Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

11/28/2017
08:27 PM
50%
50%

Suspect in Yahoo Breach Case Pleads Guilty

Karim Baratov admits he worked on behalf of Russia's FSB.

A 22-year-old Canadian national arrested for his alleged role in stealing webmail user credentials in February entered a guilty plea in a US District Court for hacking activities on behalf of Russia's FSB and the breach of 11,000+ webmail accounts for the Russian federal security service, the US Department of Justice announced today.

Karim Baratov — aka Kay, Karim Taloverov, and Karim Akehmet Tokbergenov — is one of four defendants charged in connection with the 2014 Yahoo cyberattack. The other three defendants are Russian nationals and remain at large: Igor Sushchin, an undercover Russian Federal Security Service (FSB) agent; Dmitry Dokuchaev, a former FSB officer who was arrested by the FSB for treason; and Alexsey Belan, a well-known Russian hacker.

In his guilty plea, Baratov confirmed his role in the theft of webmail accounts of people identified by the FSB and then sending those stolen credentials to Dokuchaev. Dokuchaev, Sushchin, and Belan had hacked into Yahoo's network and compromised user accounts there, while Baratov stole credentials from users with Google Gmail and Yandex email accounts. He used mostly spearphishing to breach webmail accounts on behalf of the FSB between around 2010 until March 2017, when he was arrested. 

"This case is a prime example of the hybrid cyber threat we're facing, in which nation states work with criminal hackers to carry out malicious activities," says Executive Assistant Director Paul Abbate of the FBI's Criminal, Cyber, Response, and Services Branch.

Baratov is currently being held in California without bail, and his sentencing is scheduled for February 20, 2018, in US District Court in San Francisco. 

Read more about his guilty plea here

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
11/30/2017 | 8:45:31 AM
Sentencing Hearing
It will be interesting to see what his sentencing hearing will yield on the 2/20/18. Based on the context of Nation-State hacking will this individual receive the maximum penalty?
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/27/2020
The Problem with Artificial Intelligence in Security
Dr. Leila Powell, Lead Security Data Scientist, Panaseer,  5/26/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11059
PUBLISHED: 2020-05-27
In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1.
CVE-2020-10936
PUBLISHED: 2020-05-27
Sympa before 6.2.56 allows privilege escalation.
CVE-2020-6774
PUBLISHED: 2020-05-27
Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system.
CVE-2020-13633
PUBLISHED: 2020-05-27
Fork before 5.8.3 allows XSS via navigation_title or title.
CVE-2020-10945
PUBLISHED: 2020-05-27
Centreon before 19.10.7 exposes Session IDs in server responses.