Karim Baratov sentenced to 5 years for major Yahoo security breach
SAN FRANCISCO — A Canadian man has been sentenced to five years in prison in connection with a massive security breach at Yahoo that U.S. federal agents say was directed by Russian government spies.
U.S. Judge Vince Chhabria on Tuesday also fined 23-year-old Karim Baratov US$250,000.
Baratov, from Hamilton, pleaded guilty in November to nine felony hacking charges. He acknowledged hacking thousands of webmail accounts for seven years ending with his arrest last year.
U.S. law enforcement officials have called Baratov, a “hacker-for-hire” who was paid by members of the Russian Federal Security Service, or FSB, to access accounts.
The U.S. Department of Justice said Baratov used spearphishing schemes that would trick victims into entering their account credentials into webpages he built to appear to be from their webmail providers.
Baratov’s attorneys contended he didn’t know he was working for the Russian spy agency.
Baratov was arrested in Hamilton in March 2017 under the Extradition Act after American authorities indicted him for computer hacking, economic espionage and other crimes.
After Baratov’s guilty plea, his lawyers told reporters he hacked only eight accounts and did not know that he was working for Russian agents connected to the Yahoo breach.
“He’s been transparent and forthright with the government since he got here,” lawyer Andrew Mancilla said at the time.
In August 2017, Baratov decided to forgo his extradition hearing to face the charges in California. His Canadian lawyer at the time said the move was to speed up the legal process.
Also facing charges are Russian agents Dmitry Dokuchaev and Igor Sushchin, who prosecutors say used the information they stole from Yahoo to spy on Russian journalists, U.S. and Russian government officials and employees of financial services and other private businesses.
Dokuchaev, Sushchin and a third Russian national, Alexsey Belan, were also named in the indictment filed in February, though it’s not clear whether they will ever step foot in an American courtroom since there’s no extradition treaty with Russia.
Though the U.S. government had previously charged individual Russian hackers with cybercrime, this was the first criminal case to name as defendants sitting members of the Russian Federal Security Service for hacking charges, the U.S. Department of Justice said.
The Associated Press