Spear-phishing emails to a "semi-privileged" Yahoo employee were probably the Achilles heel that led to the exposure of half a billion users' details, the Federal Bureau of Investigation told reporters in a follow-up briefing to the unsealing of the indictment against four men alleged to be behind the 2014 attack.
Indicted along with Baratov in the alleged conspiracy that authorities said began in January 2014 were Dmitry Aleksandrovich Dokuchaev, 33, and Igor Anatolyevich Sushchin, 43, who USA authorities describe as Russian intelligence agents who allegedly masterminded and directed the hacking. Rather than arresting him, the DoJ claims the two FSB agents used him to gain access to Yahoo's systems. Both men are in Russian Federation, it said.
According to the indictment, FSB officers Sushchin and Dokuchaev also directed Baratov to use the information gained in the Yahoo breach to hack specific targets who possessed email accounts with other service providers, including Google.
Yahoo has praised the news, saying: "The indictment unequivocally shows the attacks on Yahoo were state-sponsored".
McCord said the hacking campaign was waged by the FSB to collect intelligence but that the two hackers used the collected information as an opportunity to "line their pockets". Another, Alexsey Belan, is on the list of the FBI's most wanted cyber criminals and has been indicted multiple times in the U.S. It's not clear whether he or the other two defendants, Dmitry Dokuchaev and Igor Sushchin, will ever step foot in an American courtroom since there's no extradition treaty with Russian Federation. The case, announced amid continued US intelligence agency skepticism of their Russian counterparts, comes as USA authorities investigate Russian interference through hacking in the 2016 presidential election.
The Justice Department said Baratov was arrested in Canada on Tuesday and that his case is now pending with Canadian authorities.
UNCW's Keatts meets face to face with NC State
Gottfried made NCAA tournaments in his first four years in Raleigh, after Sidney Lowe had gone 0-for-5 before Gottfried's arrival. But he's widely considered to be a rising star in the business - someone who took UNC-Wilmington to consecutive NCAA Tournaments.
Yahoo said, when it announced the then-unprecedented breach last September, that it was working with law enforcement authorities and believed the attack was state-sponsored.
The United States does not have an extradition treaty with Russia, but McCord said she was hopeful Russian authorities would cooperate in bringing criminals to justice.
Just a day after many Twitter users' accounts were compromised by hackers who exploited the access of a third-party app to post ugly swastika-splattered tweets in support of Turkish president Recep Erdoğan, the official Twitter account of the McDonald's burger chain was apparently hijacked and used to post an abusive tweet to Donald Trump, the U.S. president.
The administration of former President Barack Obama brought similar charges against Chinese and Iranian hackers who have not been extradited.
Kevin Bocek, chief security strategist for the enterprise security firm Venafi, told us in an email that it's not surprising to find out that Russian hackers may be behind the Yahoo attacks. He is accused of directing the Yahoo hacking along with his superior, the 43-year-old Sushchin.
Belan later gained unauthorized access to Yahoo's network that he shared with FSB, the indictment said.