AABA Altaba Inc

By Robert McMillan 

U.S. authorities said Russian intelligence officers backed of the massive 2014 hack against Yahoo Inc., but the hacker at the center of the allegations is a 29-year-old who has eluded Western law-enforcement agencies for several years.

Alexsey Belan, a Latvian-born Russian national, has been named in two prior U.S. federal indictments for crimes dating back to 2012. Contents of those charges haven't been disclosed until this week, but one of the cases involved the 2013 hacking of document-sharing website Scribd Inc., according to the indictment unsealed this week.

In the Yahoo hack, which took place from 2014 through last year and affected more than 500 million user accounts, the federal indictment made public on Wednesday portrays Mr. Belan as executing many of the most damaging elements of the attack. That includes his alleged theft in late 2014 of at least part of Yahoo's User Database, which gave the hackers continuing access to millions of user accounts, according to the indictment. Mr. Belan allegedly worked with two officers of Russia's Federal Security Service, known as the FSB, to pull off the Yahoo hack, according to the Federal Bureau of Investigation.

"He appears to be a skilled hacker with a lot of technical expertise and a ton of experience," said Malcolm Palmore, an FBI assistant special agent. He has been tracking Mr. Belan since early 2014, when Yahoo informed the FBI of a compromise of its systems that led to one of the largest data breaches ever reported.

Wednesday's indictment named three other men as conspirators in the Yahoo attack, including two officers of the FSB. The two officers and Mr. Belan are believed to be in Russia and couldn't be reached for comment.

Federal authorities have disclosed little about Mr. Belan's private life. He was described in FBI documents as 6 feet tall and appears as a blonde and bespectacled teenager in one FBI photo; in another, he has straight reddish-brown hair and no glasses. He isn't known to maintain social-media accounts, unlike the fourth alleged conspirator in the Yahoo attack, 22-year-old Canadian resident Karim Baratov, who boasted online of a wealthy lifestyle that included an Aston Martin car and Rolex watches.

Mr. Belan has used several aliases in online hacking forums -- including Magg, Quarker and Mrmagister -- and was a contributor to the Russian hacking zine Xakep, according to federal authorities. In 2007, he was selling stolen credentials taken from the ICQ instant-messaging platform, but five years later he had moved to more serious online crimes, according to Vitali Kremez, director of research with the cyber intelligence firm Flashpoint Inc.

On password-cracking forums such as InsidePro, Mr. Belan would post data -- typically usernames and passwords -- protected by a cryptographic technique, and ask members to crack them, attribution. "He was a well-known person for website hacks," Mr. Kremez said.

One of Mr. Belan's alleged victims was Scribd, according to a 2013 indictment that was only made public this week. It said Mr. Belan broke into Scribd using a "virtual private network" set up to give employees remote access to company systems.

The Scribd hack was part of a flood of online attacks around the same period by a variety of hackers that compromised hundreds of millions of passwords across many websites. Asked for comment Thursday, Scribd referred to a statement it had made at the time of the attack saying that "less than 1%" of its users were potentially affected by the hack.

Mr. Belan also was charged in a 2012 federal indictment with hacking a Nevada-based company, which authorities haven't identified. Mr. Palmore said there are likely many other victims.

The FBI official said the one of the most distinguishing thing about Mr. Belan in the world of hackers is that authorities know who he is. "That there are many folks just like him out there on the landscape whose identities we are not aware of," he said.

Following the 2013 Scribd and Nevada charges, the U.S. issued a "Red Notice" requesting that Interpol member nations arrest him and offered a $100,000 reward for information leading to his arrest. In 2013, he was arrested while vacationing in Greece, but slipped away. "He was essentially allowed to be released on a bond, which we did not believe he warranted, and then subsequently fled the country," Mr. Palmore said on Thursday.

The FBI's red notice may well have brought Mr. Belan to the attention of the FSB, said Austin P. Berglas, a former FBI cyber investigator who is now head of the cyberdefense practice at K2 Intelligence LLC, which offers investigative services.

Individuals targeted publicly by the U.S. often have been then recruited by the intelligence services in Russia. "We're essentially giving the Russians names of bad actors and individuals who could potentially be used in recruitment over there," Mr. Berglas said.

Write to Robert McMillan at Robert.Mcmillan@wsj.com

(END) Dow Jones Newswires

March 16, 2017 20:22 ET (00:22 GMT)

Altaba (NASDAQ:AABA)
Historical Stock Chart
From Mar 2024 to Apr 2024

Altaba (NASDAQ:AABA)
Historical Stock Chart
From Apr 2023 to Apr 2024