Anatomy of a Data Breach

A Federal investigation into Yahoo's 2014 breach exposes a Russian government-hacker alliance

Kremlin Russia

The Yahoo hack, it turns out, is even bigger than it seems. In December 2016, the company announced that it had discovered a hack from 2013 which compromised more than 1 billion user accounts. The incident was said to be the largest-ever data breach. The announcement came three months after Yahoo disclosed a 2014 hack, which compromised half a billion accounts. Frustratingly, all of this could’ve been prevented had Yahoo implemented security analytics that uses machine learning.

The recent indictments against a pair of hackers, Alexsey Belan and Karim Baratov, were related to the 2014 breach. “It’s also the first time the U.S. has brought criminal cyber-charges against active Russian officials,” reports Wired, naming Igor Sushchin and Dmitry Dokuchaev, spies who work for FSB, one of the Kremlin’s intelligence agencies.

The FSB reportedly recruited Belan by helping him elude computer-intrusion charges in Nevada. Arrested in Europe, he fled to his native Russia where, in exchange for hacking U.S. enterprises, he could live a free life. They also reached out to Baratov, a Kazakh living in Canada, by promising him money.

Says Business Insider, “The Yahoo hack is the clearest sign yet that Russia has merged criminal hacking with a larger mission.” They quote the Soufan Group, a security-intelligence company, as saying that the Kremlin has “increasingly blurred the lines between cyber-espionage and cyber crime in an unprecedented manner.” In this way, the Russian government can control hackers while leveraging their skills to sharpen spy tactics. Needless to say, the plot thickens—as does the need for proactive cybersecurity in private enterprises.

The below infographic explains how the FBI believes that, with guidance from the FSB, the two hackers compromised countless Yahoo email accounts.

Click on this timeline for a larger view