Two Russian spies, one well-known Russian hacker and one Canadian have been charged with stealing sensitive information from 500 million Yahoo user accounts in one of corporate America's biggest-known hacks, US officials said.
"Dmitry Dokuchaev and Igor Sushchin, both FSB officers, protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the United States and elsewhere", McCord said.
The indictments are part of the largest ever hacking case brought by the United States. Or officials, as it were.
They were said to have targeted Yahoo accounts of cybersecurity, military and diplomatic personnel as well as employees of financial services and other businesses.
The charges are unrelated to the hacking of the Democratic National Committee and the FBI's investigation into Russian interference in the 2016 election. The information included email addresses, telephone numbers, dates of birth, passwords and security questions.
Baratov was arrested in Canada on Tuesday, while Belan is believed to be protected by authorities in Russian Federation.
McCord said the indictment alleges the two Russian FSB agents were acting on behalf of their agency. All are accused of computer hacking, economic espionage and other criminal offences. The United States now does not have an extradition treaty with Russian Federation, which will make bringing the criminals to justice hard.
The attack on Yahoo, disclosed previous year, was one of the largest ever data breaches and at the time was blamed on a "nation-state" attacker. One of the defendants has been taken into custody in Canada, and another is on the list of the FBI's most wanted cyber criminals. The local authorities have yet to decide whether he will be extradited to face charges in USA, as his case is now pending according to Reuters.
"We're committed to keeping our users and our platforms secure and will continue to engage with law enforcement to combat cybercrime", Chris Madsen, Yahoo's assistant general counsel and head of global security, said in a statement, according to the AP.
The hackers allegedly lost access to Yahoo's networks in September 2016 but continued to use stolen information through at least December, prosecutors said. Belan initiated the hack in November 2014 by stealing Yahoo's cookie "minting" source code, which enabled the defendants to manufacture account cookies to then gain access to individual user accounts, according to the indictment.