Yahoo hacker Karim Baratov put behind bars for 5 years

Baratov is finally charged with Yahoo hacking and a list of other crimes

Canadian citizen Karim Baratov is finally sentenced to five years in US prison for his role in the major Yahoo hacking campaign organized by Russian spies in 2014.^[1] Last year, cybercriminal pleaded guilty to nine counts, including aggravated identity theft, espionage, and hacking. 

The defense was asking for milder sentence of 3.7 years, while opposition proposed almost eight years behind bars. Ultimately, the judge Vince Chhabria settled for five years.^[2] The 23-year-old was also fined $250,000 what led him to the confiscation of his assets.

Kazakhstan-born Baratov claimed that he was hacker-for-hire and first had no idea that he is working for Russian intelligence agency FSB (which was later accused of similar crimes^[3]). He and other three culprits were charged with breaking into more than 11,000 Yahoo email accounts in seven years of the operation. He was later caught by Canadian law enforcement and extradited to the US to face charges.

According to US Justice Department, the hacker worked for two Federal Security Service agents – Dmitry Dokuchaev and Igor Sushchin. Alexsey Belan, Baratov's partner, who was also convicted for the crime, is most likely to escape the punishment as he is currently residing in Russia. At the moment, he is on FBI's Most Wanted Hackers list.^[4]

Baratov's shady activities and the data breach

Between 2010 and 2017, Baratov ran an illegal hacking business. Customers had to pay as much as $100 for getting a chance to reach other people's credential information. Ironically, these people were tricked as well, as they were asked to enter their account details into fraudulent password reset page which was owned by the hacker.

A targeted phishing attack was organized by Baratov, Belan, Sushchin, and Dokuchaev, allowing them to get access to Yahoo's internal networks. The phishing emails were sent to semi-privileged Yahoo employees, consequently resulting in just one click granting entry to Yahoo network.

Once the access was obtained, Belan started to sniff around two assets:

• Yahoo's User Database (UDB)
• The Account Management Tool

The UDB contained personal information of all Yahoo users, while the Management tool allowed changing the information of any targeted account. Once the database was copied by hackers, they ended up with accounts that interested Russian agents. The database contained the data of over 500 million accounts.

The hacker demonstrated his wealth online

During the hacking period, Baratov earned a lot of money.^[5] His attorneys argued that he was barely 19 years of age at the time the hack began and that he was simply interested in coding which ultimately lead to “unintentional” wealth. Nevertheless, the authorities replied with the following:

This is not a case of a teenager making an isolated mistake on the internet out of curiosity. Rather, this is a case of the defendant making a profession out of breaking into the private lives of thousands of victims

Baratov lived in a $650,000 house and was known to drive expensive cars, including Aston Martin, Mercedes Benz, Lamborghini, and others. He was not shy about it either, as he rushed to upload photos of his assets or even stashes of $100 bills on social media.