{
	"id": "8189c97d-91a6-4a12-a9f2-5788809e12c2",
	"created_at": "2026-04-06T00:21:42.656177Z",
	"updated_at": "2026-04-10T03:20:24.278066Z",
	"deleted_at": null,
	"sha1_hash": "30580bcd558ca8e56dd1217b22f187a0639a36f5",
	"title": "US Charges Four Hackers in Yahoo 2014 Security Breach, Including Two FSB Agents",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1228817,
	"plain_text": "US Charges Four Hackers in Yahoo 2014 Security Breach, Including Two\r\nFSB Agents\r\nBy Catalin Cimpanu\r\nPublished: 2017-03-15 · Archived: 2026-04-05 23:00:56 UTC\r\nThe US Department of Justice (DoJ) charged four suspects today for orchestrating the 2014 Yahoo data breach during which\r\nattackers stole details for over 500 million Yahoo users.\r\nIn a press conference today, officials from the DoJ and FBI said that two of the suspects are members of the Russian Federal\r\nSecurity Service (FSB), who \"protected, directed, facilitated and paid criminal hackers\" to breach Yahoo's network in 2014.\r\nDoJ: Two FSB agents orchestrated the hack\r\nThe two FSB agents behind the Yahoo 2014 hack are Igor Anatolyevich Sushchin, 43, and Dmitry Aleksandrovich\r\nDokuchaev, 33.\r\nhttps://www.bleepingcomputer.com/news/security/us-charges-four-hackers-in-yahoo-2014-security-breach-including-two-fsb-agents/\r\nPage 1 of 4\n\nhttps://www.bleepingcomputer.com/news/security/us-charges-four-hackers-in-yahoo-2014-security-breach-including-two-fsb-agents/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nThe two hackers who carried out the attacks are Alexsey Alexseyevich Belan, aka \"Magg,\" 29, a Russian national, and\r\nKarim Baratov, aka \"Kay,\" 22, a Canadian and Kazakh national, currently living in Canada. Of all, only Baratov is under\r\ncustody, after Canadian police arrested him last week.\r\nThe other hacker, Belan, was previously charged with breaching three US tech companies in 2012 and stealing details for\r\nover 200 million users. Belan is also on the FBI's Cyber Most Wanted list, and he's been on the list since its creation a few\r\nyears back.\r\nFSB agents worked for Center 18\r\nAuthorities have little hope of arresting and extraditing the other three, and for a good reason.\r\n\"The FSB unit that the defendants worked for, the Center for Information Security, also known as Center 18, is also the\r\nFBI's point of contact in Moscow for cyber-crime matters,\" Acting Assistant Attorney General Mary McCord of the\r\nNational Security Division explains.\r\nIn fact, the FBI says they reached out to FSB's Center 18 in 2014 and asked for Belan's extradition. The FSB never\r\nanswered.\r\n\"Instead of acting on the U.S. government’s [Interpol] Red Notice and detaining Belan after his return, Dokuchaev and\r\nSushchin subsequently used him to gain unauthorized access to Yahoo’s network,\" US officials said.\r\nYahoo was right. It was a \"state-sponsored actor\"\r\nThe indictment also proves Yahoo was right when it said last September that a \"state-sponsored actor\" was behind the attack,\r\na claim very few people believed.\r\nAccording to official documents detailing the attacks, the hack took place just as Yahoo described in recent SEC filings.\r\nBelan, at the behest of the two FSB agents, breached Yahoo's network, from where he stole names, recovery email accounts,\r\nphone numbers, and data necessary to craft account browser cookies.\r\nFurthermore, Belan also gained access to Yahoo's Account Management Tool (AMT), a system that allowed the hacker and\r\nthe two FSB agents to craft the browser cookies necessary to access Yahoo accounts without a cleartext password.\r\nFSB agents breached political targets, Belan hacked for profit\r\nThe US alleges the three accessed around 6,500 user accounts via this method. Targets included Russian journalists, Russian\r\nand US government officials, employees of a prominent Russian cybersecurity company, and numerous employees of web\r\nproviders whose networks the three wanted to exploit.\r\nBesides these targets, of clear interest for intelligence gathering, Belan also accessed accounts for personal gains. This\r\nincluded the personal accounts of employees at commercial entities, such as a Russian investment banking firm, a French\r\ntransportation company, US financial services and private equity firms, a Swiss Bitcoin wallet and banking firm, and a US\r\nairline.\r\nIn addition, Belan also used his access to Yahoo email accounts to steal gift cards and credit card numbers from people's\r\ninboxes.\r\nFurthermore, US officials say Belan stole the private contacts from 30 million Yahoo accounts, which he used to earn\r\ncommissions from spam campaign and fraudulent search engine traffic.\r\nDoJ: FSB agents protected Belan\r\nUS officials allege that for his work, the two FSB agents provided Belan with information necessary to avoid detection by\r\nUS investigators.\r\nhttps://www.bleepingcomputer.com/news/security/us-charges-four-hackers-in-yahoo-2014-security-breach-including-two-fsb-agents/\r\nPage 3 of 4\n\nIt is very important for corporations around the country to know that when you are going against the resources and backing\r\nof a nation state, it is not a fair fight, and it is not a fight your are likely to win.\r\n- Acting Assistant Attorney General Mary McCord\r\nBaratov was only a second-stage pawn\r\nBaratov, who was a hacker very active on the Dark Web under the alias of \"Four,\" entered the scheme later on, when the two\r\nFSB agents couldn't gain access to email accounts at other email providers.\r\nAccording to the indictment, using data from the Yahoo breach, the FSB agents asked Baratov to hack into more than 80\r\naccounts. Investigators say Baratov stood to gain various commissions for providing the two FSB agents with passwords to\r\ndesired accounts.\r\nAccording to US officials, Google detected some of these attempted intrusions against Gmail accounts and also filed a\r\ncomplaint with authorities.\r\nThe official indictment is available for download here (PDF). Yahoo also issued a short statement on the hacks. An audio of\r\nthe press conference is available below.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/us-charges-four-hackers-in-yahoo-2014-security-breach-including-two-fsb-agents/\r\nhttps://www.bleepingcomputer.com/news/security/us-charges-four-hackers-in-yahoo-2014-security-breach-including-two-fsb-agents/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/us-charges-four-hackers-in-yahoo-2014-security-breach-including-two-fsb-agents/"
	],
	"report_names": [
		"us-charges-four-hackers-in-yahoo-2014-security-breach-including-two-fsb-agents"
	],
	"threat_actors": [],
	"ts_created_at": 1775434902,
	"ts_updated_at": 1775791224,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/30580bcd558ca8e56dd1217b22f187a0639a36f5.pdf",
		"text": "https://archive.orkl.eu/30580bcd558ca8e56dd1217b22f187a0639a36f5.txt",
		"img": "https://archive.orkl.eu/30580bcd558ca8e56dd1217b22f187a0639a36f5.jpg"
	}
}