A 22-year-old Canadian citizen named Karim Baratov has plead guilty to charges involving the 2014 hack of Yahoo, which ended up compromising 500 million accounts.
Baratov, who appeared in a San Francisco federal court yesterday, is the only individual to have been arrested in connection with this hack. He was indicted for it back in February of this year, along with three other individuals, who are based in Russia.
Two of the men indicted with have been identified as operatives in Russia’s spy agency, the FSB, Dmitry Dokuchaev and Igor Sushchin. The third is a Russian hacker named Alexsey Belan. Since no extradition treaty exists between the USA and Russia, it’s unliked any of these three men will be facing charges in a US court anytime soon.
Prosecutors say that Baratov was directed to hack the email accounts of individuals who were of interest to the FSB. He accessed their accounts using a spearphishing attack and then would send the login details to Dokuchaev in exchange for payment.
According to a report on Cyberscoop, Baratov’s lawyers have argued that their client did not know he was working for the FSB during the operation. Baratov has pleaded guilty to eight criminal charges including conspiracy to commit computer fraud and abuse and aggravated identity theft.
Prosecutors are asking for a sentence of 70 to 87 months in jail for the first charge and 24 months for the second. If the judge is unsympathetic, Baratov could spend nearly ten years in prison for his part in the hack. He’s scheduled for a sentencing hearing next year on 20th February.