The cybercriminal responsible for the Yahoo data breach in 2014 is set to face the next five years behind bars.
Prosecutors from the Department of Justice had asked judge Vince Chhabria in a San Francisco federal court to sentence cyberhacker Karim Baratov to 94 months in prison for his role in the Yahoo mega-breach. In the end, the judge sentenced Baratov to five years in a U.S prison.
Baratov, born in Kazakhstan, is a Canadian citizen and was indicted last March for working with the Russian Federal Security Service to pull off the breach on Yahoo, which is now historic. It is said that more than half a billion Yahoo accounts were affected, and in another breach, only months after, billions more.
In November 2017, Baratov pleaded guilty to nine counts including violating the Computer Fraud and Abuse Act and aggravated identity theft. These hold a maximum of 20 years in prison.
Baratov was, as many called him, a “hacker-for hire.” He would take jobs without knowing much about his “bosses”—or their motivation for hacking. Baratov ran his business out of his Ontario home and often advertised his services to Russians. One of his sites, which he called “web hacker,” advertised the hacking of webmail accounts from both Russian and Google providers without prepayment.
This work gave Baratov a pretty nice life. He lived in a home worth about $650,000 and drove a fleet of luxury cars including a Mercedes, Lamborghini, Aston Martin, BMW, and Porsche. He often bragged about his cushy lifestyle on social media and was not shy about posting photos of stacks of Canadian bills.
Once Baratov did his hacking, his clients had full access to the email accounts and they could do any number of crimes. Baratov gave his customers the ability to not only commit cybercrimes but also conceal their identities in the process.
In court, Baratov’s legal team admitted that he is indeed a hacker and was responsible for the Yahoo data breach, but they argued that he isn’t a dangerous as the Department of Justice was implying. After all, they said that this is only his first arrest, and that he was young ( under 22-years old) when most of the accounts were hacked.
Baratov’s team weren’t asking for him to get away with his crimes scot-free. In fact, they had suggested he serve 3.7 years. In the end, the judge settled somewhere in the middle.
Along with jail time, Baratov was ordered to pay out all of his remaining assets up to $2,250,000 in the form of a fine. According to the U.S. Justice Department, Baratov was also working with two other agents from the FSB—Russia’s spy agency – Dmitry Dokuchaev and Igor Sushchin on the Yahoo data breach. They also had a partner named Alexsey Belan. These individuals are likely to escape punishment, however, as they are currently residing in Russia. Belan is now on the FBI’s Most Wanted Hackers list.
Want to protect yourself against hackers? Download Hotspot Shield for free today and make sure all of your devices are secure.