On Wednesday, the Justice Department announced the names of four Russians being indicted for hacking over 500 million Yahoo accounts — accessing emails, phone numbers, birthdays, and encrypted security questions and answers — back in 2014. Among those indicted were two Russian Federal Security Service (FSB) officers, Igor Sushchin and Dmitry Dokuchaev, as well as two hackers hired by the Russian government to facilitate the breach.
According to the DOJ, Sushchin and Dokuchaev paid (and “protected”) the two hackers, Alexsey Belan and Karim Baratov, to “collect information through computer intrusions in the U.S.” Their indictment, as noted by the Washington Post is the first time the United States has ever levied a cybercrime charge against a Russian official. Or officials, as it were. The charges include “computer hacking, economic espionage and other criminal offenses in connection with a conspiracy.” Among the accounts breached, the DOJ reports information belonging to journalists, Russian and U.S. government officials, and employees at a Russian cybersecurity company were of particular interest to FSB.
As for what this means for the four Russians, the DOJ announcement makes it clear that these are only indictments, “an indictment is merely an accusation, and a defendant is presumed innocent unless proven guilty in a court of law.” The U.S. does not have an extradition treaty with Russia, so now the United States has to either hope Russia will surrender its citizens (seems unlikely), or hope even harder that they leave Russia at some point and head to a country where the U.S. can extradite them (also seems unlikely). As for what this means for you, go change your Yahoo password, if you still have a Yahoo account at all.