On March 15, The U.S. Department of Justice announced the indictments of two Russian Federal Security Service (FSB) officers in connection with the 2014 hacking of over 500 million Yahoo user accounts. This marks the first criminal case concerning cybersecurity brought directly against Russian government officials, and what seems to be a change in the way the U.S. is approaching cyber-warfare. The persons charged are Dmitry Dokuchaev and Igor Sushchin, who are Russian agents with the FSB. Authorities also identified two other co-conspirators, Alexsey Belan and Karim Baratov. Baratov was already arrested in Canada while the other three are believed to be in Russia, which does not have an extradition treaty with the U.S.
The Russian agents, Dokuchaev and Sushchin, are believed to have paid the hackers to steal information that would be useful to Moscow. This included hacking the accounts of journalists, diplomats, and government officials, in addition to wire fraud, trade secret theft, and economic espionage. Belan, one of the hackers, is known for hacking U.S. e-commerce companies and is on the FBI’s most wanted list. While carrying out the Yahoo attacks, Belan also launched spam campaigns and searched user communications for credit card numbers for his own personal gain.
The attack on Yahoo that began in January 2014 was first partially exposed in September 2016. In December 2016, however, the extent of the cyber-attacks was discovered; they are now considered one of the largest hacking attacks in history. Yahoo has since been condemned for its “improper security” because the hackers used “cookies”, which enabled them to gain full access to Yahoo’s servers and all of its private email accounts. The fact that the hackers employed a relatively simple method to breach Yahoo’s security caused many technology experts to state that Yahoo had been “negligent”.
Before the extent of the attacks was revealed to the public, Verizon had been in talks with Yahoo and had actually cut a deal to buy the company for US $4.83 billion in 2016. However, once the breaches were revealed, Verizon stated that it would reduce the previously agreed upon value of the company. Verizon has since cut US $350 million from its purchase price for Yahoo.
The indictments come at an intense time in the world of cyber-security, particularly regarding the U.S. and Russia. The charges come on the heels of the accusations that Russia played a part in hacking the Democratic National Convention, as well as attempting to influence the 2016 U.S. Presidential Election through the spread of fake news. If anything, the most recent criminal charges suggest that cyber-security breaches led by Russia are only increasing. Virginia’s Senator Mark Warner (D) spoke about this when he said that the indictments “shed a light on the close and mutually beneficial ties between the cyber underworld and Russia’s government and security services”, as well as the extent to which Russia “leverages these cyber activities to multiple ends: commercial, financial, and geopolitical”.
The recent indictments show a change in U.S. strategy for combating cyber-attacks, particularly regarding Russia’s increasingly aggressive approach in cyber warfare. While cyber attacks and cyber-warfare are not new, it is an area of security that is shrouded in anonymity. Specific details of a cyber-attack are very difficult to trace, let alone directly tracing the attack to a specific hacker. With the Yahoo attacks, for instance, the accounts were hacked in 2014, but Yahoo discovered that they had occurred over two years later. Further to that, in the past the U.S. would often work closely with the Russian FSB to identify and combat cyber-attacks. However, now that it has come to light that many attacks are coming directly from Russian government agencies, it has caused the U.S to change its approach and publicly identify these hackers.
Considering that the U.S. does not have an extradition treaty with Russia, other routes need to be pursued in order to crack down on the attacks. The Obama administration pursued sanctions to punish and deter state hackers. In late 2016, the administration imposed economic sanctions on Moscow for election-meddling. The attacks on Yahoo are just one of many Russian led cyber-attacks in recent years against the EU and NATO members as Russia tries to weaken Western influence. Thus, as Russia continues to pursue a path of cyber-attacks against countries such as the United States, the U.S. as well as its allies must make cyber security a top priority.
Cover Photo: Security Broken (2017), by DennisM2 via Flickr. Listed under Public Domain.
Disclaimer: Any views or opinions expressed in articles are solely those of the authors and do not necessarily represent the views of the NATO Association of Canada.