Was the massive hack of Yahoo—the largest hack in history—related in any way to the Russian “hacking” of the U.S. election? I’ve been asking quietly myself that question, and asking sources that question, for many months. Now, it’s time to ask the question out loud.
Events are suddenly moving fast; I’ll try to sort through them and their meaning here.
Dmitry Dokuchaev, a former underground hacker and “carder” turned Russian FSB agent, has agreed to plead guilty in Russia for sharing intelligence with foreign powers, according to Russia media. Dokuchaev, who has been in Russia custody for many months and is suspected of being a double-agent, is also under indictment in the U.S. for his role in the Yahoo hack. His plea connects enough dots that it’s worth trying to make a picture out of them. Keep reading below. For a lot more background on this, click below to listen to my podcast on the Yahoo hack.
Conspiracies are by their nature complex. I’m not going to list all the names and connections here, out of fear of boring you. But you can get most of that drama by listening to Breach. Or email me, and I’ll draw you a picture on a whiteboard. But here’s a bullet list of things about Dokuchaev’s plea, Yahoo, and the election hacking that suggests a connection.
Let’s begin with a quick refresher, and a premise: The U.S. government alleges that four suspects hacked Yahoo and essentially had access to 500 million accounts—including the ability to read individuals’ emails—for two and a half years, beginning in 2014. As an intelligence-gathering operation, it might be the most successful in history. It’s easy to imagine how such a treasure trove of data would be useful to a foreign power. The U.S. indictment lists dozens of individuals who were specifically targeted for email snooping: journalists, diplomats, executives. The data could be used as part of a disinformation campaign, too. It’s been suggested—without proof, as far as I know—that Russian trolls created fake Facebook accounts using Yahoo accounts as the basis for identity creation.
The four suspects accused of conspiring to hack Yahoo are three Russians, including two FSB agents, and one Kazakh living in Canada.
Dmitry Dokuchaev was perhaps the most interesting of the four because he had an accomplished career as a credit card hacker before he “went corporate” and became an FSB agent. He maintained connections in the underground, and seemingly also managed, and groomed, outside hackers. That’s common practice. Hackers caught committing crimes are often given the choice to face incarceration or to do some work on behalf of government officials instead.
Dokuchaev managed Karim Baratov, the Kazakh, who was hired by the Yahoo hacking team to break into Gmail accounts for $100 each. He is now in a California jail awaiting sentencing. Dokuchaev is also interesting because he was rather famously led out of FSB headquarters in December 2016, arrested and accused of treason, right after the U.S. started complaining that Russians had meddled in the election—and after the Steele dossier was made public. There has been speculation that Russians think Dokuchaev was the source of some U.S. intelligence. But Dokuchaev has been silent since then, holed up in a maximum security prison—perhaps for his own safety, perhaps so he can be the fall guy.
Dokuchaev, according to reports, has agreed to plead guilty to sharing intelligence with foreign powers. That’s interesting because that was, theoretically, his job. He worked at the FSB’s Center 18, which was supposed to be the part of the agency that shared underground intel with other countries, including the U.S., as part of a good-faith effort to catch digital criminals across borders.
The timing of his plea is interesting because it came just days after the Czech republic agreed to extradite Yevgeniy Nikulin to the U.S. Nikulin is suspected of being the mastermind behind some other high-profile hacks, including the attacks on DropBox and LinkedIn in 2012. The March 30 extradition ruling was a bit of a surprise—it came just days after Rep. Paul Ryan visited Prague and called for his extradition—and the Russians aren’t happy. They had also demanded his extradition.
Some Russian reports have said Dokuchaev shared incriminating information on Nikulin with U.S. authorities.
According to report Kevin Hall at McClatchy, huge stolen datasets from sites like LinkedIn, DropBox, and probably Yahoo, would have been useful to election hacking efforts.
“U.S. intelligence believes the high-profile hacks of U.S. tech-firm databases allowed Russia to mine hundreds of millions of user accounts for personal information on election officials and U.S. political activists. This data could be used to try to enter secure websites or hypothetically to gather compromising information,” Hall wrote.
There’s also the curious case of Konstantin Kozlovsky, a hacker in jail in Russia, who has made several hard-to-substantiate claims about being involved in hacking the U.S. election. Fast Company published a jailhouse interview with him last month. Also, in a Facebook post, he claims that he hacked the U.S. Democratic Party, the World Anti-Doping Agency, the Olympics Committee, and FIFA on the orders of his boss—Dmitry Dokuchaev.
That suggests the same FSB agent directed cyberattacks on Yahoo and the election. And that man just pled guilty to helping foreign intelligence, avoiding anything like a public trial where more facts might come out.
It’s important to note that in the world of cyberhacking, and of course in the world of statecraft, things are rarely what they seem to be. There are those who speculate Dokuchaev has been set up to take the fall for election hacking, or that Russians will soon blame it on a rogue agent who was actually working on behalf of the U.S. government—in other words, the U.S. hacked its own election.
There is one other piece of data linking Yahoo to the election which you should know. The fourth suspect indicted in the Yahoo hack is Alexsey Belan, who seems to have been the real brains behind the operation. Earlier he had been arrested in Greece and managed to escape to avoid extradition to the U.S.—something Nikulin was unable to pull off. In the days following the U.S. election, the Obama administration issued a set of sanctions against Russia agencies for meddling. Two individuals were also sanctioned: One was Belan.
There are numerous unanswered questions about the Yahoo hack, and of course, about the 2016 presidential election. Unfortunately, many of those involved still won’t talk. We may never have all the answers. But we’ll keep trying.
This article originally appears on BobSullivan.net and was used by SecureWorld with permission.
