The Russian cybercriminal Alexsey Belan, already on the FBI's Most Wanted list, allegedly worked with Russian government agents to break into Yahoo's computers in 2014 and steal data from 500 million account holders.
That's according to an indictment unsealed today by the Department of Justice. The Russian agents enlisted Belan to obtain Yahoo's data with the goal of targeting Russian journalists, government officials and others. But Belan allegedly used the data for his own purposes, including orchestrating an ad-related scam that involved installing malware on links displayed in Yahoo's search results.
For that initiative, Belan "manipulated some of the servers associated with Yahoo's English-language search engine so that when users searched for erectile dysfunction medications, they were presented with a fraudulent link," the indictment alleges.
When users clicked on that link, they were taken to a cloud computer company, and then automatically redirected to an online pharmacy's site. That site, which is not identified in the indictment, paid commissions to marketers who drove traffic to it, according to the DOJ.
Belan also allegedly scraped contacts of Yahoo account holders in order to send spam to their friends, and he searched Yahoo email accounts for gift card numbers and credit card numbers.
On October 8, 2016 -- after Yahoo had revealed the data breach -- Belan allegedly scoured email accounts of at least 15 people for gift cards.
The prior year, he allegedly used malware to obtain the contact lists of more than 30 million account holders. The indictment alleges that Belan obtained this information as part of a "spam marketing scheme."
The other defendants named in the indictment are Russian agents Dmitry Dokuchaev and Igor Sushchin, and hacker Karim Baratov.