On March 15, 2017, the U.S. Department of Justice announced that it had indicted four Russian nationals, including two members of the FSB, the Russian spy agency, in connection with the hacking of the servers of American web giant Yahoo in 2014. The charges include hacking, wire fraud, trade secret theft and economic espionage, and are part of the largest hacking case ever brought by the United States.
The indicted FSB officers are Dmitry Dokuchaev and Igor Sushchin, his superior, both of whom worked for the arm of the FSB that investigates cyber crimes. Dokuchaev, who had reportedly agreed to work for the FSB as part of an agreement to avoid prosecution for fraud, was arrested and charged with treason in Moscow in January amid allegations that he had provided information to the CIA. The two non-government-affiliated hackers indicted in the case are Alexsey Belan, a notorious cyber-criminal who has been charged by the U.S. twice before in relation to separate incidents, and Karim Baratov, a Kazakh-born Canadian citizen arrested in Canada on Tuesday.
The 2014 hack, which at the time was considered the largest in Yahoo history, involved 500 million Yahoo user accounts, giving the hackers access to Yahoo email accounts as well as access to other Yahoo web services such as photo-sharing site Flickr and blogging service Tumblr. The FSB likely orchestrated the hack in order to gain information about Yahoo users, which could include high-value targets including U.S. government officials.
The U.S. does not have an extradition treaty with Russia, who would regardless be unlikely to cooperate with an investigation that implicates their own government. Thus, Dokuchaev, Sushchin, and Baratov, all in Russia as of now, are unlikely to be extradited to the U.S. barring their travel to a jurisdiction more willing to cooperate with a U.S. extradition request. However, indictments for state-sponsored criminal action can be used as a tool to curb said state-sponsored criminal action. This is not the first time the U.S. has responded to state-sponsored hacking with criminal indictments; in 2014, the U.S. indicted 5 members of the Chinese People’s Liberation Army for trying to steal trade secrets from U.S. private enterprise.
While these indictments are unrelated to the allegations that state-sponsored Russian hackers interfered in the U.S. election, they may provide a road map for a U.S. response to such allegations.
This press release announcing the indictments can be found here: https://www.justice.gov/opa/pr/us-charges-russian-fsb-officers-and-their-criminal-conspirators-hacking-yahoo-and-millions.