Skip to main content

Karim Baratov, who was born in Kazakhstan but has Canadian citizenship, has been charged with two Russian spies and another criminal hackers for allegedly pilfering 500 million Yahoo user accounts in 2014.

Instagram

In 2014, the Russian hacker Alexsey Alexseyevich Belan, who was already on the FBI Cyber's Most Wanted list, gained unauthorized access to Yahoo's network.

He stole a copy of Yahoo's user database, which has 500 million subscriber records containing information such as names, recovery e-mail accounts and phone numbers.

He also gained access to Yahoo's account-management tool, which allowed him and his co-conspirators to locate Yahoo e-mail accounts of interest and create bogus cookies to access at least 6,500 accounts.

Story continues below advertisement

The hackers then looked for users who had provided a recovery e-mail account, because many of those alternate e-mail addresses were corporate accounts. The hackers were thus able to identify people to target. Among the victims were a foreign diplomat, a former cabinet minister from a country neighbouring Russia and a journalist.

They also compromised Yahoo accounts of a Swiss banking firm, a Nevada gaming official, a senior official at a U.S. airline and a Shanghai-based managing director of a U.S. private-equity firm.

Mr. Belan is also accused of using the hacks to steal credit-card and gift-certificate information, and manipulating Yahoo's search-engine results so that users who looked for drugs that treat erectile dysfunction were redirected to an online pharmacy that paid him kickbacks.

The co-conspirators are alleged to have targeted high-profile people – a banker, an International Monetary Fund official, businesspeople – by going into their Yahoo account, then changing the recovery e-mail information to an account controlled by hackers.

This enabled them to change their victims' passwords and access their other e-mail accounts.

Karim Baratov, a 22-year-old Hamilton man charged in the indictment, is alleged to have been involved in hacking at least 80 of those secondary accounts.

Report an error Editorial code of conduct
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.
Comments are closed

We have closed comments on this story for legal reasons or for abuse. For more information on our commenting policies and how our community-based moderation works, please read our Community Guidelines and our Terms and Conditions.

Cannabis pro newsletter