Department of Justice
Office of Public Affairs
FOR IMMEDIATE RELEASE
Tuesday, November 28, 2017
Canadian Hacker Who Conspired With and Aided Russian FSB Officers Pleads Guilty
Russian Officers Tasked Prolific Hacker-for-Hire to Target Webmail Accounts
Karim Baratov, aka Kay, aka Karim Taloverov, aka Karim Akehmet Tokbergenov, 22, a Canadian national and resident, pleaded guilty today, to charges returned by a grand jury in the Northern District of California in February 2017. Baratov and three other defendants, including two officers of the Russian Federal Security Service (FSB), Russia’s domestic law enforcement and intelligence service, were charged with computer hacking and other criminal offenses in connection with a conspiracy to access Yahoo’s network and the contents of webmail accounts that began in January 2014. Baratov’s co-defendants, all of whom remain at large in Russia, are Dmitry Aleksandrovich Dokuchaev, 33, a Russian national and resident; Igor Anatolyevich Sushchin, 43, a Russian national and resident; and Alexsey Alexseyevich Belan, aka Magg, 29, a Russian national and resident.
The guilty plea was announced by Acting Assistant Attorney General Dana J. Boente of the National Security Division, U.S. Attorney Brian J. Stretch for the Northern District of California and Executive Assistant Director Paul Abbate of the FBI’s Criminal, Cyber, Response and Services Branch.
“Where a foreign law enforcement or intelligence agency recruits, tasks, or protects criminals targeting the United States and its companies or citizens, instead of taking steps to disrupt them and hold them accountable, the United States will leverage all of its available tools to expose that agency’s conduct and arrest those responsible,” said Acting Assistant Attorney General Boente. “Today’s plea exemplifies the Department’s commitment to pursuing, arresting and bringing to justice even those hackers who work for a foreign law enforcement or intelligence organization. We wish to thank the Canadian authorities for their skillful assistance in the investigation and arrest of Baratov and to acknowledge the contributions of the other nations and law enforcement services that provided invaluable assistance.”
“The illegal hacking of private communications is a global problem that transcends political boundaries. Cybercrime is not only a grave threat to personal privacy and security, but causes great financial harm to individuals who are hacked and costs the world economy hundreds of billions of dollars every year. These threats are even more insidious when cyber criminals such as Baratov are employed by foreign government agencies acting outside the rule of law,” said U.S. Attorney Stretch. “With the assistance of our law enforcement partners in Canada, we were able to track down and apprehend a prolific criminal hacker who had sold his services to Russian government agents. This prosecution again illustrates that we will identify and pursue charges against hackers who compromise our country’s computer infrastructure.”
“This case is a prime example of the hybrid cyber threat we’re facing, in which nation states work with criminal hackers to carry out malicious activities,” said Executive Assistant Director Abbate. “Today’s guilty plea illustrates how the FBI continues to work relentlessly with our private sector, law enforcement and international partners to identify and hold accountable those who conduct cyber attacks against our nation, no matter who they’re working with or where they attempt to hide.”
Karim Baratov, aka Kay, aka Karim Taloverov, aka Karim Akehmet Tokbergenov, 22, a Canadian national and resident, pleaded guilty today, to charges returned by a grand jury in the Northern District of California in February 2017. Baratov and three other defendants, including two officers of the Russian Federal Security Service (FSB), Russia’s domestic law enforcement and intelligence service, were charged with computer hacking and other criminal offenses in connection with a conspiracy to access Yahoo’s network and the contents of webmail accounts that began in January 2014. Baratov’s co-defendants, all of whom remain at large in Russia, are Dmitry Aleksandrovich Dokuchaev, 33, a Russian national and resident; Igor Anatolyevich Sushchin, 43, a Russian national and resident; and Alexsey Alexseyevich Belan, aka Magg, 29, a Russian national and resident.
The guilty plea was announced by Acting Assistant Attorney General Dana J. Boente of the National Security Division, U.S. Attorney Brian J. Stretch for the Northern District of California and Executive Assistant Director Paul Abbate of the FBI’s Criminal, Cyber, Response and Services Branch.
“Where a foreign law enforcement or intelligence agency recruits, tasks, or protects criminals targeting the United States and its companies or citizens, instead of taking steps to disrupt them and hold them accountable, the United States will leverage all of its available tools to expose that agency’s conduct and arrest those responsible,” said Acting Assistant Attorney General Boente. “Today’s plea exemplifies the Department’s commitment to pursuing, arresting and bringing to justice even those hackers who work for a foreign law enforcement or intelligence organization. We wish to thank the Canadian authorities for their skillful assistance in the investigation and arrest of Baratov and to acknowledge the contributions of the other nations and law enforcement services that provided invaluable assistance.”
“The illegal hacking of private communications is a global problem that transcends political boundaries. Cybercrime is not only a grave threat to personal privacy and security, but causes great financial harm to individuals who are hacked and costs the world economy hundreds of billions of dollars every year. These threats are even more insidious when cyber criminals such as Baratov are employed by foreign government agencies acting outside the rule of law,” said U.S. Attorney Stretch. “With the assistance of our law enforcement partners in Canada, we were able to track down and apprehend a prolific criminal hacker who had sold his services to Russian government agents. This prosecution again illustrates that we will identify and pursue charges against hackers who compromise our country’s computer infrastructure.”
“This case is a prime example of the hybrid cyber threat we’re facing, in which nation states work with criminal hackers to carry out malicious activities,” said Executive Assistant Director Abbate. “Today’s guilty plea illustrates how the FBI continues to work relentlessly with our private sector, law enforcement and international partners to identify and hold accountable those who conduct cyber attacks against our nation, no matter who they’re working with or where they attempt to hide.”
Baratov’s role in the charged conspiracy was to hack webmail accounts of individuals of interest to the FSB and send those accounts’ passwords to Dokuchaev in exchange for money. As alleged in the Indictment, Dokuchaev, Sushchin and Belan compromised Yahoo’s network and gained the ability to access Yahoo accounts. When they desired access to individual webmail accounts at a number of other internet service providers, such as Google and Yandex (based in Russia), Dokuchaev tasked Baratov to compromise those accounts. The Indictment is available here, and its allegations are summarized in greater detail in the press release that attended the unsealing of the Indictment on March 15.
As part of his plea agreement, Baratov not only admitted to his hacking activities on behalf of his co-conspirators in the FSB, but also to hacking more than 11,000 webmail accounts in total on behalf of the FSB conspirators and other customers from in or around 2010 until his March 2017 arrest by Canadian authorities. Baratov advertised his services through a network of primarily Russian-language hacker-for-hire web pages hosted on servers around the world. He admitted that he generally spearphished his victims, sending them emails from accounts he established to appear to belong to the webmail provider at which the victim’s account was hosted (such as Google or Yandex). Baratov’s spearphishing emails tricked victims into (i) visiting web pages he constructed to appear legitimate, as though they belonged to the victims’ webmail providers and (ii) entering their account credentials into those web pages. Once Baratov collected the victims’ account credentials, he sent his customers screen shots of the victims’ account contents to prove that he had obtained access and, upon receipt of payment, provided his customers the victims’ log-in credentials.
Baratov pleaded guilty to Count One and Counts Forty through Forty-Seven of the Indictment. Count One charged Baratov, Dokuchaev, Sushchin and Belan with conspiring to violate the Computer Fraud and Abuse Act by stealing information from protected computers in violation of 18 U.S.C. § 1030(a)(2) and causing damage to protected computers in violation of 18 U.S.C. § 1030(a)(5)(A). Counts Forty through Forty-Seven charged Baratov and Dokuchaev with aggravated identity theft in violation of 18 U.S.C. § 1028A. As part of the plea agreement, in addition to any prison sentence, Baratov agreed to pay restitution to his victims and to pay a fine up to $2,250,000 (at $250,000 per count) with any assets he has remaining after satisfying a restitution award.
Baratov waived extradition from Canada and is being detained in California without bail.
Baratov’s sentencing hearing is scheduled for Feb. 20, 2018, before the Honorable Vincent Chhabria, U.S. District Court Judge, in San Francisco. The maximum statutory penalty for each count in violation of 18 U.S.C. §1030(b) is 10 years and a fine of $250,000, plus restitution, if appropriate. The maximum statutory penalty for each count in violation of 18 U.S.C. §1028A is two years (mandatory consecutive) and a fine of $250,000, plus restitution, if appropriate. However, any sentence, including restitution and fine, if any, will be imposed by the court only after consideration of the U.S. Sentencing Guidelines and the federal statute governing the imposition of a sentence, 18 U.S.C. § 3553.
The FBI, led by the San Francisco Field Office, conducted the investigation that resulted in the charges announced today. The case is being prosecuted by the U.S. Department of Justice National Security Division’s Counterintelligence and Export Control Section and the U.S. Attorney’s Office for the Northern District of California, with support of the Justice Department’s Office of International Affairs.
Topic(s):
Counterintelligence and Export Control
Component(s):
National Security Division (NSD)
USAO – California, Northern
Press Release Number:
17-1341
Updated November 28, 2017
Department of Justice Seal – Department of Justice Action Center