The 22-year-old Canadian citizen charged with aiding Russian agents to launch a massive hacking attack on Yahoo in 2014 pleaded guilty in a San Francisco federal court on Tuesday.
Karim Baratov, who was born in Kazakhstan, admitted to selling his services to Russia and conspiring with others to launch the attacks, which ended up exposing 500 million Yahoo accounts, The Los Angeles Times reports.
A U.S. investigation led to the indictment in March of Baratov and three other men, including two officers of the Russian Federal Security Service (FSB) and another alleged hacker who are thought to be in Russia.
The FSB officers are unlikely to be extradited after a spokesman for Russian President Vladimir Putin dismissed the idea that the agency’s employees could have been involved in the attack, reports Reuters.
In a strange twist to the story, one of the indicted FSB officers, Dmitry Dokuchaev, was himself jailed in Russia late last year. He and a second FSB officer were suspected of working on behalf of the CIA, the Guardian reported. A top security expert at the Russia-based Kaspersky Labs cybersecurity firm was also reportedly arrested.
The targets of the Yahoo hack included the email accounts of journalists and U.S. government officials, according to The Los Angeles Times.
Baratov had previously pleaded not guilty to the charges in August. But on Tuesday, one of Baratov’s lawyers said he felt like he was “doing the right thing” by admitting guilt as part of a plea agreement.
“He’s happy that he’s opening up, and he’s not holding back.… I think that’s what the justice system expects of him,” said Amedeo DiCarlo, quoted by CBC.
Cybersecurity expert Daniel Tobok told Canada’s Global News in March that Baratov was little known in the world of hacking, adding that he was surprised by the open flaunting of Baratov’s wealth on social media.
Baratov had earlier waived his right to contest his extradition to the United States. He will be sentenced in February.
Aleksei Belan, the Latvian national indicted under the same charges, is well known to security forces and the hacking world, where he goes variously by the monikers M4G, Magg, Fedyunya and Quarker, according to Forbes. He is currently wanted by the FBI.
The other FSB officer indicted, Igor Sushchin, was working undercover at Renaissance Capital, a Moscow investment bank owned by billionaire Mikhail Prokhorov, before being fired the day after the hacking charges came to light, according to RFE/RL.
The 2014 Yahoo security breach was reported as one of the largest ever recorded data breaches when it was disclosed in 2016. However, a few months later, Yahoo disclosed that 1 billion accounts were exposed by hackers during a security breach that occurred in 2013, Wired wrote.