Alleged Yahoo Hacker Has Evaded Previous Arrest
March 16 2017 - 8:37PM
Dow Jones News
By Robert McMillan
U.S. authorities said Russian intelligence officers backed of
the massive 2014 hack against Yahoo Inc., but the hacker at the
center of the allegations is a 29-year-old who has eluded Western
law-enforcement agencies for several years.
Alexsey Belan, a Latvian-born Russian national, has been named
in two prior U.S. federal indictments for crimes dating back to
2012. Contents of those charges haven't been disclosed until this
week, but one of the cases involved the 2013 hacking of
document-sharing website Scribd Inc., according to the indictment
unsealed this week.
In the Yahoo hack, which took place from 2014 through last year
and affected more than 500 million user accounts, the federal
indictment made public on Wednesday portrays Mr. Belan as executing
many of the most damaging elements of the attack. That includes his
alleged theft in late 2014 of at least part of Yahoo's User
Database, which gave the hackers continuing access to millions of
user accounts, according to the indictment. Mr. Belan allegedly
worked with two officers of Russia's Federal Security Service,
known as the FSB, to pull off the Yahoo hack, according to the
Federal Bureau of Investigation.
"He appears to be a skilled hacker with a lot of technical
expertise and a ton of experience," said Malcolm Palmore, an FBI
assistant special agent. He has been tracking Mr. Belan since early
2014, when Yahoo informed the FBI of a compromise of its systems
that led to one of the largest data breaches ever reported.
Wednesday's indictment named three other men as conspirators in
the Yahoo attack, including two officers of the FSB. The two
officers and Mr. Belan are believed to be in Russia and couldn't be
reached for comment.
Federal authorities have disclosed little about Mr. Belan's
private life. He was described in FBI documents as 6 feet tall and
appears as a blonde and bespectacled teenager in one FBI photo; in
another, he has straight reddish-brown hair and no glasses. He
isn't known to maintain social-media accounts, unlike the fourth
alleged conspirator in the Yahoo attack, 22-year-old Canadian
resident Karim Baratov, who boasted online of a wealthy lifestyle
that included an Aston Martin car and Rolex watches.
Mr. Belan has used several aliases in online hacking forums --
including Magg, Quarker and Mrmagister -- and was a contributor to
the Russian hacking zine Xakep, according to federal authorities.
In 2007, he was selling stolen credentials taken from the ICQ
instant-messaging platform, but five years later he had moved to
more serious online crimes, according to Vitali Kremez, director of
research with the cyber intelligence firm Flashpoint Inc.
On password-cracking forums such as InsidePro, Mr. Belan would
post data -- typically usernames and passwords -- protected by a
cryptographic technique, and ask members to crack them,
attribution. "He was a well-known person for website hacks," Mr.
Kremez said.
One of Mr. Belan's alleged victims was Scribd, according to a
2013 indictment that was only made public this week. It said Mr.
Belan broke into Scribd using a "virtual private network" set up to
give employees remote access to company systems.
The Scribd hack was part of a flood of online attacks around the
same period by a variety of hackers that compromised hundreds of
millions of passwords across many websites. Asked for comment
Thursday, Scribd referred to a statement it had made at the time of
the attack saying that "less than 1%" of its users were potentially
affected by the hack.
Mr. Belan also was charged in a 2012 federal indictment with
hacking a Nevada-based company, which authorities haven't
identified. Mr. Palmore said there are likely many other
victims.
The FBI official said the one of the most distinguishing thing
about Mr. Belan in the world of hackers is that authorities know
who he is. "That there are many folks just like him out there on
the landscape whose identities we are not aware of," he said.
Following the 2013 Scribd and Nevada charges, the U.S. issued a
"Red Notice" requesting that Interpol member nations arrest him and
offered a $100,000 reward for information leading to his arrest. In
2013, he was arrested while vacationing in Greece, but slipped
away. "He was essentially allowed to be released on a bond, which
we did not believe he warranted, and then subsequently fled the
country," Mr. Palmore said on Thursday.
The FBI's red notice may well have brought Mr. Belan to the
attention of the FSB, said Austin P. Berglas, a former FBI cyber
investigator who is now head of the cyberdefense practice at K2
Intelligence LLC, which offers investigative services.
Individuals targeted publicly by the U.S. often have been then
recruited by the intelligence services in Russia. "We're
essentially giving the Russians names of bad actors and individuals
who could potentially be used in recruitment over there," Mr.
Berglas said.
Write to Robert McMillan at Robert.Mcmillan@wsj.com
(END) Dow Jones Newswires
March 16, 2017 20:22 ET (00:22 GMT)
Copyright (c) 2017 Dow Jones & Company, Inc.
Altaba (NASDAQ:AABA)
Historical Stock Chart
From Mar 2024 to Apr 2024
Altaba (NASDAQ:AABA)
Historical Stock Chart
From Apr 2023 to Apr 2024