US faces limits in busting Russian agents over Yahoo breach

In a rare move, the U.S. has indicted two Russian government agents for their suspected involvement in a massive Yahoo data breach. But what now?

Security experts say Wednesday’s indictment might amount to nothing more than naming and shaming Russia. That’s because no one expects the Kremlin to play along with the U.S. indictment.

“I can’t imagine the Russian government is going to hand over the two FSB officers,” said Jeremiah Grossman, chief of security strategy at SentinelOne.

"Even in the most successful investigations, state hackers are still immune from prosecution or retaliation," said Kenneth Geers, a research scientist at security firm Comodo.

The two officers, Dmitry Dokuchaev and Igor Sushchin, work for Russia’s Federal Security Service (FSB), the country’s intelligence agency, according to Wednesday’s indictment. They allegedly recruited a pair of third-party hackers to breach Yahoo and steal information on 500 million user accounts and helped the hackers carry out the crime.

The likelihood Russia would give up either agent is low, given that spies usually know state secrets.


Three of the suspects allegedly involved in the Yahoo data breach. 

Wednesday’s indictment is more about sending a symbolic message to Russia, said Mark Kuhr, CTO at security firm Synack and a former U.S. National Security Agency network analyst.

“From Russia’s perspective, it does hurt them a bit,” he said. “We (the U.S.) are embarrassing them in the news.”

It also exposes the FSB agents and hackers allegedly involved in the Yahoo breach, forcing them to tread lightly. The U.S. has issued warrants for their arrest. The fourth suspect, a third-party hacker named Karim Baratov, was already caught in Canada.

In addition, the indictment shows that U.S. investigators can track Russian cyberespionage operations.

“You can try and hide in the corners of the dark web, but we will hunt you down,” said FBI special agent John Bennett at a press conference on Wednesday.

But it’ll take more than just naming and shaming to dissuade the Kremlin from sponsoring future cyberattacks, experts said.

“More needs to be done,” said Edward McAndrew, a former U.S. federal cybercrime prosecutor who now works at law firm Ballard Spahr. “We have to move beyond the indictment stage.”

The next stage might go beyond the legal realm and into geopolitical steps like sanctions or even cyberwarfare, he said.

Of course, two can play at that game. It's possible that Russia might indict U.S. agents it suspects in a hacking case -- not that it would have any more luck prosecuting them.

“I won’t be surprised if that happens,” McAndrew said. “I imagine that our government, and most governments, will not be handing over their intelligence operatives.”

IDG Insider


« AMD reveals Ryzen 5 prices as it sidesteps performance questions


Inside the Russian hack of Yahoo: How they did it »
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail


Do you think your smartphone is making you a workaholic?