A Canadian hacker for hire has admitted ransacking webmail accounts for miscreants accused of orchestrating the Yahoo! megahack that hit all three billion Purple Palace user accounts.
Karim Baratov, 23, appeared in a federal district court in San Francisco on Tuesday after striking a plea deal with US prosecutors. He was charged with 47 counts of hacking, ID theft, and espionage. However, as part of the agreement, he was allowed to admit one count of conspiracy to commit computer fraud, and eight counts of aggravated identity theft.
Dressed in a faded Alameda county jail overall, the bespectacled Baratov confirmed he was pleading guilty and wasn’t being coerced. Judge Vince Chhabria warned him he was facing potentially 28 years in a cooler on American soil, and was likely to be deported back to Canada when his sentence was complete.
Baratov was born in Kazakhstan and emigrated to the Great White North where he worked as – among other things – a cyber-mercenary. He was linked to the Yahoo! megahack in May this year by American prosecutors, and extradited to the US in August to face the music. The US government claimed he was part of a Russian gang of four that hacked the Purple Palace’s servers in 2014, that Baratov was therefore connected to the caper, and that two of his fellow gang members and paymasters were at the time senior Russian FSB officers.
However, Baratov’s lawyers insisted he did not know who was hiring him. His defense team told The Register Baratov was approached online to infiltrate people’s webmail accounts for about $100 a pop. He was asked to hack 80 accounts, mostly Gmail inboxes, but only pwned eight before stopping, we’re told.
“He had no idea who he was working for,” defense attorney Andrew Mancilla told The Register. “The first he knew about the involvement of the FSB was when his indictment was unsealed.”
漏洞难免不会有,重要的是出现不良后果后要公开谴责那些不良的攻击者,并且内部立即开始反省根本原因,和采取补救措施。
According to the plea agreement, Baratov confessed to hacking more than 11,000 webmail accounts between 2010 and 2017 for various clients, not just the alleged aforementioned FSB officers. He would send convincing phishing emails to targets pretending to be their mail provider, and ask them to log into a bogus website to harvest their passwords and user IDs. He would then send these credentials, along with a screenshot demonstrating they worked, to his paying customers.
Marissa! Mayer! pulled! out! of! retirement! to! explain! Yahoo! hack! to! Senators!
READ MORE
Baratov advertised his services on Russian dark-web marketplaces, and it was through these that he was approached. Between December 26, 2014, and March 25, 2016, Baratov hacked eight Gmail accounts via phishing, the court heard.
His targets included an assistant to the deputy chairman of the Russian Federation; a cybercrime officer in the Russian Ministry of Internal Affairs; and the chairman of a Russian Federation council committee. Interestingly, Baratov was also tasked with pwning the managing director, sales director, and a researcher at a “major Russian cybersecurity firm.” That last one is very interesting, since the only really major Russian security firm known in the West is Kaspersky Lab, which is accused of aiding the FSB in its activities against the US, wittingly or unwittingly.
According to the Feds, Baratov was recruited by FSB officers Dmitry Aleksandrovich Dokuchaev, 33, and Igor Anatolyevich Sushchin, 43, along with freelancer hacker Alexsey Alexseyevich Belan, aka Magg, 29. All three are Russian nationals thought to be at large in Russia, and all three are charged in the US with computer crimes in connection to the Yahoo! hack. In a strange twist, Dokuchaev was arrested in 2016 in his motherland on accusations of treason: Russian cops believed he passed information to the US.

“The illegal hacking of private communications is a global problem that transcends political boundaries,” said US Attorney Brian Stretch.
“Cybercrime is not only a grave threat to personal privacy and security, but causes great financial harm to individuals who are hacked and costs the world economy hundreds of billions of dollars every year. These threats are even more insidious when cyber criminals such as Baratov are employed by foreign government agencies acting outside the rule of law.”
网络安全法在线讲解-《网络安全法》的突出亮点 https://v.qq.com/x/page/u0514qmyllg.html
Baratov, aka Kay, aka Karim Taloverov, aka Karim Akehmet Tokbergenov, will be sentenced on February 20. Judge Chhabria said he could impose sentences concurrently or consecutively. He said he would make his final judgment after receiving a pretrial report on Baratov’s conduct. ®
由于不少黑客都比较偏激,网络媒体得加强防范,一不小心网站被全删除完,会严重影响到生存和发展。

猜您喜欢

2017年网络安全预测:亚太地区将为勒索软件付出更大代价
互联网金融移动APP与虚假WIFI的信息安全教训
Cyber Security Law 网络安全法宣传视频《网络安全法》背景知识
贾跃亭的“金刚护法”,有人升迁有人离去
DRESSFIRST BOLDLOFT
投资于国外,需要先了解海外安全风险,这个教程可以帮忙: