Yesterday, the United States Justice Department announced charges against three Russian nationals and one national of Kazakhstan residing in Canada. Two of the Russian’s are also members of Russia’s Federal Security Service or FSB. The FSB is Russia’s equivalent of the CIA.
These four individuals have been charged in the Yahoo hack that compromised 500 million Yahoo accounts. The four are indicted on counts of computer hacking, economic espionage and other criminal charges. You may read the DOJ press release here.
The DOJ complaint alleges that the hackers used the stolen Yahoo account information to access other email providers and accounts belonging to Russian journalists, U.S. and Russian government officials as well as private-sector employees of financial, transportation and other industries.
This new information confirms that the Yahoo hack is perhaps, the worst cybersecurity breach in history. Worse, it was accomplished in rather simple fashion, taking advantage of system and user vulnerabilities that still exist across many organizations.
Similar to the infamous Chinese hacking case, where members of China’s military were charged with hacking, it is unlikely that the Russian nationals will face justice in the United States. Extraditing these hackers from Russia is all but impossible. The Kazakh person was arrested in Canada and extradition may be likely for that individual.
Regardless of the outcome, this case clearly confirms that cyberspace is the new battlefield.