
Canadian Hacker Sentenced to Five Years for Selling Passwords to Russians
Canadian hacker Karim Baratov was sentenced to five years in prison and fined for his role in the Yahoo! data breach. Baratov was charged with computer hacking and other criminal offenses in connection with conspiracy to access Yahoo’s Network and 11,000 webmail accounts. The US Department of Justice stated that although the hacker pleaded guilty to all nine counts, his three co-defendants remain at large.
Hacker Baratov was involved in hacking Yahoo! webmail accounts as well as Google and Yandex webmail accounts from 2010 until March 2017. He was arrested by Canadian authorities at the request of the FBI’s Criminal, Cyber, Response and Services Branch. A Kazakhstan native, Baratov also goes by the names Kay, Karim Taloverov, and Karim Akehmet Tokbergenov.
Baratov hacked webmail accounts on behalf of the Russian Federal Security Service (FSB) and sold the passwords to one of his co-conspirators. He admitted in his guilty plea that he gained access to the email account through a type of cyber attack known as spear phishing.
Baratov’s spear phishing emails tricked victims into visiting web pages that he constructed to appear as legitimate webmail providers known to the recipients. His spear phishing emails conned the recipient into entering their account credentials (username and password) into the fake webpages. Once Baratov collected the victims’ account credentials, he sent screen shots of the victims’ account contents to FSB buyers to prove that he had obtained access. He was paid when he provided the victims’ log-in credentials.
What is a Spear Phishing Attack?
A spear phishing attack is a type of cyber attack where the sender sends a malicious email targeted at a specific recipient. The spear phishing email attempts to trick the recipient into thinking that the email is from a legitimate sender (like the recipient’s bank or employer.) Spear phishing emails emulate the look of a known sender or other trusted source. The goal of a spear phishing email is to gain more information from the recipient in order to gain access to online accounts like banking, email accounts, or other online access.