Wednesday’s indictments are the first major cyber crime prosecutions of the 2-month-old Trump administration, even though the majority of the investigation occurred during the Obama era. | AP Photo DOJ indicts Russian spies in massive Yahoo breach The indictments are part of the largest hacking case the Justice Department has ever pursued.

In a landmark move, the Justice Department on Wednesday indicted four men, including two Russian spies, for hacking into Yahoo and stealing data on 500 million users.

The indictments mark the first time the U.S. has ever filed criminal cyber charges against Russian government officials.


Officials described a plot in which Russian intelligence agents hired, and then protected, notorious criminal hackers in order to pull off one of the largest breaches ever. Moscow allegedly used the pilfered information to build dossiers on local journalists, dissidents and U.S. officials, while the criminals leveraged it to steal identities and launch email spam schemes.

Mary McCord, the acting assistant attorney general for national security, called the actions "beyond the pale."

Wednesday's move will likely further strain Washington's tense relationship with Moscow, which has already been strained over recent allegations of hacking and failed joint efforts to fight terrorist groups in Syria.

The charges come less than three months after the Obama administration slapped Moscow with sanctions for dispatching its hackers to help President Donald Trump win the election. Wednesday's indictments are not related to the election cyberattacks, however.

The two Russian government officials charged on Wednesday, Dmitry Dokuchaev and Igor Sushchin, are agents of Russia’s Federal Security Service, or FSB. They work within the FSB’s cyber intelligence wing, which collects digital evidence for the Russian government and serves as the FBI's point of contact in Moscow on cyber crime, McCord said.

The two FSB officials are unlikely to face prison time because Russia does not have an extradition treaty with the United States. But Justice Department officials have long argued that being named in an American indictment is enough to complicate hackers’ lives.

Morning Tech Technology news from Washington and Silicon Valley — weekday mornings, in your inbox. Email Sign Up By signing up you agree to receive email newsletters or alerts from POLITICO. You can unsubscribe at any time. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

“It impedes those people’s liberty to travel,” McCord said Wednesday morning at a Financial Times event, speaking generally of cyber criminals. “Frankly, they’re thieves, and it exposes them as not being very successful if, in fact, they’re caught and they’re named.”

A third hacker charged in the case, Karim Baratov, was arrested in Canada on Tuesday. Baratov is a Canadian citizen born in Kazakhstan.

The fourth person named in the indictments, Alexsey Belan, is in Russia, where officials said local authorities are protecting him. McCord said he used his access to Yahoo’s systems to steal users’ financial information, including gift cards in their inboxes, and to collect users’ contacts for an email scam.

Belan, who is on the FBI’s most-wanted cyber list, was named in the round of sanctions the Obama administration levied in December in response to a wide-ranging campaign to meddle in the U.S. election.

In addition to punishing the FSB and Russia’s main intelligence directorate, the GRU, the U.S. ejected several dozen diplomats and sanctioned two criminal hackers, including Belan, who weren’t tied to the election-year hacks.

Belan and the other hackers linked to the Yahoo breach appear to have been on U.S. authorities’ radar long before Moscow allegedly launched its digital interference campaign on the U.S. presidential race.

The Washington Post reported that the indictments resulted from nearly two years of investigation by the FBI’s San Francisco bureau and international partners.

On Wednesday, DOJ prosecutors officially charged the hackers with economic espionage, the theft of trade secrets, wire fraud and "aggravated identity theft," among other charges.

Michael Daniel, former President Barack Obama’s top cyber adviser, said government prosecutors would not have made formal charges against Russian officials unless they were highly confident in their findings.

“It means that they must have a very strong case with substantial evidence to back it up,” said Daniel, now the president of the Cyber Threat Alliance, via email.

The Yahoo breach didn’t become public until this past September, when the tech giant announced a 2014 data breach that had exposed personal information on 500 million users, possibly giving hackers and spies access to email accounts and other Yahoo-linked applications.

Two months later, Yahoo announced a second breach from 2013 that it said affected one billion users. In announcing the second infiltration, Yahoo revealed that hackers had figured out how to forge the company’s tracking cookies, potentially allowing them to simulate a successful login without knowing the target’s password.

The two hacks prompted telecommunications giant Verizon, which is in the process of buying Yahoo, to reduce its offer by $350 million, to $4.4 billion.

Wednesday’s indictments are the first major cyber crime prosecutions of the two-month-old Trump administration, even though the majority of the investigation occurred during the Obama era.

The charges bolster the long-standing belief that America’s digital adversaries are covertly supporting cyber criminals, said Megan Stifel, a director for international cyber policy at the National Security Council from 2013 to 2014.

DOJ officials said the FSB helped Belan, the hacker on the FBI's most-wanted list, evade authorities by passing him sensitive law enforcement and intelligence information.

“For years we've been talking about collaboration and collusion among government hackers and criminal hacking groups,” Stifel, the founder and CEO of Silicon Harbor Consultants, said in an email. “These charges bring those claims even greater legitimacy.”

Overall, the charges are the third time the Justice Department has indicted members of another government for hacking U.S. targets.

In 2014, the government indicted five Chinese military hackers for infiltrating various U.S. companies. And in 2016, DOJ charged Iranian government-backed hackers for attacks on American banks and a small dam in upstate New York.

At the press conference, McCord implored other American companies fighting off foreign government-backed hackers to bring in U.S. investigators.

“You do not have to go it alone," she said. "We can put the full capabilities of the United States behind you to make cases like this.”

Yahoo, which faced skepticism when it initially claimed its 2014 breach was the act of a foreign government, said Wednesday's indictments vindicated its assessment.

"The indictment unequivocally shows the attacks on Yahoo were state-sponsored," Chris Madsen, the company's assistant general counsel and head of global law enforcement, said in a blog post.