When Yahoo confirmed some data leaks since 2013, it reported that one of the attacks would have been sponsored by a “state organization” of an undisclosed government. Well recently, the US Department of Justice has formally accused Russian agents of being behind the invasions. However, Russia denied their involvement.
According to the United States, two agents of the Federal Security Service (FSB) of Russia, Dmitry Dokuchaev, and Igor Sushchin, who work in the cybernetic investigation division of the agency, advised and paid criminal hackers to invade Yahoo. The aim was to obtain data from Russian journalists, diplomats, military personnel, activists, members of the US government, and employees of the financial sector.
In an interview with Ars Technica, Malcolm Palmore, an FBI special agent, said the attacks probably began targeting a “semi-privileged” Yahoo employee, not a top executive. The hackers used phishing or social engineering to obtain the credentials of this employee and have access to two content: Yahoo User Database (UDB) and Account Management Tool.
The UDB contained information that would help the agency find users of interest to the Russian government. According to the US prosecution, hackers searched Yahoo account information for managers of a Russian investment firm, French transport company, American financial services companies, Bank and portfolio of Swiss Bitcoin, and American airline as well.
Hackers hired by FSB, both with Canadian citizenship, were identified as Alexsey Belan and Karim Baratov. The United States already wanted Alexsey in crimes involving invasions in e-commerce networks. As Wired informs, the hackers were allowed by FSB to do whatever they wanted with the 500 million accounts they got as a kind of “incentive,” which resulted in spam and sales of credit card numbers.
However, on Thursday, Kremlin spokesman Dmitry Peskov told that he heard the whole case only from media reports but said that FSB “was not involved in any illegal cyber activity.”