Russian Hacker Who Fled from Greek Justice in 2013, Charged in the US

Alexsey Belan, a 29-year-old Russian hacker born in Latvia and arrested in Greece in 2013, has been charged in the U.S. along with three other people, for allegedly hacking 500 million Yahoo users’ accounts.

The 47-count indictment charges the four suspects with computer hacking, economic espionage and other criminal offenses tied in part to the massive 2014 mega-breach of Yahoo.

Yahoo accounts allegedly accessed as part of the attacks included ones used by Russian journalists, U.S. and Russian government officials, “employees of a prominent Russian cybersecurity company,” as well as personal accounts used by employees of a Russian investment banking firm, a French transportation company, U.S. financial services firms and a Swiss bitcoin wallet according to the indictment.

Prosecutors have accused Canadian citizen Karim Baratov, 22, of being a “hacker for hire” for Dmitry Dokuchaev, 33, an officer at Russia’s Federal Security Service, or FSB, and his superior, Igor Sushchin, 43, who allegedly posed as the head of information security for a Russian investment bank. Alexsey Belan, was also charged for the same hacking.

Belan had been arrested in Greece in 2013 on an Interpol “red notice” issued by the United States in relation to separate charges, and has been on the list of the FBI’s “most wanted hackers” since 2012. But after posting bail in Greece, he fled to Russia, where Dokuchaev and Sushchin put him to work hacking into Yahoo accounts, according to the indictment.

From 2014 until mid-2016, according to the indictment, Belan enjoyed unlimited access to Yahoo user accounts, thanks in part to obtaining a copy of Yahoo’s complete user database. “Belan also obtained unauthorized access on behalf of the FSB conspirators to Yahoo’s Account Management Tool(AMT).

“Belan, Dokuchaev and Sushchin then used the stolen [Yahoo User Database] copy and AMT access to locate Yahoo email accounts of interest and to mint cookies for those accounts, enabling the co-conspirators to access at least 6,500 such accounts without authorization,” according to the indictment.

Prosecutors say the three suspects remain in Russia. To date, Russia has never extradited a cyber crime suspect.