Two Russian spies and two notorious cybercriminals hacked Yahoo and used the stolen information for targeted attacks, according to indictments the Justice Department announced on Wednesday.
According to court documents, the hackers -- who allegedly compromised 500 million Yahoo accounts in 2014, in one of the largest breaches in history -- targeted people through both individual hacks and spam campaigns that impacted a broader audience.
The specific individuals targeted included diplomats, executives and an investigative reporter. The hackers also launched campaigns against large groups of users -- including people who searched online for erectile dysfunction medicine.
Consumers affected
The court documents describe in detail some of the methods employed by the four hackers indicted: Russian intelligence officers Dmitry Dokuchaev and Igor Sushchin, who belong to Russia's Federal Security Service (FSB), and two alleged hired hackers Karim Baratov and Alexsey Belan.
According to the complaint, the hackers gained access to millions of Yahoo email accounts and searched through them to try to steal credit card information, financial documents and login information for other private accounts like Gmail or retail websites.
Officials say Belan -- who was already on the FBI's "most wanted" cyber list and is currently in Russia --gained access to more than 30 million Yahoo accounts and stole their contacts to send marketing spam.
Belan also set up a scheme to make money off users who searched online for erectile dysfunction medication. By manipulating Yahoo servers, he redirected users' traffic ultimately to send them to an online pharmacy that pays a commission to people who drive traffic to its site.
Specific government, financial targets
The indictment also includes a laundry list of individuals in the hackers' crosshairs, though none are listed by name.
Hackers allegedly gained access to a European diplomat's account, and they targeted accounts of a former Minister of Economic Development in a country bordering Russia (and his wife). They also reportedly accessed accounts belonging to a Russian investigative reporter, a public affairs consultant dealing with Russia's membership to the World Trade Organization and a Russian Deputy Consul General.
Related: DOJ: 2 Russian spies indicted in Yahoo hack
Other individual targets named in the complaint include three employees from a U.S. cloud services company, a senior officer at a Russian web service provider, 14 employees of a Swiss banking firm, a sales manager at a U.S. financial company, a gambling official in Nevada, an officer of a U.S. tech company, a senior officer of a large U.S. airline, the CTO of a French transportation company and numerous people involved with a Russian financial company.
The indictment says the hackers pulled off the breaches commonly by a method called phishing: Someone sends a malicious link to a website that looks legitimate but isn't. When the victim types a username and password on the fake website, hackers collect that information and use the credentials on the real site.
At the same time they targeted Yahoo, the complaint alleges, hackers also tried to infiltrate other accounts with data they discovered by breaching the Yahoo email accounts.
They allegedly tried to access non-Yahoo accounts of an assistant to the Deputy Chairman of the Russian Federation, several employees at a Russian cybersecurity company, a Russian official in a technology crimes unit, a trainer at the Ministry of Sports of a Russian republic and a chairman of a Russian Federation Council committee.
Other targets included a CEO of a metals industry holding company, a banker and university trustee, an International Monetary Fund official and a prominent businesswoman.
Hackers accessed at least 80 other email accounts, including 50 or more Google accounts, according to the complaint.
The indictments cap almost two years of investigation by the FBI's San Francisco office and its law enforcement partners, the Washington Post reported. Acting assistant attorney general for national security Mary McCord said in a statement the hackers' actions were "beyond the pale."
