Breached?

Report an incident

Question?

Contact us now

Blog

Security & Law Enforcement | June 05, 2018

Canadian Karim Baratov sentenced to 5 years in US for major Yahoo security breach

Robert Beggs

Excerpt:

Baratov, 23, pleaded guilty in November to nine felony hacking charges. He acknowledged in his plea agreement that he began hacking as a teen seven years ago and charged customers $100 per hack to access web-based emails. U.S. prosecutors allege he was “an international hacker for hire” who indiscriminately hacked for clients he did not know or vet, including dozens of jobs paid for by Russia’s Federal Security Service.

Baratov, who was born in Kazakhstan but lived in Hamilton, charged customers to obtain another person’s webmail passwords by tricking them to enter their credentials into a fake password reset page.

He was arrested in Hamilton in March 2017 under the Extradition Act after American authorities indicted him for computer hacking, economic espionage and other crimes.

After Baratov’s guilty plea, his lawyers told reporters he hacked only eight accounts and did not know that he was working for Russian agents connected to the Yahoo breach.

“He’s been transparent and forthright with the government since he got here,’’ lawyer Andrew Mancilla said at the time.

In August 2017, Baratov decided to forgo his extradition hearing to face the charges in California. His Canadian lawyer at the time said that the move was to speed up the legal process.

Meanwhile, U.S. prosecutors said in court papers that Baratov’s Russian-language website named “webhacker” advertised services for “hacking of email accounts without prepayment.”

They said Russian security service hired Baratov to target dozens of email accounts using information obtained from the Yahoo hack. Prosecutors argued that Russia’s Federal Security Service targeted Russian journalists, U.S. and Russian government officials and employees of financial services and other private businesses.