In an era of rising cyber crime, one email hacker was brought to justice on Tuesday when Karim Baratov pleaded guilty to nine counts of computer fraud and identity theft in the U.S. District Court for the Northern District of California.
Baratov will be sentenced next February 20. A Canadian citizen, he is being held without bail in California, having waived extradition from Canada.
As part of the plea deal, Baratov will pay restitution to his victims and a fine of up to $2,250,000, or $250,000 per count. He also faces prison time.
The fine will consist of any assets he has remaining after he pays restitution, according to Acting Assistant Attorney General Dana J. Boente of the National Security Division; U.S. Attorney Brian J. Stretch for the Northern District of California; and Executive Assistant Director Paul Abbate of the FBI’s Criminal, Cyber, Response and Services Branch.
It was not known at deadline whether Baratov is cooperating with U.S. authorities as part of the plea arrangement.
Baratov and three other defendants were charged with computer hacking and other felonies related to a conspiracy to hack Yahoo’s network and the contents of webmail accounts, according to the announcement.
Baratov’s co-defendants are free in Russia. They are Dmitry Aleksandrovich, Igor Anatolyevich Sushchin and Alexsey Alexseyevich Belan. Two are officers of the Russian Federal Security Service (FSB), Russia’s domestic law enforcement and intelligence service, the announcement continues.
Baratov pleaded guilty to count one, accusing him and his co-defendants of violating the Computer Fraud and Abuse Act by stealing information from protected computers.
He also pleaded guilty to counts 40 through 47, charging him and Dokuchaev with aggravated identity theft.
Baratov’s role in the conspiracy was to hack the webmail accounts of people of interest to the FSB, the announcement continues. He sent those individuals’ passwords to Dokuchaev for pay, it adds.
Dokuchaev, Sushchin and Belan gained access to Yahoo accounts, the announcement states. Baratov also helped them access webmail accounts at Google, Yandex and other internet service providers, on request, it continues.
Baratov admitted that he hacked over 11,000 webmail accounts for the FSB and other customers from 2010 to March of his year, when he was arrested in Canada, the prosecutors say. He advertised his services through a network of “primarily Russian-language hacker for hire web pages hosted on servers around the world,” they continue.
Baratov would spear-phish victims via email, and those persons would be led to web pages that requested their account credentials, the prosecutors add.
“Where a foreign law enforcement or intelligence agency recruits, tasks, or protects criminals targeting the United States and its companies or citizens, instead of taking steps to disrupt them and hold them accountable, the United States will leverage all of its available tools to expose that agency’s conduct and arrest those responsible,” states Acting Assistant Attorney General Boente.
U.S. Attorney Stitch adds that cyber threats are even more insidious when cyber criminals such as Baratov are employed by foreign government agencies acting outside the rule of law."