A 23-year-old Canadian man who hacked into Yahoo and Gmail accounts on behalf of Russian Secret Service (FSB) agents was sentenced to five years in prison and a fine of $250,000.
The hacker's name is Karim Baratov, a Kazakh national living in Canada. Baratov pleaded guilty last year, admitting to providing hacker-for-hire services.
Among his clients were two FSB agents —Igor Anatolyevich Sushchin, 43, and Dmitry Aleksandrovich Dokuchaev, 33.
The two FSB agents already had access to Yahoo email accounts after hiring another hacker named Alexsey Belan, aka "Magg," to break into Yahoo's network and steal authentication cookies to secretly access accounts for persons of interest.
According to court documents, the two FSB agents found Baratov's hacker-for hire website and hired him to break into Yahoo accounts for which users changed passwords and they couldn't access anymore on their own. They also asked him to break into Gmail accounts.
Baratov used spear-phishing techniques, posing as various service providers, to trick users into handing over passwords and gaining access to victims' accounts.
Court documents state the two FSB agents asked Baratov to hack into at least 80 accounts, but it's unclear how many he managed to breach.
He was arrested within days by Canadian police and later accepted to be deported to the US to face charges. He pleaded guilty last November and claimed he had no idea he was working with Russian intelligence.
Baratov was initially supposed to receive his sentencing last month, but the judge presiding over the case wanted more time to hear arguments on the sentence's length.
The prosecution asked the judge to take into consideration that Baratov was also behind many other hacks for which he was not formally charged, but which he carried out through his website. The prosecution asked for a sentence nearing ten years, while Baratov's team asked for 45 months. He received 60 and the maximum fine.
Baratov will serve his sentence in the US and will then be deported back to Canada. The young hacker apologized in court for his actions.
The two FSB agents and the hacker Magg remain at large. US authorities believe all three are located in Russia, a state with which the US does not have a formal extradition treaty.
"It’s difficult to overstate the unprecedented nature of this conspiracy, in which members of a foreign intelligence service directed and empowered criminal hackers to conduct a massive cyber-attack against 500 million victim user accounts," said Special Agent in Charge John F. Bennett in a press release today by the US DOJ.