Canadian Karim Baratov has pleaded not guilty to all charges in a US court that he helped Russian agents conduct the massive 2014 cyberattack on Yahoo that saw the data theft of more than 500 million Yahoo user accounts. The 22-year-old Canadian citizen born in Kazakhstan was arrested in Canada in March at the request of US prosecutors and has been charged with gaining unauthorised access to more than 80 Yahoo accounts in exchange for commissions.
According to court documents, Baratov and 29-year-old Russian hacker Alexsey Belan were hired by two officers in Russia's Federal Security Services (FSB) — Dmitry Dokuchaev and his superior Igor Sushchin — to break into Yahoo's network.
Between November to December 2014, Belan allegedly stole a copy of a portion of Yahoo's user database that included sensitive subscriber information such as users' names, recovery email accounts, phone numbers and certain information required to manually create account authentication web browser cookies for over 500 million Yahoo accounts.
Belan also managed to gain illegal access to Yahoo's Account Management Tool, which is a "proprietary means by which Yahoo made and logged changes to user accounts."
Belan, Dokuchaev and Sushchin then used the stolen data to "locate Yahoo email accounts of interest and to mint cookies for those accounts, enabling the co-conspirators to access at least 6,500 such accounts without authorization."
Among the four co-conspirators, Baratov is the only person arrested in the case so far. The others are among the FBI's most-wanted cyber criminals.
Baratov has been charged with conspiring to commit computer fraud and abuse, conspiring to commit access device fraud, conspiring to commit wire fraud and aggravated identity theft. If convicted, the alleged hacker-for-hire faces up to 20 years in prison.
After waiving his right to an extradition hearing last Friday, he was extradited from Canada on Tuesday and entered his plea during a brief appearance at a US Federal Court in the Northern District of California, his lawyer Andrew Mancilla said.
Since his arrest, he has been held without bail after a Canadian judge ruled in April that he posed an "extremely high flight risk" due to his financial resources and alleged ties to Russian intelligence agents.
"Silicon Valley's computer infrastructure provides the means by which people around the world communicate with each other in their business and personal lives," US Attorney Brian Stretch said in March. "The privacy and security of those communications must be governed by the rule of law, not by the whim of criminal hackers and those who employ them.
"We will not tolerate unauthorized and illegal intrusions into the Silicon Valley computer infrastructure upon which both private citizens and the global economy rely."