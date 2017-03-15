A Hamilton man who bragged recently about buying fancy cars thanks to his hard work and business acumen has been indicted in the United States on allegations that he is part of a massive Russian-directed hacking plot targeting Yahoo! Inc. account holders.

Karim Baratov, a 22-year-old Kazakh-Canadian, is alleged to have hacked the accounts of dozens of targets for suspects linked to the Russian Federal Security Service (FSB) in exchange for payments of roughly $100 U.S. per account, according to a U.S. court indictment unsealed Wednesday.

Earlier this month, Mr. Baratov posted on his Facebook account a photo of a black Mercedes with a vanity plate saying “KARRRIM.”

In other social-media posts, he has boasted that getting suspended from high school in 2013 “for threatening to kill my ex-friend as a joke” was serendipitous because it gave him the time to set up his own business and become wealthy enough to purchase a BMW and buy a house.

“Just using a few computer skills I’ve learned online,” he wrote on his Instagram account to explain his success, next to photos of himself with fancy cars.

The U.S. government is now seeking to seize some of his assets, alleging that they are proceeds of crime, including an Aston Martin with “MR KARIM” vanity plates and his PayPal account, which is registered to “Elite Space Corporation.”

Mr. Baratov was arrested Tuesday by Toronto Police’s fugitive squad on a warrant from American authorities who will now seek his extradition, Acting U.S. Assistant Attorney General Mary McCord told reporters.

Mr. Baratov was arrested at 8.05 am Tuesday at an address in Ancaster, Ont., by the Toronto Police Service’s fugitive squad, police spokesman Mark Pugash said.

Mr. Pugash said Mr. Baratov was arrested without incident and turned over to the RCMP.

Toronto police were called in because its fugitive squad has “quite a high international reputation,” Mr. Pugash said.

“Our part of this was very specific,” he said, and involved tracking him down and arresting him.

He faces four charges, carrying sentences ranging from two to 20 years in prison: conspiring to commit access device fraud, conspiring to commit wire fraud, aggravated identity theft and conspiring to commit computer fraud and abuse.

The targets of Mr. Baratov alleged hacking were Gmail accounts, the indictment said.

According to property records, Mr. Baratov bought a $642,000 house in the Ancaster sector of Hamilton in September 2015 and co-owns the property with an older couple, 57-year-old Akhmet Tokbergenov and 47-year-old Dinara Tokbergenov.

Calls to Mr. Tokbergenov were not answered and his relationship to Mr. Baratov could not immediately be confirmed but U.S. investigators have noted that the latter’s aliases Karim Akehmet Tokbergenov, along with Kay and Karim Taloverov.

Mr. Baratov’s role, according to a criminal indictment, was to help the FSB get into the emails of Russian public officials, politicians and business people.

Along with others, the U.S. government says, Mr. Baratov hacked the email accounts of the assistant deputy chairman of the Russian Federation; the managing director, former sales officer and researcher at a major Russian cybersecurity firm, and officer from the Russian Ministry of Internal Affairs assigned to the ministry’s unit investigating cybercrimes; a physical training expert at the ministry of sports in a Russian regional government and a Russian official at a Russian transportation corporation.

Mr. Baratov was also involved in hacking the emails of the FSB’s “main target” at a Russian financial firm and his wife, U.S. officials allege in the indictment.

Investigators say Mr. Baratove used several techniques including spear phishing – tricking a target to open an attachment on an email that installs malware on their computer – to crack open their accounts.

It was not immediately clear how Mr. Baratov allegedly connected with the FSB officers.

Investigators said they had traced a series of requests from the FSB to Mr. Baratov to hack specific email accounts. When he was successful, they alleged, he would receive a payment from the FSB officers and then provide them with the log-in information for the account.

According to the indictment, the conspiracy started when Dmitry Dokuchaev, a 33-year-old FSB officer, and his superior, 43-year-old Igor Sushchin, teamed up with alleged hacker Alexsey Belan, 29, to penetrate Yahoo’s servers and steal information on 500 million people with accounts there.

They further used that information – along with the help of Mr. Baratov, starting in October 2014 – to allegedly hack a wide range of email accounts belonging to politicians, government officials, business people and journalists.

A particular target appears to have been a Russian investment bank, at which Mr. Sushchin was “embedded.” The group is accused of hacking into the emails of several high-ranking employees and a board member of the unnamed bank.

Among the other people who were hacked were U.S. government employees – including cybersecurity, diplomatic and military personnel, employees of a French transportation company, a U.S. financial services firm, politicians from countries bordering Russia, a Swiss bitcoin wallet, an investigative reporter with Kommersant Daily, a public affairs consultant who analysed Russia’s WTO bid, employees of a U.S. cloud computing company, a Russian deputy consul general, a Nevada gambling official, a sales manager at a major U.S. financial company and a “senior officer” with a U.S. airline.

Mr. Belan, meanwhile, is accused of also using the hacks to steal credit card and gift certificate information for personal gain.

At one point, he also manipulated Yahoo’s search results to redirect users to the website of a pharmacy selling erectile dysfunction medication, which paid him kickbacks in exchange, investigators allege.

With a file from Adrian Morrow

