The US Department of Justice announced today the indictment of four people for their alleged roles in the 2014 Yahoo cyberattack that compromised an estimated 500 million accounts.
The indictments target two members of the Russian intelligence agency FSB and two hackers allegedly hired by the Russians. The charges are historic, according to The Washington Post, which reports that they mark the first US cybercrime charges ever against Russian government officials. The charges also represent the largest hacking case ever brought by the United States, according to the Post.
The Justice Department identified three Russian nationals and residents in the charges: Dmitry Aleksandrovich Dokuchaev, Igor Anatolyevich Sushchin and Alexsey Belan. The DOJ also identified defendant Karim Baratov, who is a resident of Canada and was arrested yesterday morning.
The charges include a vast scope of cyber crimes including hacking, wire fraud, economic espionage, and trade secret theft. Data stolen from Yahoo was also allegedly used to access accounts of US and Russian government officials and private-sector employees.
The DOJ elaborated on the hacks in a statement:
The defendants used unauthorised access to Yahoo’s systems to steal information from about at least 500 million Yahoo accounts and then used some of that stolen information to obtain unauthorised access to the contents of accounts at Yahoo, Google and other webmail providers, including accounts of Russian journalists, U.S. and Russian government officials and private-sector employees of financial, transportation and other companies. One of the defendants also exploited his access to Yahoo’s network for his personal financial gain, by searching Yahoo user communications for credit card and gift card account numbers, redirecting a subset of Yahoo search engine web traffic so he could make commissions and enabling the theft of the contacts of at least 30 million Yahoo accounts to facilitate a spam campaign.