CNET también está disponible en español.

Ir a español

Don't show this again

AOC plays Among Us iPhone 12 and 12 Pro review Netflix subscriber growth NASA Osiris-Rex Stimulus negotiation reckoning MagSafe accessories for the iPhone 12 The Haunting of Bly Manor ending
NAZPHOTO / Getty Images

Russia-linked hacker gets 5 years in Yahoo security breach

Prosecutors called the 23-year-old an "international hacker-for-hire."

A hacker who worked for a Russian spy agency was sentenced Tuesday to five years in prison for using data stolen in a massive Yahoo data breach to gain access to private emails.

Karim Baratov, 23, also agreed to pay restitution to his victims and a fine of up to $2.25 million, the Department of Justice said in a statement. Baratov pleaded guilty in November to aggravated identity theft and conspiring to commit computer fraud and abuse.

Working with agents from the Russian intelligence agency called FSB, Baratov hacked into email accounts hosted by Google and Yandex. The same agents were also allegedly responsible for the 2014 hack of Yahoo that compromised 500 million user accounts.

Prosecutors called Baratov, a Canadian national, an "international hacker-for-hire" who hacked without discussion or hesitation for Dmitry Dokuchaev, an officer for the FSB.

"The sentence imposed reflects the seriousness of hacking for hire," said Acting U.S. Attorney Alex Tse. "Hackers such as Baratov ply their trade without regard for the criminal objectives of the people who hire and pay them."

Baratov was accused of sending phishing emails to specific email accounts, tricking users into handing over their usernames and passwords, and then sending the login information to Russian agents. 

A two-year investigation by the FBI's San Francisco branch found evidence Russian spies helped to break into Yahoo to steal information from US government officials, Russian dissidents and journalists. The Yahoo breach is the largest hacking case ever handled by the US government.

Other victims of the hacks included employees of a Russian cybersecurity company, a Russian investment banking firm, a French transportation company, US financial firms, a Swiss bitcoin wallet and a US airline. Investigators said the spies also hacked their victims' spouses and children's emails to dig up extra dirt.

First published May 29, 3:36 p.m. PT.
Update, 4:59 p.m.: Adds comments from DOJ, additional details. 

Security: Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.

Blockchain Decoded: CNET looks at the tech powering bitcoin -- and soon, too, a myriad services that will change your life.