Karim Baratov, aka Kay, aka Karim Taloverov, aka Karim Akehmet Tokbergenov, 23, has been sentenced to five years in prison and ordered to pay a fine, which encompasses all of his remaining assets.
Assistant Attorney General for National Security John C. Demers, Acting U.S. Attorney Alex G. Tse for the Northern District of California, and Special Agent in Charge John F. Bennett of the FBI’s San Francisco Field Office made the announcement.
The sentence was handed down today by U.S. District Judge the Honorable Vince Chhabria.
“Criminal hackers and the countries that sponsor them make a grave mistake when they target American companies and citizens,” said Assistant Attorney General Demers.
We will identify them wherever they are and bring them to justice.”
“I would like to thank Canadian law enforcement authorities for their tremendous assistance in bringing Baratov to justice. ”
“We will continue to work with our foreign partners to find and prosecute those who would violate our laws.”
“The sentence imposed reflects the seriousness of hacking for hire,” said Acting U.S. Attorney Tse.
“Hackers such as Baratov ply their trade without regard for the criminal objectives of the people who hire and pay them.”
“These hackers are not minor players; they are a critical tool used by criminals to obtain and exploit personal information illegally.”
“In sentencing Baratov to five years in prison, the Court sent a clear message to hackers that participating in cyber attacks sponsored by nation states will result in significant consequences.”
“It’s difficult to overstate the unprecedented nature of this conspiracy, in which members of a foreign intelligence service directed and empowered criminal hackers to conduct a massive cyber-attack against 500 million victim user accounts,” said Special Agent in Charge Bennett.
“Today’s sentencing demonstrates the FBI’s unwavering commitment to disrupt and prosecute malicious cyber actors despite their attempts to conceal their identities and hide from justice.”
Baratov, a Canadian national and resident, and three other defendants, including two officers of the Russian Federal Security Service (FSB), Russia’s domestic law enforcement and intelligence service, were charged with a number of offenses relating to the hacking of webmail accounts at Yahoo and other service providers.
(Learn More. The United States announced charges against a dual Canadian-Kazakh national and three others with ties to Russia, accusing them of being the culprits behind a huge data breach at Yahoo. Courtesy of CBC News: The National and YouTube. Posted on Mar 15, 2017)
In particular, Baratov and his co-defendants were charged in a computer hacking conspiracy in which the two Russian FSB officers hired criminal hackers to collect information through computer intrusions in the United States and abroad, which resulted in the unauthorized access of at least 500 million Yahoo accounts and then used some of that stolen information to obtain unauthorized access to the contents of accounts at Yahoo, Google and other webmail providers, including accounts of Russian journalists, US and Russian government officials and private-sector employees of financial, transportation and other companies.
Yahoo’s network and the spear phishing of webmail accounts at other service providers ran between January 2014 and December 2016.
Baratov’s co-defendants have been identified as:
- Dmitry Aleksandrovich Dokuchaev, 33, a Russian national and resident
- Igor Anatolyevich Sushchin, 43, a Russian national and resident
- Alexsey Alexseyevich Belan, aka “Magg,” 29, a Russian national and resident
Baratov’s role in the charged conspiracy was to hack webmail accounts of individuals of interest to his co-conspirator who was working for the FSB and send those accounts’ passwords to Dokuchaev in exchange for money.
The Indictment, which is available here, and its allegations are summarized in greater detail in here, following the unsealing of the Indictment on March 15, 2017.
Baratov has been detained since his arrest in Canada in March 2017, after waiving extradition to the United States and was transferred to the Northern District of California in August 2017.
In November 2017, Baratov pleaded guilty to Count One and Counts Forty through Forty-Seven of the Indictment.
Count One charged Baratov, Dokuchaev, Sushchin and Belan with conspiring to violate the Computer Fraud and Abuse Act by stealing information from protected computers and causing damage to protected computers.
Counts Forty through Forty-Seven charged Baratov and Dokuchaev with aggravated identity theft.
(Learn More. A grand jury in the Northern District of California has indicted four defendants, including two officers of the Russian Federal Security Service (FSB), for computer hacking, economic espionage and other criminal offenses in connection with a conspiracy, beginning in January 2014, to access Yahoo’s network and the contents of webmail accounts. Courtesy of the Justice Department and YouTube. Posted on Mar 15, 2017)
As part of his plea agreement, Baratov not only admitted to agreeing and attempting to hack at least 80 webmail accounts on behalf of one of his FSB co-conspirators, but also to hacking more than 11,000 webmail accounts in total from in or around 2010 until his March 2017 arrest by Canadian authorities.
In addition to any prison sentence, Baratov agreed to pay restitution to his victims, and to pay a fine up to $2,250,000, at $250,000 per count, with any assets he has remaining after satisfying a restitution award.
The FBI, led by the San Francisco Field Office, conducted the investigation that resulted in the charges in the Indictment.
