradition treaty with the United States.

Baratov is believed to have collected more than $1.1 million in fees, which he used to buy a house and expensive cars.

"Deterrence is particularly important in a case like this," the judge said during the hearing. He rejected prosecutors call for a prison sentence of nearly 10 years, noting Baratov's age and clean criminal record prior to his arrest.

Baratov, who has been in custody since his arrest, told the judge that his time behind bars has been "a very humbling and eye-opening experience."

He apologized and promised "to be a better man" and obey the law upon his release. The judge said it is likely Baratov will be deported once he is released from prison.

"Criminal hackers and the countries that sponsor them make a grave mistake when they target American companies and citizens," said Assistant Attorney General for National Security John Demers. "We will identify them wherever they are and bring them to justice."

Explore further: 'Hacker-for-hire' pleads guilty to Yahoo breach

Related Stories

'Hacker-for-hire' pleads guilty to Yahoo breach

November 29, 2017

A Canadian man pleaded guilty Tuesday to charges stemming from a massive breach at Yahoo that authorities say was directed by two Russian intelligence agents and affected at least a half billion user accounts.

Recommended for you

Robots as tools and partners in rehabilitation

August 17, 2018

In future decades, the need for effective strategies for medical rehabilitation will increase significantly, because patients' rate of survival after diseases with severe functional deficits, such as a stroke, will increase. ...

Security gaps identified in internet protocol IPsec

August 15, 2018

In collaboration with colleagues from Opole University in Poland, researchers at Horst Görtz Institute for IT Security (HGI) at Ruhr-Universität Bochum (RUB) have demonstrated that the internet protocol IPsec is vulnerable ...

Researchers find flaw in WhatsApp

August 8, 2018

Researchers at Israeli cybersecurity firm said Wednesday they had found a flaw in WhatsApp that could allow hackers to modify and send fake messages in the popular social messaging app.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.