Karim Baratov, a 22-year-old Canadian hacker, has pled guilty to "one count of conspiracy to commit computer fraud and abuse and eight counts of aggravated identity theft," admitting in a California court "he cracked account passwords at Gmail on behalf of a customer who turned out to be an officer with Russia’s Federal Security Service, or FSB."
Baratov, a Canadian citizen born in Kazakhstan, became involved with Russia through a black market hacking service he offered that would obtain other people’s Gmail passwords for an advertised rate of $60 per account. An FSB officer, using a pseudonym, offered him a premium rate of $100-a-head to hit a total of 80 targets over time, including people in other Russian agencies, and government officials in neighboring Eastern European nations.
Only eight of the hack attempts were successful, according to Baratov’s defense lawyers, who say Baratov never knew he was working for the Kremlin. “He had no idea until the indictment was unsealed,” said attorney Robert Fantone.
Authorities arrested Baratov in Canada in March on a U.S. warrant, and he has been in jail outside San Francisco since waiving extradition in August:
He’s likely the sole defendant that will ever appear in court on a sweeping 47-count indictment unsealed earlier this year that accused him and three Russian nationals of conspiring to commit a massive 2014 data breach at Yahoo that compromised account information on 500 million users.
He’s not accused of participating directly in the Yahoo hack, or even knowing about it. Instead, the FSB used him to fill the gap when they encountered a target that used Gmail, or another provider, instead of Yahoo, where the FSB already had the ability to access any account. Baratov primarily used phishing attacks that tricked users into entering their passwords into a fake password reset page, and he maintained a fleet of look-alike web addresses for Gmail, Russia’s Mail.Ru, and other webmail providers.
CBC:
The Russian agents, Dmitry Dokuchaev and Igor Sushchin, used the information they stole from Yahoo to spy on Russian journalists, U.S. and Russian government officials and employees of financial services and other private businesses, according to prosecutors.
Dokuchaev, Sushchin and a third Russian national, Alexsey Belan, were also named in the indictment filed in February, though it's not clear whether they will ever step foot in an American courtroom since there's no extradition treaty with Russia.
Baratov's lawyer explains why his client finally pled guilty:
"He's feeling like he's doing the right thing … he's happy that he's doing the right thing, he's happy that he's opening up, and he's not holding back," said Amedeo DiCarlo, one of Baratov's lawyers. "I think that's what the justice system expects of him."
According to the official Department of Justice press release,"Baratov’s sentencing hearing is scheduled for Feb. 20, 2018."
Read more: Canadian Man Pleads Guilty to Hacking Gmail Accounts for the Kremlin (Daily Beast)
Yahoo hacker feels he's 'doing the right thing' after pleading guilty, lawyer says (CBC)
Canadian Hacker Who Conspired With and Aided Russian FSB Officers Pleads Guilty (Department of Justice)