Alleged Yahoo Hacker-For-Hire: Plea Reports Are Premature

[In2an3_PpG]

Alleged Yahoo Hacker-For-Hire: Plea Reports Are Premature

Attorney Dismisses Reports That Karim Baratov Will Plead Guilty to Some Charges

Karim Baratov pictured at his home in Ancaster, Ontario, in an undated photo. (Photo: Facebook)

Reports of a plea deal for a man who's been extradited from Canada to the United States on charges that he assisted in a massive hack of Yahoo in 2014 are premature, his attorney tells Information Security Media Group.

See Also: Addressing the Identity Risk Factor in the Age of 'Need It Now'

Karim Baratov, 22, was one of four men named in a 47-count U.S. federal indictment, dated Feb. 28 and unsealed March 15. The indictment charges the suspects with computer hacking, economic espionage and other criminal offenses tied in part to the massive 2014 mega-breach of Yahoo.

Baratov was arrested in Ontario on March 14 and extradited in August after waiving his right to an extradition hearing. After arriving in the United States, Baratov waived his U.S. bail hearing, meaning he's remained in custody. His lead attorney, Toronto-based Amedeo DiCarlo, told ISMG in August that his client was eager to fight the charges filed against him (see Accused 'Hacker for Hire' for Russia Pleads Not Guilty).

On Friday, multiple media reports said that Baratov, a dual Canadian-Kazakh national, was expected to plead guilty to some charges on Tuesday. Some of those reports were stoked by a calendar entry listing a Tuesday "change of plea hearing" for his case on the website for the U.S. District Court for the Northern District of California.

But the latest official update on the case occurred on Oct. 23. Citing ongoing discussions aimed at reaching a plea deal, both the defense and prosecution teams petitioned the court for a temporary exemption to the Speedy Trial Act. That law requires that a defendant be brought to trial within 70 days of the date on which they were indicted or arraigned - whichever is later. Otherwise, the indictment must be dismissed.

"Since the initial status conference on Aug. 29, 2017, the parties have been meeting and conferring, and believe that the requested additional time would be helpful, to determine whether a pre-trial resolution is possible," according to the motion.

U.S. District Court Judge Vince Chhabria approved their request, rescheduling Baratov's next courtroom appearance from Oct. 24 to Nov. 28.

Negotiations Underway
Attorney Amedeo DiCarlo, who's been leading his client's U.S. defense team, consisting of Andrew Mancilla and Robert Fantone, tells ISMG that everyone involved in the case has been "given strict orders by the court and USA government not to release any information from those discussions."

DiCarlo said that the next hearing for Baratov, scheduled for Tuesday in San Francisco federal court, would provide an update on the case. But he said discussing anything further was premature.

The U.S. Attorney's Office did not immediately respond to a request for comment.

The request to put Speedy Trial requirements on hold is not unusual in cases involving alleged computer crimes, experts say, given their typical complexity (see Case Against Marcus 'MalwareTech' Hutchins Gets 'Complex' ).

Indeed, the Oct. 23 motion stated that "defense counsel is continuing to review the discovery provided by the United States, including the approximately 39 GB of discovery under the Protective Order that the United States provided on Sept. 21."

Accused 'Hacker For Hire'
Prosecutors have accused Baratov of being a "hacker for hire" who helped Russian intelligence agents accused of hacking 500 million Yahoo users' accounts in 2014. Baratov has pleaded not guilty to charges that he used spear-phishing attacks to obtain the webmail passwords for at least 80 individuals.


Dmitry Dokuchaev is on the FBI's "Cyber Most Wanted" list.
Baratov has been accused of working for Dmitry Dokuchaev, 33, an officer at Russia's Federal Security Service, or FSB, and his superior, Igor Sushchin, 43, who allegedly posed as the head of information security for a Russian investment bank (see Outsourcing Cyber Espionage Landed Russia in Trouble).

As part of the case, a fourth man, Alexsey Belan, a 29-year-old Russian citizen who was born in Latvia, has also been charged. He is believed to be in Russia.

Experts say it's unlikely that any of the other three defendants will ever stand trial in a U.S. courtroom, provided they do not travel to a country that has an extradition treaty with the United States (see Hackers' Vacation Plans in Disarray After Prague Arrest).

Russia has never extradited a cybercrime suspect to the United States.

 

[In2an3_PpG]

Canadian Hacker-for-Hire for Russia Pleads Guilty

Spoiler

Karim Baratov, 22, appeared in U.S. federal court Tuesday, where he pleaded guilty to hacking Gmail and Yandex webmail accounts of individuals earmarked by Russia's FSB state security service and exchanging the victims' account passwords for money (see Alleged Yahoo Hacker-For-Hire: Plea Reports Are Premature).

See Also: Effective Cyber Threat Hunting Requires an Actor and Incident Centric Approach

Baratov, a Canadian citizen and resident who was born in Kazakhstan, was one of four men named in a 47-count federal indictment filed in February and unsealed in March. The indictment charges the suspects with computer hacking, economic espionage and other criminal offenses tied in part to a 2014 hack attack against search giant Yahoo that exposed 500 million accounts.

Baratov was not accused of having anything to do with the Yahoo hack itself.

The other three men named in the indictment are Dmitry Aleksandrovich Dokuchaev, 33, and Igor Anatolyevich Sushchin, 43, who are both alleged FSB agents, as well as Alexsey Alexseyevich Belan, aka "Magg," 29. All three have been charged with compromising Yahoo's network and gaining the ability to access Yahoo accounts.

The FSB employed Baratov as a "hacker for hire," prosecutors allege. "When they desired access to individual webmail accounts at a number of other internet service providers, such as Google and Yandex ... Dokuchaev tasked Baratov to compromise such accounts," the U.S. Department of Justice says in a statement (see Outsourcing Cyber Espionage Landed Russia in Trouble).

The Kremlin has denied those allegations.

Baratov was arrested in Ontario on March 14. He subsequently waived his right to an extradition hearing. After being extradited to the United States in August, he waived his right to a bail hearing and has remained in custody (see Accused 'Hacker for Hire' for Russia Pleads Not Guilty).

"With the assistance of our law enforcement partners in Canada, we were able to track down and apprehend a prolific criminal hacker who had sold his services to Russian government agents," said U.S. Attorney Brian J. Stretch.

Announcing Baratov's plea deal, Stretch said that the world's worsening cybercrime problem was being compounded "when cybercriminals such as Baratov are employed by foreign government agencies acting outside the rule of law."

'Good Faith Negotiations'
Baratov's plea deal saw him reverse his initial not-guilty plea (see Accused 'Hacker for Hire' for Russia Pleads Not Guilty).

His attorney, Toronto-based Amedeo DiCarlo, tells Information Security Media Group that the shift came after "substantial good faith negotiations" between Baratov's U.S. defense team and prosecutors. "The next stages will involve sentencing given special consideration to many factors discussed in our meetings" with prosecutors, he adds.

Bartatov is due to be sentenced on Feb. 20, 2018, and faces a maximum prison sentence of 20 years. DiCarlo, however, says that prosecutors will be recommending a maximum term of seven to nine years for his client, due to his cooperation.

As part of his plea deal, Baratov pleaded guilty to nine counts in the 41-count indictment.

Webmail Account Hacking to Order
The Justice Department says that Baratov admitted to functioning as a webmail-hacking-as-a-service provider. "As part of his plea agreement, Baratov not only admitted to his hacking activities on behalf of his co-conspirators in the FSB, but also to hacking more than 11,000 webmail accounts in total on behalf of the FSB conspirators and other customers from in or around 2010 until his March 2017 arrest by Canadian authorities," the Justice Department says.

"Baratov advertised his services through a network of primarily Russian-language hacker-for-hire web pages hosted on servers around the world. He admitted that he generally spear-phished his victims, sending them emails from accounts he established to appear to belong to the webmail provider at which the victim's account was hosted, such as Google or Yandex," the Justice Department says. "Once Baratov collected the victims' account credentials, he sent his customers screen shots of the victims' account contents to prove that he had obtained access and, upon receipt of payment, provided his customers the victims' log-in credentials."

DiCarlo tells ISMG that his client only hacked 80 accounts for an individual that prosecutors have since outed as being an FSB agent. "As detailed in the plea agreement, Karim only attempted to hack 80 accounts for the individual he knew as 'PatrickNag,' and was only successful with eight of the accounts," DiCarlo says. "The other hacks that the government mentioned were requests from other individuals entirely unrelated to the FSB, as far as we know."

DiCarlo said that until his client saw the indictment, he did not know that Patrick Nag was actually the FSB's Dokuchaev, as alleged in the indictment. "He also did not know that the accounts that Patrick Nag asked him to hack were accounts discovered and selected as a result of the Yahoo hack," DiCarlo says. "He had no contact with any of the other co-defendants."

Other Suspects: Russian Residents
Of the four men named in the indictment, Baratov is the only one who has been arrested. The Justice Department believes the others are in Russia.

The United States has no extradition treaty with Russia. But the three suspects will face a lifetime of risk that they could be detained if they travel to or through any country that shares an extradition treaty with the United States, or which is otherwise friendly to U.S. law enforcement requests (see Russia's Accused Hacker Repeat Play: Extradition Tug of War).

Yahoo Cites FSB in Court
The identity of some of its alleged hackers has not gone unnoticed by Yahoo.

In September, attorneys for Yahoo - now part of Verizon - argued that class-action lawsuits filed against the search giant over three separate breaches that it suffered should be dismissed, in part, due to the extraordinary nature of the 2014 hack.

"This litigation arises out of one of the most organized, sophisticated and relentless criminal attacks in cybercrime history, sponsored by the Russian Federal Security Service," Yahoo said in its motion to dismiss the trial. "This was no ordinary security breach, but a full-fledged, state-sponsored cyber assault designed to evade Yahoo! Inc.'s security measures, avoid Yahoo's detection systems, and adapt and evolve to meet Yahoo's security defenses and upgrades."

Judge Lucy Koh of the U.S. District Court for the Northern District of California disagreed, ruling that the lawsuits on behalf of affected U.S. consumers should proceed (see Judge Nixes Bid to Quash Suit Filed by Yahoo Breach Victims).

 

[Deleted member 65228]

Not trying to offend the US government or any for that matter, but how silly can you be to put up warnings about how you are after a specific person, knowing that the current location they are in will forbid extradition? Surely you'd just keep quiet so the chances of them moving to an area where they can be extradited (e.g. whilst on holiday to US) increases.

 

[plat1098]

Ah so this is how one thrives on the proceeds of the rip-offs of my and about three billion others' info. Nice while it lasted, what?