Just two years ago, the Obama White House welcomed Russia’s top internal security official, Alexander Bortnikov, to Washington, as the head of a Kremlin delegation attending a highly publicized U.S. government summit on countering violent extremism.
What U.S. officials did not then know is that officers of the agency that Bortnikov heads, the FSB or Federal Security Service, were at that moment directing an audacious state-sponsored cyberattack to penetrate Yahoo’s email network, deploying criminal hackers to steal data on 500 million email users, according to criminal charges unveiled by the Justice Department on Wednesday. The indictment handed up by a federal grand jury in California charged two FSB officers and two civilians — one Russian and one from Kazakhstan, now living in Canada — with crimes including computer hacking and economic espionage.
The FSB sponsored cyberattack, which lasted from 2014 to last September, was described by government officials today as one of the largest data breaches in history: It involved the theft of vast amounts of credit card data and other financial information, as well as personal details on individuals of high interest to the Russian government: journalists, U.S. officials and U.S. and foreign corporate executives and employees, including a senior officer of a major U.S. airline and even a Nevada gaming official.
But what was especially galling to U.S. officials is that the two FSB officers at the center of the plot, Dmitry Dokuchaev and Igor Sushchin, were assigned to the agency’s Center for Information Security, or Center 18 — a cybercrime unit that was the FBI’s point of contact for investigating criminal hacking operations.
“What this shows is that we’ve been had,” said Steve Hall, a former CIA station chief in Moscow who later directed agency operations in Russia. “Center 18 was the part of the FSB that was supposed to be working with us.”
But instead of working with the FBI and CIA to catch hackers, the FSB officers were actually working with hackers themselves, according to the Justice Department charges. In the Yahoo attack, two alleged cybercriminals were also charged as co-conspirators in the plot. One of them, Alexsey Belan, a notorious cyberthief who has been twice indicted in the United States and is on the FBI’s “Cyber Most Wanted” list, received “sensitive” law enforcement and intelligence information from the FSB that helped him avoid detection by the FBI and facilitated his theft of proprietary Yahoo data — including stealing the company’s Account Management Tool (AMT), a system that Yahoo used to make and log changes to user accounts. His purpose, a senior U.S. official said today, was to “line his own pockets with money.”
The indictment gives some details on Belan’s methods. He allegedly manipulated Yahoo’s English-language search engine so that when users searched for erectile dysfunction medications, they were redirected to an unnamed U.S. cloud computing company that automatically sent them to the website of an online pharmacy company. The online pharmacy paid commissions to marketers who drove traffic to its website. “As a result, Belan was paid for diverting Yahoo search engine users to it,” the indictment charges.