The Department of Justice has recommended a nearly eight-year prison sentence for Karim Baratov, a Canadian man who pleaded guilty to criminal hacking charges related to the 2014 Yahoo breach that compromised more than 500 million user accounts.
Justice Department prosecutors asked a San Francisco federal court judge on Tuesday to impose a sentence of 94 months imprisonment on Baratov, a Canadian citizen born in Kazakhstan implicated in the historic Yahoo breach.
Baratov was arrested over a year ago at his home in Ontario and later extradited to the U.S. in connection with federal charges related to the Yahoo breach. He pleaded guilty to nine related counts in November and faces a maximum sentence of over 20 years imprisonment under federal guidelines, according to the Justice Department.
Defense attorneys have requested a sentence of 45 months.
Russians including employees of the Federal Security Service (FSB) intelligence agency breached Yahoo’s network in early 2014 and gained unauthorized access to the personal data of more than 500 million user accounts subsequently supplied to Baratov. The “hacker-for-hire” used that information to further compromise thousands of additional emails accounts on behalf of his government clients, according to U.S. prosecutors.
“When the FSB officers … learned that a target of interest had email accounts at webmail providers other than Yahoo, including through information gained from the Yahoo intrusion, they would task Baratov to access the target’s account at the other providers,” federal prosecutors said previously.
“As part of his plea agreement, Baratov not only admitted to his hacking activities on behalf of his co-conspirators in the FSB, but also to hacking more than 11,000 webmail accounts in total on behalf of the FSB conspirators and other customers from in or around 2010 until his March 2017 arrest by Canadian authorities,” the Justice Department said when he pleaded guilty last November.
Baratov’s “criminal conduct is egregious, extensive and reprehensible,” Acting U.S. Attorney Alex G. Tse wrote in the government’s sentencing memorandum submitted Tuesday.
“Sitting behind a keyboard at his home in Canada, he setup and used a hacking infrastructure, including eighty advertising and ‘spoofed’ websites, fraudulent customer support email accounts and email accounts he used to receive customer orders and stolen passwords, on servers throughout the world so that he could conceal his identity and location,” Mr. Tse continued. “Hacking with impunity, the defendant gave little to no consideration to what his customers did with the passwords that the defendant stole or the potential impact on the victims that he and his customers targeted. Indeed, as long as he was paid, the defendant went about hacking into victim accounts and enjoying the criminal proceeds.
Hacking began “as a curiosity” for Baratov that ultimately “got the best of him,” his defense attorneys wrote in their own court filing Tuesday.
Baratov did not know he was assisting Russian intelligence, his attorneys said previously.
“He bore no intent to cause harm” and “sincerely regrets his actions,” defense attorneys wrote. “Neither Mr. Baratov nor the community would be well served by a lengthy prison sentence.”
Baratov is currently scheduled to learn his fate on April 24.
Copyright © 2019 The Washington Times, LLC. Click here for reprint permission.