Skip to main content

Karim Baratov, who was born in Kazakhstan but has Canadian citizenship, has been charged with two Russian spies and another criminal hackers for allegedly pilfering 500 million Yahoo user accounts in 2014.

Karim Baratov stood out in the quiet Hamilton suburb where he lived: a 22-year-old who owned his own home, cruised around the neighbourhood in luxury cars and claimed to be a millionaire.

He credited it all to hard work and entrepreneurship, while on his street there were rumours he had sold a successful Internet company for an eight-figure sum.

On Wednesday, the U.S. government accused him of playing a role in one of the world's largest digital-espionage operations: Court documents said Russian spies paid him to hack into the e-mail accounts of politicians, civil servants and business people around the world.

Read more: How a group of hackers compromised Yahoo's network

Read more: Canadian Karim Baratov, Yahoo hacking suspect, boasted about his wealth

Read more: Yahoo reveals details of Verizon deal negotiations

A two-year FBI investigation alleges agents from Russia's Federal Security Service (FSB) teamed up with a Russian hacker to steal the subscriber information of 500 million Yahoo users. It says they used it to break into the e-mails of hundreds of targets in several countries, including corporate and political leaders and journalists critical of the Russian government.

The Kazakh-Canadian Mr. Baratov was hired to hack some of these e-mails and pass the log-in information to the FSB, which paid him $100 (U.S.) for each address, the FBI alleges.

The case comes amid some of the highest tensions between the United States and Russia since the end of the Cold War, and questions about connections between U.S. President Donald Trump's circle and the Kremlin, which hacked and leaked e-mails about the Democratic Party last fall to help tip the election toward Mr. Trump.

Acting Assistant Attorney-General Mary McCord underlined these tensions on Wednesday announcing the charges in Washington.

"We will not allow individuals, groups, nation states or a combination of them to compromise the privacy of our citizens, the economic interests of our companies, or the security of our country," she told reporters.

Mr. Baratov was the only member of the alleged spy operation arrested. Toronto Police took him into custody at 8:05 a.m. on Tuesday in the Ancaster area of Hamilton, police spokesman Mark Pugash said. Mr. Baratov was arrested on a U.S. warrant and turned over to the RCMP.

Mr. Baratov faces four charges that carry sentences ranging from two to 20 years in prison: conspiring to commit access device fraud, conspiring to commit wire fraud, aggravated identity theft and conspiring to commit computer fraud and abuse.

Three other people – FSB agents Dmitry Dokuchaev, 33, and Igor Sushchin, 43, and Russian hacker Alexsey Belan, 29 – also face charges, but are in Russia and beyond Washington's reach.

According to an indictment unsealed on Wednesday, the men at the centre of the operation are Mr. Dokushaev and his superior, Mr. Sushchin, both officers in the FSB's cyberintelligence department, Section 18. The pair is alleged to have enlisted Mr. Belan, starting in 2014, to hack Yahoo. They got into the Internet company's user database and stole information about hundreds of millions of people with Yahoo accounts.

Along the way, Mr. Belan made some extra money for himself by manipulating Yahoo's search results to direct people to an online pharmacy selling erectile-dysfunction medication, which paid him a commission, investigators say.

Mr. Dokuchaev and Mr. Sushchin used the information stolen from Yahoo to get into the e-mail accounts – some Yahoo, others on Gmail and other providers – of hundreds of powerful people, the FBI says.

The targets included U.S. government employees – cybersecurity officers, diplomats and military personnel – employees of French and Russian transportation companies, an investigative reporter with Kommersant Daily, a U.S. financial-services firm, a Nevada gambling official and a senior officer with a U.S. airline.

The agents were particularly keen to hack executives and board members of a Russian investment bank where Mr. Sushchin was "embedded," the FBI said.

Mr. Dokuchaev is accused of bringing in Mr. Baratov to help with the hacking. How they are alleged to have connected is not clear.

The FBI says Mr. Dokuchaev gave Mr. Baratov a list of 80 e-mail accounts he wanted hacked. When Mr. Baratov cracked an account, he would receive $100 in exchange for the log-in, the indictment says.

Among the people he is accused of hacking are an official with the International Monetary Fund, an aide to a Russian deputy prime minister, a cybercrime investigator in the Russian government and a senior official at a Russian transport company.

Investigators say Mr. Baratov used spear phishing – tricking a target to open an attachment on an e-mail that installs malware on their computer.

None of the people or organizations hacked are named in the indictment.

During the two years he is accused of having been involved with the FSB, Mr. Baratov appears to have done well for himself.

Property records show he bought a $642,000 house on Chambers Drive in a new subdivision in Ancaster. Photographs on a real estate website show a roomy home with high ceilings, hardwood floors and neoclassical pillars. Earlier this week, the house was listed for sale at nearly $1-million.

According to friends and acquaintances and posts on social media, Mr. Baratov drove several fancy cars, including a Mercedes – licence plate "KARRRIM" – an Aston Martin, a BMW and a Lamborghini.

The U.S. indictment said the government is looking to seize an Aston Martin with "MR KARIM" vanity plates and a PayPal account registered to "Elite Space Corporation."

On Facebook, Instagram and AskFM, Mr. Baratov portrayed himself as a hard-working computer whiz and entrepreneur who was a millionaire in his teens.

"I started when I was 12, at 14 I was making more than both of my parents combined. At 15 I got my first million," he wrote. In another post, he chalked up his wealth to "hard work" and said he used "computer skills" to build successful businesses.

In a post last month, Mr. Baratov wrote that in 2013, "I got suspended from school for a few weeks for threatening to kill my ex-friend as a joke." He said he used the time to work on "projects" and "really move my businesses to the next level."

Mr. Baratov's house is co-owned with an older couple, 56-year-old Akhmet Tokbergenov and 46-year-old Dinara Tokbergenov. Calls to a phone number linked to Mr. Tokbergenov were not answered, and his relationship to Mr. Baratov could not immediately be confirmed. U.S. investigators said Mr. Baratov used aliases, including Karim Akehmet Tokbergenov, and Kay and Karim Taloverov.

At another address believed to be the family home, a few minutes from Mr. Baratov's digs, a man and a woman drove up in a white Mercedes SUV and pulled into the garage without stopping to speak on Wednesday.

The registered owner of the house is Mr. Tokbergenov. A neighbour said the couple live there with a daughter in her late teens or early 20s.

Eric Goforth, a McMaster student who lives in a neighbouring house, said he shovelled the driveway alongside Mr. Tokbergenov early on Tuesday morning, around the time Mr. Baratov was arrested. He said they exchanged cheerful pleasantries and chatted about the weather, as they often did, and nothing seemed amiss.

"It was really normal and friendly," Mr. Goforth said.

He identified Mr. Tokbergenov as Mr. Baratov's father. Another neighbour said Mr. Tokbergenov told him he had an import sales business and came from a country near Russia.

Follow Adrian Morrow on Twitter: @adrianmorrowOpens in a new window
Follow Tu Thanh Ha on Twitter: @TuThanhHaOpens in a new window
Follow Joe Friesen on Twitter: @FriesenJoeOpens in a new window

Report an error

Editorial code of conduct

Your Globe

Build your personal news feed

Follow the authors of this article:

Check Following for new articles