Behind the hack on Yahoo, Russian agents who had been courted by FBI
Just two years ago, the Obama White House welcomed Russia’s top internal security official, Alexander Bortnikov, to Washington, as the head of a Kremlin delegation attending a highly publicized U.S. government summit on countering violent extremism.
What U.S. officials did not then know is that officers of the agency that Bortnikov heads, the FSB or Federal Security Service, were at that moment directing an audacious state-sponsored cyberattack to penetrate Yahoo’s email network, deploying criminal hackers to steal data on 500 million email users, according to criminal charges unveiled by the Justice Department on Wednesday. The indictment handed up by a federal grand jury in California charged two FSB officers and two civilians — one Russian and one from Kazakhstan, now living in Canada — with crimes including computer hacking and economic espionage.
The FSB sponsored cyberattack, which lasted from 2014 to last September, was described by government officials today as one of the largest data breaches in history: It involved the theft of vast amounts of credit card data and other financial information, as well as personal details on individuals of high interest to the Russian government: journalists, U.S. officials and U.S. and foreign corporate executives and employees, including a senior officer of a major U.S. airline and even a Nevada gaming official.
But what was especially galling to U.S. officials is that the two FSB officers at the center of the plot, Dmitry Dokuchaev and Igor Sushchin, were assigned to the agency’s Center for Information Security, or Center 18 — a cybercrime unit that was the FBI’s point of contact for investigating criminal hacking operations.
“What this shows is that we’ve been had,” said Steve Hall, a former CIA station chief in Moscow who later directed agency operations in Russia. “Center 18 was the part of the FSB that was supposed to be working with us.”
But instead of working with the FBI and CIA to catch hackers, the FSB officers were actually working with hackers themselves, according to the Justice Department charges. In the Yahoo attack, two alleged cybercriminals were also charged as co-conspirators in the plot. One of them, Alexsey Belan, a notorious cyberthief who has been twice indicted in the United States and is on the FBI’s “Cyber Most Wanted” list, received “sensitive” law enforcement and intelligence information from the FSB that helped him avoid detection by the FBI and facilitated his theft of proprietary Yahoo data — including stealing the company’s Account Management Tool (AMT), a system that Yahoo used to make and log changes to user accounts. His purpose, a senior U.S. official said today, was to “line his own pockets with money.”
The indictment gives some details on Belan’s methods. He allegedly manipulated Yahoo’s English-language search engine so that when users searched for erectile dysfunction medications, they were redirected to an unnamed U.S. cloud computing company that automatically sent them to the website of an online pharmacy company. The online pharmacy paid commissions to marketers who drove traffic to its website. “As a result, Belan was paid for diverting Yahoo search engine users to it,” the indictment charges.
The indictment alleges that the two FSB officers were not acting alone in the Yahoo plot. It refers to other FSB officers “known and unknown” to the grand jury, including an unnamed “FSB Officer 3” who was the “senior FSB official assigned to Center 18.”
“There is no evidence that they [Dokuchaev and Sushchin] were rogue,” said one department official when asked if the two FSB officers were believed to be acting on their own or were part of a broader agency plot. (However, Russia’s news agency Interfax reported last December that Dokuchaev, whose hacker alias was “Forb,” was arrested in December in Moscow, on charges of state treason, for passing information to the CIA. He had reportedly agreed to work for the FSB to avoid prosecution for bank card fraud. Sushchin, the other FSB officer charged in the case, was described by Justice officials as Dokuchaev’s superior at the FSB’s Center 18.)
In one sense, the charges against FSB officers are not a surprise: The Obama administration, shortly before it left office, imposed sanctions against the Russian agency for its role in cyberattacks aimed at influencing the U.S. election, even though the most egregious actor was believed to be a rival agency, the GRU, Russia’s military intelligence service.
But the discovery that the very cybercrime unit that was supposed to be working with the FBI was actively involved in a massive cybercrime targeting a U.S. company clearly stung. In announcing the charges today, Mary McCord, the acting assistant attorney general for the national security division, emphasized the FSB’s roots as the successor to the Soviet KGB and described its involvement as “beyond the pale.”
Although the FSB is often thought of as a spy agency, given its internal security role, it is also Russia’s prime law enforcement agency — the equivalent of Russia’s FBI. “The involvement and direction of FSB officers with law enforcement responsibilities makes this conduct that much more egregious,” McCord said. “There are no free passes for foreign state-sponsored criminal behavior.”
More broadly, the indictment calls into question years of U.S. efforts to work with the FSB on a broad range of issues, from catching cybercriminals to counterterrorism, according to Hall, the former CIA officer.
When he served in Moscow, Hall recalled, “I can’t tell how many times the FBI [liaison] would come to me, all excited, saying, ‘Hey, we got this great thing going with the FSB.’
“I would tell him, ‘Let me know how that works out for you,’” he added. Then inevitably, months later, he said, he would see the FBI liaison again, only to be told that whatever the bureau had hoped to be working on with the FSB had once again ended up as a bust.
Read more from Yahoo News:
