USA accuses hackers from Russia and Kazakhstan of hacking Yahoo servers in 2014

In the summer of 2016, Verizon Communications Inc. decided to buy Yahoo's main Internet business. For all of the assets, a potential buyer offered Yahoo $ 4.83 billion. Among other assets, Verizon had to leave a postal service, search, a news and sports portal, financial tools and a Yahoo messenger.

But in the autumn of the same year, the agreement was put at risk: it became known about the large-scale hacking of Yahoo servers, as a result of which the data of 500 million users of the company's services were compromised. Moreover, the hacking was carried out not in 2016, but in 2014. At the time of the trial, the deal between Verizon and Yahoo was suspended (the other day it was reported that it was close to completion). Some time later, Yahoo came to the conclusion that the attackers who hacked the server of the corporation were representing the interests of some state.

In parallel with Yahoo, its investigation was conducted by experts from the US Department of Justice. Officials decided to investigate what had happened, since, among other accounts, the attackers compromised accounts of more than 150,000 members of the government, law enforcement officers and the military of the United States and other countries.
')
Recently, the media reported that representatives of the US Department of Justice completed the investigation. Based on its results, charges were brought against two FSB officers, Dmitry Dokuchaev and Igor Sushchina. The official position of Major Dokuchaev is a senior security officer of the 2nd Division of the Operational Directorate of the Information Security Center (CIB) for the FSB of Russia. According to Vedomosti , an operative of the Information Security Center (CIB) of the FSB Dokuchaev in December last year was arrested in the case under Art. 275 (high treason) together with Sergei Mikhailov, head of the department of the CIB, deputy head of the center. As for Sushchina, the Americans consider him the head of Dokuchaev. He was also an undercover agent and head of information security in one of the Russian investment banks.

In addition, a citizen of Russia Alexey Belan and a citizen of Kazakhstan Karim Buratov considered the hackers to be accomplices. This Tuesday, Buratov was arrested by Canadian law enforcers. By the way, Alexey Belan was included in the sanctions list of persons accused by the United States of committing cybercrimes, which are dangerous for the stability and well-being of this state. For information on his whereabouts, the FBI is offering $ 100,000. The sanctions list was signed by the previous US President Barack Obama.

Alexey Belan, as far as can be understood from the statements of US law enforcement officers, is a key figure in this whole affair. The Americans claim that it was he who was able to penetrate the Yahoo network by accessing the user database and the account management tool called the Account Management Tool. This internal company service allows you to change some of the credentials of users of the system, including passwords.

In addition, the attackers had at their disposal another tool that allowed them to fake cookies of certain user accounts, gaining access to these accounts without a password. The thing is that the user database generates a cryptographic key for each of the accounts. It can be used to generate cookies associated with the account. This method and applied the attackers.


List of individuals accused of compromising accounts of hundreds of millions of Yahoo users. From left to right: Dmitry Dokuchaev, Igor Sushchin, Alexey Belan, Karim Baratov (Source: Arstechnica)

The FBI believes that Belan uploaded the entire user database to his own computer via FTP. He did it from November to December 2014.

FBI officials claim that they intercepted an e-mail that Dokuchaev sent to Sushchina in July 2015. This letter contained detailed instructions for generating cookies for certain Yahoo accounts. The main software tool here is a plug-in for Firefox called Advanced Cookie Manage. Belan, according to FBI representatives, used cookies to gain access to more than 6,500 user accounts.

Of the half a billion compromised accounts, according to representatives of the US government, the attackers needed only the accounts of some Russian journalists, Russian and American officials, employees of a large Russian antivirus company, and some employees of Internet companies in Russia and the United States.

One of those accused of hacking Yahoo, according to the FBI, used access to company accounts for personal purposes. In particular, he analyzed the correspondence of users in order to search for credit and gift card numbers, redirect Yahoo search traffic (a certain part of the traffic) to get a commission. In addition, the bureau staff are confident that the same person has sold a base of 30 million compromised accounts to spammers.

John Bennet, a special agent of the FBI, said in an interview with the online publication Ars Technica that the bureau does not yet know exactly how the Kremlin is connected with the events.

According to Novaya Gazeta, the arrest of Colonel Mikhailov and Major Dokuchaev is linked to the activities of the Shaltai Dumpty hacker group. This group is connected with hacking into personal correspondence of Dmitry Medvedev, Deputy Prime Minister Arkady Dvorkovich, officials of the presidential administration, the Ministry of Defense, Roskomnadzor. It is interesting that since 2005, Dokuchaev led the Forb heading in the Hacker magazine under the Forb nickname.

In one of his articles he wrote the following: “In my understanding, the word“ hacker ”is a diversified person who knows the theory of network errors and successfully applies his knowledge in practice. In addition, a hacker must have programming skills, a good idea to know at least two operating systems and, of course, have great connections and influence with other hackers. ”