The Kazakhstan-born Canadian citizen Karim Baratov (22) has pleaded guilty to massive 2014 Yahoo hack that affected three billion accounts.
He admitted that he generally spearphished his victims, sending them emails from accounts he established to appear to belong to the webmail provider at which the victim’s account was hosted (such as Google or Yandex).
Karim Baratov was arrested in Toronto at his home by the Toronto Police Department in March.
In the federal district court in San Francisco on Tuesday, Baratov admitted to helping the Russian intelligence and pleaded guilty to a total of nine counts, including:
- One count of conspiring to violate the Computer Fraud and Abuse Act by stealing information from protected computers and causing damage to protected computers.
- Eight counts of aggravated identity theft.
Baratov’s spearphishing emails tricked victims into (i) visiting web pages he constructed to appear legitimate, as though they belonged to the victims’ webmail providers and (ii) entering their account credentials into those web pages.
Once Baratov collected the victims’ account credentials, he sent the Russian FSB (the renamed KGB) screen shots of the victims’ account contents to prove that he had obtained access and, upon receipt of payment, provided his customers the victims’ log-in credentials.”
Baratov’s sentencing hearing will be held on 20th February next year in federal district court in San Francisco. The man could face up to 87 months in jail for the first charge and 24 months for the identity theft charges.
“These threats are even more insidious when cybercriminals such as Baratov are employed by foreign government agencies acting outside the rule of law.” US Attorney Brian Stretch said.
Spearphishing attacks are also preventable by stepping users through new-school security awareness training that includes frequent simulated social engineering attacks. Source: http://securityaffairs.co/wordpress/66156/cyber-crime/yahoo-hack-intelligence.html
I strongly suggest you get a quote for new-school security awareness training for your organization and find out how affordable this is. You simply have got to start training and phishing your users ASAP because your filters never catch all of it. Get a quote now and you will be pleasantly surprised.
Don't like to click on redirected buttons? Cut & Paste this link in your browser:
https://info.knowbe4.com/kmsat_get_a_quote_now
Let's stay safe out there.
Warm regards,
Stu Sjouwerman,
Founder and CEO, KnowBe4, Inc