Attacks/Breaches

11/28/2017
08:27 PM
50%
50%

Suspect in Yahoo Breach Case Pleads Guilty

Karim Baratov admits he worked on behalf of Russia's FSB.

A 22-year-old Canadian national arrested for his alleged role in stealing webmail user credentials in February entered a guilty plea in a US District Court for hacking activities on behalf of Russia's FSB and the breach of 11,000+ webmail accounts for the Russian federal security service, the US Department of Justice announced today.

Karim Baratov — aka Kay, Karim Taloverov, and Karim Akehmet Tokbergenov — is one of four defendants charged in connection with the 2014 Yahoo cyberattack. The other three defendants are Russian nationals and remain at large: Igor Sushchin, an undercover Russian Federal Security Service (FSB) agent; Dmitry Dokuchaev, a former FSB officer who was arrested by the FSB for treason; and Alexsey Belan, a well-known Russian hacker.

In his guilty plea, Baratov confirmed his role in the theft of webmail accounts of people identified by the FSB and then sending those stolen credentials to Dokuchaev. Dokuchaev, Sushchin, and Belan had hacked into Yahoo's network and compromised user accounts there, while Baratov stole credentials from users with Google Gmail and Yandex email accounts. He used mostly spearphishing to breach webmail accounts on behalf of the FSB between around 2010 until March 2017, when he was arrested. 

"This case is a prime example of the hybrid cyber threat we're facing, in which nation states work with criminal hackers to carry out malicious activities," says Executive Assistant Director Paul Abbate of the FBI's Criminal, Cyber, Response, and Services Branch.

Baratov is currently being held in California without bail, and his sentencing is scheduled for February 20, 2018, in US District Court in San Francisco. 

Read more about his guilty plea here

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
11/30/2017 | 8:45:31 AM
Sentencing Hearing
It will be interesting to see what his sentencing hearing will yield on the 2/20/18. Based on the context of Nation-State hacking will this individual receive the maximum penalty?
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-1664
PUBLISHED: 2018-09-25
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. ...
CVE-2018-1669
PUBLISHED: 2018-09-25
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote atta...
CVE-2018-1539
PUBLISHED: 2018-09-25
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. IBM X-Force ID: 142561.
CVE-2018-1560
PUBLISHED: 2018-09-25
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a tr...
CVE-2018-1588
PUBLISHED: 2018-09-25
IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resourc...