Acting Assistant Attorney General for National Security Mary McCord accused two Russian security officials and two cyber criminals on Wednesday of carrying out a 2014 hack of Yahoo! (YHOO) that resulted in the theft of info about 500 million subscriber accounts.
Yahoo! suffered an even larger hack of one billion accounts in 2013. McCord did not address the 2013 attack in her presentation. However, Yahoo! Assistant General Counsel and Head of Global Law Enforcement, Security & Safety Chris Madsen said, "we linked some of that activity to the same state-sponsored actor," in a statement on Wednesday.
The attackers also targeted Alphabet's (GOOGL) Google, U.S. officials said. McCord gave "special thanks" to Yahoo and Google for their cooperation in the investigation.
The announcement comes as Yahoo is closing its $4.48 billion sale of its operating business to Verizon (VZ) . Because of the hacks, Yahoo! shaved $350 million off the sale price. The attacks underscore the increased scale of risk that companies and individuals face as governments and cyber criminals ramp up the size of their attacks, and heightens the importance of security reviews in M&A due diligence.
The government has charged FSB officers Dmitry Dokuchaev and Igor Sushchin, as well as Russian hacker Alexsey Belan and Canadian resident Karim Baratov.
The Federal Security Service of the Russian Federation, known as the FSB, the successor to the KGB. The FSB officers protected, "directed, facilitated and paid criminal hackers" to hack accounts of Yahoo! and Google users, among other actions, according to investigators. The Russian officials shared cyber crime techniques, tools, procedures and cookies that would enable accounts to be hacked, the U.S. government alleges.
McCord called the FSB the FBI's "point of contact in Moscow for cyber crime," making the incursion "that much more egregious." The officers were acting in their official capacity, the U.S. government alleges.
"We are seeing more and more use by nation states of criminal hackers to carry out some of their intentions," McCord added, saying that Russia is not unique in this tactic.
The alleged tag team of Russian security officers and cyber criminals highlights the range of forces trying to break into communications networks for geopolitical or economic gain.
"Organizations may have been under the false impression that state sponsored hacking was aimed at other governments - or at worst, political parties," Imperva (IMPV) vice president of marketing Tim Matthews said in an emailed statement. "Now we have learned that elite teams of state sponsored conspirators and hackers are also seeking access to corporate data."
The Imperva executive likened Russia's government hiring cyber crooks to the historical practice of nation states enlisting mercenary soldiers.
"In this case, after collecting the data on their political targets, which includes employees of commercial entities in transportation and financial services, the hackers were given free rein with the spoils - the data from 500 million Yahoo users," Matthews said.
When asked whether U.S. law enforcement could work effectively with Russian officials on future cases, FBI Assistant Director for the Criminal, Cyber, Response and Services Branch Paul Abbate said, "That's a challenge. This case is going to be a great test of that."
The U.S. will request extradition of Belan, Dokuchaev and Suschin, Abette said.
Belan is on the FBI's Cyber Most Wanted list. Arrested in Europe in 2013, he escaped to Russia before extradition. "Instead of acting on the U.S. government's Red Notice and detaining Belan after his return, Dokuchaev and Sushchin subsequently used him to gain unauthorized access to Yahoo's network," a Department of Justice statement asserts. Yahoo! said that the hackers also forged cookies to break into accounts in 2015 and 2016.
Editor's pick: This story was originally published at 5:30 pm on March 15