Skip to main content

Karim Baratov, who was born in Kazakhstan but has Canadian citizenship, has been charged for allegedly pilfering 500 million Yahoo user accounts in 2014.

The Hamilton man accused of being a co-conspirator in the Yahoo data breach had already been advertising that he was a hacker for hire when he was directly retained, via e-mail, by an officer of the Russian security service, new court documents allege.

The documents, produced in support of a bid by the U.S. government to extradite Karim Baratov, also allege the 22-year-old resident of the Hamilton suburb of Ancaster has been a hacker-for-hire for years, breaching thousands of accounts outside of the Yahoo case and earning $211,000 during a three-year period.

Among the documents filed at the Hamilton courthouse is an affidavit by Detective Constable Burak Inal of the Toronto Police fugitive squad, which arrested Mr. Baratov on Tuesday morning. The affidavit reveals that, after a request from U.S. officials, the RCMP had placed Mr. Baratov under surveillance for at least six days before he was taken into custody.

Read more: Canadian Karim Baratov, Yahoo hacking suspect, boasted about his wealth

Read more: Websites linked to Karim Baratov explicitly offered hacking services

The court documents state that Mr. Baratov, a Canadian citizen who was born in Kazakhstan, was first contacted in late 2014 by Dmitry Dokuchaev, identified in a U.S. indictment as an officer of Russia's Federal Security Service (FSB), working in the agency's Center 18, its centre for information security.

According to recent Russian media reports, Mr. Dokuchaev was a hacker using the alias Forb until he was coerced into working as a computer specialist for the FSB. He was one of four cybersecurity experts Russian authorities arrested in December and accused of treason.

The latest court files do not detail why Mr. Dokuchaev is alleged to have picked Mr. Baratov, who had a highly visible social-media footprint through which he displayed a flashy lifestyle of cigars, fancy cars and Rolex watches.

Mr. Dokuchaev is alleged in the court documents to have used a Yahoo e-mail account to contact Mr. Baratov and hire him to get the log-in information for about 80 accounts belonging to victims of the Yahoo hack.

The victims included a prominent Kazakh banker, Russian government officials and even Russian cybersecurity company officers, the court filings allege.

It is not clear whether police believe Mr. Baratov knew he was communicating with a Russian intelligence agent. Mr. Baratov is alleged to have created phishing e-mails designed to lure the targets into clicking on bogus links and then providing their log-in credentials.

Mr. Baratov would then send a screenshot of the account to his Russian handlers once he had gained access, the documents state, and provided the full log-in to the Russian FSB only after securing payment.

The payments are alleged to have travelled through Web accounts including a PayPal account that links to a Royal Bank chequing account in Mr. Baratov's name. Between February, 2013, and October, 2016, Mr. Baratov received more than $211,000 via that PayPal account, the court records say, adding, however, that the amounts he is alleged to have earned from the Yahoo scheme are smaller.

The court documents also allege Mr. Baratov shared images of other people's passport photos, "which triggers the FBI's concern that Baratov may be trafficking in personally identifiable information harvested from his hack of his victims' e-mail accounts."

In describing him as a flight risk, the police affidavit states that Mr. Baratov had been engaged in alleged criminal activity for several years, and allegedly hacked thousands of other accounts unconnected to this case since 2012.

It states that his activities are Web-based and could be taken up anywhere if he went on the run.

"Given the serious nature of his conduct, the public impact of his hacking for hire conduct, his substantial earnings as a result of unlawful hacking, and his ties to foreign intelligence officers with nation state resources at their disposal, he should be arrested on an urgent basis and detained," the U.S. extradition request says.

"Baratov's skills are especially concerning. Given the vast scope of his hacking, Baratov has access to the contents of an enormous number of email accounts, not just his own. Accordingly, given his international ties, the international locus of his assets and the portability of his business, Baratov presents a significant flight risk."

Allegations in the court documents match reports by The Globe and Mail and others that Mr. Baratov operated several Web pages advertising hacking services.

Mr. Baratov appeared in Hamilton court via video on Friday. He was dressed in an orange shirt and stood silently listening to proceedings. The judge turned down a request from his lawyers for a publication ban. Mr. Baratov will have a bail hearing on April 5.

Amedeo Dicarlo, one of Mr. Baratov's lawyers, said the allegations against his client are unfounded.

"This is an attack by the U.S. government, it's a challenge by the U.S. government. We are fighting that challenge," he told reporters outside court before the hearing, The Canadian Press reported.