Podcast: What does the Yahoo Indictment tell us about Russian state hacking?

by Paul Roberts
The US Department of Justice indicted four men for the hack of Yahoo. Two of them have links to Russia’s FSB. What do the charges mean for relations between Russia and the US in the theater of cyberspace?

In-brief: The Department of Justice announced charges against four men for the attack on Yahoo that netted information on 500 million users. But what do we know about the men and their alleged crime? Security Ledger Editor in Chief Paul Roberts speaks with Igor Baikalov of Securonix about the incident. 

The running narrative about Russia backed hacking of U.S. officials and companies got a shot in the arm this week when U.S. Justice Department unveiled an indictment of four men, described as “Russian Hackers” for their role in breaking into systems belonging to Yahoo and making off with data on some 500 million users in 2014.

Two of those charged by the DOJ were officials of Russia’s FSB intelligence agency, while their co-conspirators appear to be freelance operators, one of them a known cyber criminal involved in carding operations. One, Karim Baratov, a 22-year-old Canadian born in Kazakhstan, is reported to have been expelled from high school, but living the high life of luxury cars and clubs.

But was the Yahoo hack really the work of Russia’s FSB intelligence arm? And what do we know about the four men who were arrested? If true, what does the DOJ’s indictment mean for the state of play between Russia and the U.S. in this newest theater of battle.

To help understand what’s going on, we invited Igor Baikalov, chief scientist, Securonix into the Security Ledger Studio to talk. Igor is a seasoned technologist with over 25 years of experience in data analysis and enterprise application development who holds a Ph.D. in Molecular Biology from UCLA and a M.S. in Biophysics from Moscow Institute of Physics and Technology.

In our conversation, Igor says that the mix of professionals and free lancers is common in Russian hacking operations. But there are a lot of questions about the incident. Among them: who was it who found the Yahoo flaw that ultimately gave the attackers access to customers’ data – was it cyber criminals or state sponsored actors. And how did it come to be that two of the four men were the subject of arrests by Russian authorities in December – allegedly for treason?

Check out our full conversation on Soundcloud, or at Security Ledger’s iTunes podcast page.

 

Tags: , , ,
Author: Paul RobertsI'm an experienced writer, reporter and industry analyst with a decade of experience covering IT security, cyber security and hacking, and a fascination with the fast-emerging "Internet of Things."

Comments are closed.