Alexei Belan’s career as a successful cyber thief nearly came to an end in 2013 when he was arrested in Greece at the request of U.S. authorities. But he avoided extradition and returned to Russia.
Back in his homeland, Belan continued stealing credit cards and filling the internet with ads for erectile dysfunction remedies, but now he wasn’t just working for himself. Russia’s main intelligence agency, the Federal Security Service, or FSB, assigned him a highly ambitious project: hacking into Yahoo and stealing account information on hundreds of millions of users.
The relationship between Mr. Belan and two Russian agents, Dmitry Alexandrovich Dokuchaev and Igor Anatolyevich Sushchin, was described in an indictment unsealed in federal court in San Francisco on Wednesday. If true, the charges represent an unusual example of Russian cyber espionage, and in particular the symbiotic relationship between identity thieves and spammers and elite Russian intelligence services.
Cybersecurity experts and the FBI have long suspected that Russian spies hire and protect criminal hackers to a startling degree, but evidence has been scant. The indictment released Wednesday details that collusion for the first time.
The Justice Department alleges that FSB agents provided Mr. Belan with Russian espionage tools to minimize detection by American law enforcement. At their behest, he helped spy on foreign officials and even Russian citizens, including a newspaper reporter and an Interior Ministry official.
The team eventually stole subscriber information from more than 500 million accounts in 2014 and used proprietary Yahoo software to access about 6,500 of them.
Exactly what information the Russian spies obtained is not clear from court documents. But prosecutors noted that some of the infiltrated accounts belonged to U.S. government officials, “including cybersecurity personnel, the diplomatic corps, the military and the White House,” the indictment said. Court documents also describe a secondary scheme in which FSB officers paid a Canadian hacker to break into individual Gmail accounts.
The indictment reveals various tactics used by Russian intelligence while officials were still investigating what the U.S. intelligence community has characterized as Russian attempts to interfere in the 2016 election. There were low-tech strategies, such as the basic phishing attacks that have become commonplace for anyone who works online. There were more exotic schemes, such as tricking Yahoo into believing that a computer in Russia was actually a certain user’s home computer, which allowed Russian intelligence officers to gain instant access to an email account without a password.
The list of targets provides insight into both the global reach of the Russian spy apparatus and the internecine power struggle between rival Russian intelligence agencies. The victims included Russian government officials, including a member of the Russian Interior Ministry’s cybercrime unit, suggesting that the FSB used its own intelligence resources to gain an advantage over a rival agency.
“All Russian intelligence services are competitive and carnivorous,” said Mark Galeotti, a Russia expert at the Institute of International Relations in Prague.
Mr. Belan, who is 29 and has reddish hair, came to the F.B.I.’s attention about five years ago and had previously been charged with hacking e-commerce companies. In December, in response to American intelligence findings that Russia had tried to interfere in the presidential election, the Obama administration announced sanctions against Mr. Belan and Yevgeny M. Bogachev, who is also suspected of cyberfraud and has also been found to have ties to Russian intelligence.
Arkady Bukh, a Manhattan lawyer who represented Mr. Belan after his arrest in Greece, said he had not heard from Mr. Belan since he was out on bail and returned to Russia in 2013.
“For the last couple of years it’s been impossible to contact him,” Mr. Buch said. “He’s disappeared.”
But even while working for Russian intelligence, Mr. Belan kept up his old racketeering activities. Once he hacked into Yahoo, he began looking for things to steal, such as gift cards or credit card numbers found in e-mail accounts. According to the indictment, he orchestrated a massive spam campaign and tweaked some servers associated with Yahoo’s search engine so that men looking for erectile dysfunction medication would be redirected to an online pharmacy that paid him a commission for attracting traffic to the site.
The indictment does not say how Mr. Belan was recruited or whether the idea to hack Yahoo belonged to him or the FBI. Nor does the indictment say how the F.B.I. identified Mr. Belan and the F.B.I. agents.
Officials have provided little information about Mr. Suschin, 43, an F.B.I. executive who the indictment says was embedded as a cybersecurity expert at a Russian financial firm. But there is plenty of intrigue surrounding Mr. Dokuchaev, 33, whom the indictment describes as Mr. Belan’s direct F.S.B. contact.
Mr. Dokuchaev was arrested in Russia on suspicion of treason in early December and accused of passing classified information to the United States. The authorities have not provided any details of the charges, making it the most high-profile counterintelligence detention in the post-Soviet period.
After the arrests, the respected Moscow newspaper RBC described Dokuchaev as a former hacker under the pseudonym “Forb” who agreed to work for the FSB to avoid prosecution for credit card fraud.
In a 2004 interview with the Vedomosti newspaper, the hacker, who called himself Forb, boasted of having hacked “a US government website,” calling it his “crowning achievement.”
Source: https://www.nytimes.com/2017/03/15/us/politics/indictment-collusion-cyberthief-russian-spies-yahoo.html