Canadian Hacker Sentenced to Five Years

Canadian Hacker Sentenced to Five Years for Selling Passwords to Russians

Canadian hacker Karim Baratov was sentenced to five years in prison and fined for his role in the Yahoo! data breach. Baratov was charged with computer hacking and other criminal offenses in connection with conspiracy to access Yahoo’s Network and 11,000 webmail accounts. The US Department of Justice stated that although the hacker pleaded guilty to all nine counts, his three co-defendants remain at large.

Hacker Baratov was involved in hacking Yahoo! webmail accounts as well as Google and Yandex webmail accounts from 2010 until March 2017. He was arrested by Canadian authorities at the request of the FBI’s Criminal, Cyber, Response and Services Branch. A Kazakhstan native, Baratov also goes by the names Kay, Karim Taloverov, and Karim Akehmet Tokbergenov.

Baratov hacked webmail accounts on behalf of the Russian Federal Security Service (FSB) and sold the passwords to one of his co-conspirators. He admitted in his guilty plea that he gained access to the email account through a type of cyber attack known as spear phishing.

Baratov’s spear phishing emails tricked victims into visiting web pages that he constructed to appear as legitimate webmail providers known to the recipients. His spear phishing emails conned the recipient into entering their account credentials (username and password) into the fake webpages. Once Baratov collected the victims’ account credentials, he sent screen shots of the victims’ account contents to FSB buyers to prove that he had obtained access. He was paid when he provided the victims’ log-in credentials.

What is a Spear Phishing Attack?

A spear phishing attack is a type of cyber attack where the sender sends a malicious email targeted at a specific recipient. The spear phishing email attempts to trick the recipient into thinking that the email is from a legitimate sender (like the recipient’s bank or employer.) Spear phishing emails emulate the look of a known sender or other trusted source. The goal of a spear phishing email is to gain more information from the recipient in order to gain access to online accounts like banking, email accounts, or other online access.

Michelle - Profile Photo

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers