Baratov used a phishing technique to get the targets' passwords and then passed them to his Russian contacts in exchange for money. Authorities believe he earned around $1.1 million from the deal and that he used the money to buy a house and cars. The court has ordered him to pay a fine up to $2.25 million at $250,000 per charge, however, and to pay a restitution to his victims with any assets he has left after that. Baratov pleaded guilty to nine felony hacking charges in November and admitted that he hacked at least 80 email accounts on behalf of his Russian contacts. He also admitted that he hacked more than 11,000 email accounts in total from 2010 until his March 2017 arrest.
Acting US Attorney Alex G. Tse stressed authorities' commitment to crack down on hackers-for-hire in a statement:
"The sentence imposed reflects the seriousness of hacking for hire. Hackers such as Baratov ply their trade without regard for the criminal objectives of the people who hire and pay them. These hackers are not minor players; they are a critical tool used by criminals to obtain and exploit personal information illegally. In sentencing Baratov to five years in prison, the Court sent a clear message to hackers that participating in cyber attacks sponsored by nation states will result in significant consequences."
Special Agent in Charge John F. Bennett also said that the "sentencing demonstrates the FBI's unwavering commitment to disrupt and prosecute malicious cyber actors despite their attempts to conceal their identities and hide from justice." As for Baratov, he said his time behind bars since March last year has been "a very humbling and eye-opening experience." The 23-year-old promises to be "a better man" upon release.