The U.S. Department of Justice on Wednesday charged four people, including two Russian intelligence officials, for the historic breach of Yahoo that exposed some 500 million accounts.
The four charged in the cybercrime, two of whom worked for Russia’s Federal Security Service (FSB), stand accused of hacking the accounts in an effort to target U.S. and Russian government officials, journalists, and businesspeople from a variety of sectors. One of the alleged hackers is also believed to have searched the breached accounts for credit card and gift card credentials and hijacked some 30 million accounts to conduct spam campaigns.
Among the charged are 33-year-old Dmitry Dokuchaev and Igor Sushchin, 43, who worked in the cyber division of FBS known as “Center 18.” FBS is one of two major intelligence agencies in Russia and the successor of the Soviet-era KGB.
Dokuchaev was arrested in December for allegedly committing treason against Russia’s government by secretly working for the Central Intelligence Agency.
The remaining two defendants are Alexsey Alexseyevich Belan, a 29-year-old Russian who went by “Magg” online,” and Karim Baratov, a 22-year-old Candian resident. The Russian government allegedly hired Belan and Baratov, according to U.S. officials.
The Justice Department announced that Baratov was detained on Tuesday. Neither Sushchin nor Belan have been apprehended by the U.S. or any other nations.
“Cybercrime poses a significant threat to our nation’s security and prosperity, and this is one of the largest data breaches in history,” Attorney General Jeff Sessions said in a statement. FBI Director James Comey said the indictments show the U.S. is “shrinking the world to ensure that cybercriminals think twice before targeting U.S. persons and interests.”
Yahoo first revealed the breach in September 2016, stating only that it believe the perpetrators were “state-sponsored” actors.