The hacker-for-hire involved in the 2014 Yahoo security breach that affected 500 million users has been sentenced to five years in prison. Karim Baratov aka Karim Taloverov aka Karim Akehmet Tokbergenov said he didn't know he was working for Russian spies, since he didn't research his customers. His name first came up when two Russian nationals were charged with orchestrating the Yahoo breach -- according to the DOJ, those nationals were the ones who gave him data from the breach, which he then used to hack into the email accounts of American and Russian journalists, government officials and employees of financial services and private businesses, as well as other persons of interest.
Baratov used a phishing technique to get the targets' passwords and then passed them to his Russian contacts in exchange for money. Authorities believe he earned around $1.1 million from the deal and that he used the money to buy a house and cars. The court has ordered him to pay a fine up to $2.25 million at $250,000 per charge, however, and to pay a restitution to his victims with any assets he has left after that. Baratov pleaded guilty to nine felony hacking charges in November and admitted that he hacked at least 80 email accounts on behalf of his Russian contacts. He also admitted that he hacked more than 11,000 email accounts in total from 2010 until his March 2017 arrest.
Acting US Attorney Alex G. Tse stressed authorities' commitment to crack down on hackers-for-hire in a statement:
"The sentence imposed reflects the seriousness of hacking for hire. Hackers such as Baratov ply their trade without regard for the criminal objectives of the people who hire and pay them. These hackers are not minor players; they are a critical tool used by criminals to obtain and exploit personal information illegally. In sentencing Baratov to five years in prison, the Court sent a clear message to hackers that participating in cyber attacks sponsored by nation states will result in significant consequences."
Special Agent in Charge John F. Bennett also said that the "sentencing demonstrates the FBI's unwavering commitment to disrupt and prosecute malicious cyber actors despite their attempts to conceal their identities and hide from justice." As for Baratov, he said his time behind bars since March last year has been "a very humbling and eye-opening experience." The 23-year-old promises to be "a better man" upon release.