Hacker Pleads Guilty in Yahoo Data Hack of 500 Million Accounts

In One Billion Yahoo Accounts Hacked, I reported on the 2016 hack, and briefly mentioned that this hack came after another Yahoo hack in 2014 when 500 million Yahoo accounts were hacked. This blog is about that breach of 500 million Yahoo accounts back in 2014. We now know who was responsible for that breach, but it gets a little tangled.

In recent news, Karim Baratov, Canadian hacker, has pleaded guilty in a California Court to eight counts of aggravated identity theft and one count of conspiracy to commit computer fraud and abuse (violating the Computer Fraud and Abuse Act).

Hacker Hired by Russian Spies

The 22-year-old hacker for hire was helping Russian intelligence officers hack Yahoo for the account holders’ personal information. Igor Shushchin and Dmitry Dokuchaev of Russia’s Federal Security Service have been charged as well as known Russian hacker, Alexsey Belan, who was one of the Federal Bureau of Investigation’s (FBI) most wanted cyber criminals. They paid Baratov to hack 80 email accounts. Fifty of the accounts hacked by Baratov was hosted by Google.

According to the indictment, there were specific people associated with the email accounts targeted by these hacks, including Russian officials, a prominent banker, and the chief executive of a metals company.

Hacker Didn’t Know He Was Hired by Russian Agents

The Federal Security Service officers were paying Baratov to hack the Yahoo accounts, but Baratov claims he had no idea he was working for Russian FSB agents. However, Baratov placed an ad for his services on Russian-language websites. He was hired to send fake emails to Yahoo email account holders that were designed and written to appear as though they were from Yahoo. That’s how the hacks were made. So, are Baratov’s claims about not knowing he was working for Russian agents true or not? What do you think?

 

Three More Charged in Case

The three other men charged in this case have not been arrested. They are currently living in Russia, and there is no extradition agreement between Russia and the United States. There is nothing the United States can do at this time. The Russian agents can only be arrested if they ever leave Russia.

Prosecuting Karim Baratov

A sentencing hearing for Baratov has been scheduled for February 20, 2018. Prosecutors are asking for 24 months (two years) for the identity theft charges and 70 to 87 months (5.83 to 7.25 years) for the conspiracy to commit computer fraud and abuse charge. Baratov is looking at a possible five to seven or more years in prison for hacking Yahoo email accounts and exposing 500 million accounts.

It looks like the two Russian spies are hiding in Russia somewhere, and Russian authorities have no interest in extraditing them to the United States for persecution.

According to the indictment, Sushchin, Belan, and Dokuchaev gained access to Yahoo accounts and wanted more. They wanted to gain access to Google and Yandex accounts (Yandex is a Russian-based webmail account service).

While the other three suspects, in this case, cannot be extradited, Baratov, a Canadian citizen born in Kazakstan, waived his right to dispute his extradition from Canada to the United States.

Vladimir Putin’s Take on the Charges

A spokesperson for Vladimir Putin, the President of Russia, made a statement claiming that FSB employees did not have anything to do with this hack on millions of Yahoo email accounts.

According to the United States Justice Department (DOJ), the hacker for hire, Baratov, took a plea deal in which he admitted to hacking over 11,000 email accounts over a period of seven years, for both the Russian FSB agents and other customers.

Protect Your Email Account

Any email account is vulnerable to getting hacked, no matter how secure it may seem. You should take steps to keep your account safe on your side, not simply depend on your email host’s security. Use a secure email host such as email.

Steps to Protect Your Email Account:

  1. Never give your password out to anyone.
  2. Never write your password down anywhere.
  3. Avoid using words others can guess, such as your pet’s name, the name of the street you live on or grew up on, the town you live in or grew up in, your best friend’s name, your birthday, your kid’s birthday, or any other information someone else can guess or knows.
  4. Use a highly secure password that includes special characters, lowercase letters, numbers, uppercase letters, and numbers.
  5. It’s important to change your password on a regular basis. If it’s a super strong password as described in the step before, you can go as long as three to six months before changing it again.
  6. Do not keep a predictable pattern in the way you change your passwords. For example, changing your former password by only switch an S for a $. Completely change your password, and keep it random so no one is able to see a pattern and predict what your password might be.
  7. Do not use the same password for all of your accounts. Yes, you must use a different password for each account you have.

How to Keep Track of Your Passwords:

Use a password manager such as LastPass, DashLane, RoboForm, Keeper, etc. Read the details on any password manager you might use to ensure its safety. Do what is in your power to keep your personal details safe from hackers.

Avoid Phishing Emails

Phishing emails are those that hackers create to look like they are coming straight from a company you might do business with, such as Yahoo. Once you open it, or worse, click on the link, your information is compromised. The ultimate goal for the hackers is to get you to input your personal information such as your bank account information, your passwords, your credit card information, and more.

Spot these phishing emails. Check the from email address. If it looks wrong, delete the email. Are there typos? Is there poor grammar? Usually, it’s easy to tell that the email is not from the company they say it’s from. When in doubt delete the email and go straight to your account by calling them or going to their website. Check your account to ensure everything is in order.

How do you keep your passwords safe?

How do you keep your email account secure?

How do you spot phishing emails?

We will be happy to hear your thoughts

      Leave a reply

      Web Hosting Sun
      Logo