Russian Access to Half of People on Earth

Not too many people have heard of Karim Baratov, nor is he likely to become a household name anytimes soon, but he has a distinction of being caught working with the Russian FSB to steal Yahoo’s webmail.  His accomplices are all safe in Russia, and likely to remain there.  You will remember the numbers of accounts compromised - 3 billion.  Hard as I try, that is a big number to imagine.  

I’m a little surprised that Yahoo had 3 billion acccounts, since they are hardly the biggest provider of email services.  Google’s Gmail and Microsoft’s Outlook are bigger.  But 3 billion is half of the all the people in the world (7.6 billion), a substantial portion of whom are children with no computers, a few illiterate adults.  UNESCO says there are a billion illiterate adults,  and another billion live in China where they can’t have Yahoo accounts.   That would mean more than half of all the literate people in the world have Yahoo accounts for their email.  Not likely.  

None-the-less, the Russians now have them all, doubtlessly sending out a good bit of news and lots of spam by this outlet.  Baratov’s place in this is explained in the Justice Department press release: 

 “Baratov’s role in the charged conspiracy was to hack webmail accounts of individuals of interest to the FSB and send those accounts’ passwords to Dokuchaev in exchange for money.  As alleged in the Indictment, Dokuchaev, Sushchin and Belan compromised Yahoo’s network and gained the ability to access Yahoo accounts.  When they desired access to individual webmail accounts at a number of other internet service providers, such as Google and Yandex (based in Russia), Dokuchaev tasked Baratov to compromise those accounts.  The Indictment is available here, and its allegations are summarized in greater detail in the press release that attended the unsealing of the Indictment on March 15.”  

The Russians did not care about 3 billion accounts, so the fact that they had potential access to them is not of great concern to millions of normal people the FSB ignores.  But, for the ones they asked for, what were they doing in the name of those accounts the FSB was using?  They could publish almost anything they wanted, respond to email from journalists and government officials, and write to people the owner did not even know.  It is the perfect way to phish.