The spies allegedly protected and paid criminal hackers to collect information.
The US Department of Justice has charged two Russian spies of conspiring with criminal hackers to steal the details of millions of Yahoo user accounts. Dmitry Dokuchaev and Igor Sushchin, who are members of the Russian intelligence agency FSB, were among the four individuals indicted by the Justice Department over the massive Yahoo breach.
In October, it was discovered that a cyber attack on Yahoo in 2014 led to a breach of over 500 million email account details on the network.
The user account information that was hacked included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.
The DoJ said that the two spies protected, directed, facilitated and paid criminal hackers to gather information through computer intrusions in the US and elsewhere.
It said: “They worked with co-conspirators Alexsey Belan and Karim Baratov to hack into computers of American companies providing email and internet-related services, to maintain unauthorised access to those computers and to steal information, including information about individual users and the private contents of their accounts.”
According to DoJ, the conspirators targeted Yahoo accounts of Russian and US government officials, including cyber security, diplomatic and military personnel.
The Yahoo breach was also targeted at Russian journalists, employees of other network providers and employees of financial services and other commercial entities.
Belan, one of the hackers in the case, has already been indicted twice in the US for three intrusions into e-commerce companies.
Instead of detaining him, the Russian spies used him to hack Yahoo’s networks, the Department said.
The hacker used his relationship with the two FSB officers and his access to Yahoo to continue criminal activities.
He gained access to over 30 million Yahoo accounts, whose contact details were stolen to carry out an email spam scheme.
The DOJ said: “There are no free passes for foreign state-sponsored criminal behavior.
“When possible, and supported by the evidence, we intend to charge those individuals and bring them to justice.”