The indictment published by the Los Angeles Times says quite a bit about the Russians charged in stealing access to accounts at Yahoo. First, this was an FSB operation targeting Yahoo and using hackers for hire, one of whom was on the FBI's Most Wanted list of Hackers. His name was Aleksey Belan. Belan was indicted twice and arrested once overseas at an unnamed country, but was allowed to leave that country before being extradited to the U.S.
The two named Russian FSB officers were Dmitry Kovuchaev, aka "Patrick Nagel" and an associate Igor Sushchin, but a third supervisory officer was named to the Grand Jury. Sushchin was also the head of Information Security at the Russian Financial Firm, a curious name to say the least. All three worked for the Second Division of FSB Center 18, the FSB Center for Information Security.
The hackers were at work loading malware onto Yahoo since sometime in 2014, and subsequently downloaded internal databases of Yahoo. The information the hackers were looking for included e-mail accounts at Yahoo, which were then used to try to get other email accounts from places like Google. The named targets were an assistant to the Deputy Chairman of the Russian Federation, an officer of the Russian Ministry of Internal Affairs, members of the Russian press, and others including some outside of Russia. If they had success and other access was required, a Canadian, Karin Baratov, was given the task of getting into those accounts.
There is some detail in the indictment of the kinds of techniques used to get in and keep access to the large number of users. It is two pages and too lengthy to summarize there. This story has all the makings of a movie. Russian spies, big tech companies, hackers and beautiful women. Perfect.
No comments:
Post a Comment