U.S. Indictments Confirm Fears of Wholesale Russian Hacking

NEWS ANALYSIS: The indictments against three Russian intelligence operatives and a hacker based in Canada reveal details about how so many Yahoo accounts were breached and plundered for data.

cyber-espionage and hacking

The outrage at the press conference was palpable. Two Russian officials who are responsible for working as a liaison between Russian and American law enforcement were now indicted with facilitating a criminal act against the United States.

Dmitry Aleksandrovich Dokuchaev and Igor Anatolyevich Sushchin, both members of the Russian FSB, formerly known during the Soviet era as the KGB, were charged with a number of crimes including directing the hack into Yahoo that stole user information from some 500 million users.

In addition, two criminal hackers, Alexsey Alexseyevich Belan and Karim Baratov, were charged with carrying out the actual hacking with the goals of stealing economic and banking information from the victims and in the words of the Federal Bureau of Investigation, to "line their own pockets.” Baratov was arrested by Canadian authorities the day before the March 15 press conference and is in prison in Canada awaiting extradition to the U.S.

Belan may have suffered a worse fate. He was arrested in December by Russian authorities and is in prison charged with treason. The details of his case are unclear, but apparently he is suspected of working with the CIA when the Russian involvement in the hack of the Democratic National Committee took place. It appears that Belan’s efforts to work both sides of the street may have backfired.

The Russian FSB officers are unlikely to be arrested and sent to the U.S, partly because there’s no extradition treaty and partly because the Russian government is unlikely to arrest citizens that are working on behalf of the state.

“The involvement and direction of FSB officers with law enforcement responsibilities makes this conduct that much more egregious,” the DoJ said in its statement. “There are no free passes for foreign state-sponsored criminal behavior.”

 

Notably, the investigation was wide ranging. Law enforcement agencies in the U.S., Canada and the UK played a role and information from those agencies was included in the information presented to the grand jury in California that issued the indictment.

 

At this point no trial date has been set. Baratov is still in Canada and hasn’t been formally charged by U.S law enforcement authorities. Belan is in prison in Russia, where he is unlikely to emerge—ever.

 

So does this mean the threat from Russia is over? Of course it doesn’t. While the two FSB officers probably won’t venture beyond the borders of Russia for fear of arrest, they’re still perfectly capable of hiring some additional hackers and directing more attacks. Considering how successful they were in 2014 when they attacked Yahoo, the chances are very good that they’re already back at their desks finding more ways to attack the U.S.

 

They means they’re going to come after your data stored somewhere on the web. The investigation that led to the arrest of this team also revealed how they worked. Initial access was through phishing attacks, followed by an injection of malware. Once they gained access to Yahoo the hackers used network management tools already in Yahoo’s site to cover their tracks and steal more information.

 

The Russians and their hackers routinely used small-scale breaches to begin with, then used information they found to perform larger breaches. They depended on the habits of users to use the same name and password combination in many sites. They also depended on those traits to use what they found on Yahoo to also attack Google and harvest more information there.

 

The next attack, regardless of whether it’s being carried out by the Russians, the Chinese, the North Koreans or someone else will follow a similar pattern. Break into an easy target and find some user details then harvest those. While they’re there, they may also steal other information, but what they mostly want is a way to log into another site.

 

While you might think that your retail store or service company is unlikely to be of any use to the state-sponsored hackers, think again. They know that you’re unlikely to have serious security, and that you have exactly what they want, which is probably your user names and credentials. They may also steal customer credit card numbers or other information, but that’s not the main goal.

 

Instead, those attackers want the keys to the next step up the line, and if they steal your user information, they may get it.

 

The ultimate goal of the Russian hackers seems clear in the U.S. statements. “The defendants targeted Yahoo accounts of Russian and U.S. government officials, including cyber-security, diplomatic and military personnel,” the DoJ statement said. “They also targeted Russian journalists; numerous employees of other providers whose networks the conspirators sought to exploit; and employees of financial services and other commercial entities.”

 

This is why you keep hearing security people ranting about the need to change your passwords frequently, and to not use the same login credentials at multiple sites. While your losses might be limited if the Russians or another entity attacks your account, what’s important is that it’s all part of a chain.

 

They will use whatever they find of yours, combine it with information they find elsewhere and develop enough of a profile about you to break into other systems. In addition, they will find out information about your relatives, friends and business contacts to do the same. Even if you don’t worry about your own information, remember that it’s all part of a larger attack. You can help make that attack less serious by following sound online security practices.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...