Hacker Sentenced to 5 Years in Yahoo Credential Theft Case

Karim Baratov given prison time and seven-figure fine after guilty plea in the massive Yahoo data breach

Curtis Franklin, Principal Analyst, Omdia

May 30, 2018

2 Min Read
Dark Reading logo in a gray background | Dark Reading

One of the most prominent computer hacking cases in recent years reached a new chapter as Karim Baratov was sentenced to five years in prison and fined an amount equivalent to his remaining assets. Baratov, a Kazakhstan-born Canadian citizen, was sentenced for his role in the massive Yahoo credentials breach that exposed more than 1 billion records to criminals.

Karim Baratov, aka Kay, aka Karim Taloverov, aka Karim Akehmet Tokbergenov, pleaded guilty to nine charges stemming from the breaches. In addition, he admitted to attempting to hack at least 80 Web mail accounts on behalf of co-conspirators, and to hacking more than 11,000 webmail accounts in total from 2010 through March of 2017.

Baratov was one of four individuals charged in the case, the other three being Russian citizens including two officers of the Russian Federal Security Service (FSB). The other three indicted co-conspirators are Dmitry Aleksandrovich Dokuchaev, Igor Anatolyevich Sushchin, and Alexsey Alexseyevich Belan, (aka Magg, one the FBI's most-wanted cybercriminals), all of whom are currently living in Russia.

Officials from the Department of Justice said in statements that the sentence reflects the serious nature of both the crimes and the way that the DoJ views nation-state sponsored criminal hacking. Baratov was a "hacker for hire" who became a resource of the FSB when it came to gathering credentials that could be used for further breaches.

In pre-sentencing motions, Baratov's lawyers had argued that his mercenary nature made him less culpable for his crime, because he didn't know that he was being hired by the FSB — he would hack an account for anyone. Baratov had claimed that most of his customers were individuals looking for information about the online habits of spouses or lovers, though Department of Justice prosecutors argued that the FSB's request for 80 sets of credentials made the claim less credible in this case.

Ultimately, Baratov was given a sentence that, while lengthy for a cybercrime, was less than the maximum possible under the law. The government had argued for a longer sentence on the grounds that nation-state hacking must be considered more serious than "average" criminal activity.

Related Content:

About the Author

Curtis Franklin, Principal Analyst, Omdia

Curtis Franklin, Principal Analyst, Omdia

Curtis Franklin Jr. is Principal Analyst at Omdia, focusing on enterprise security management. Previously, he was senior editor of Dark Reading, editor of Light Reading's Security Now, and executive editor, technology, at InformationWeek, where he was also executive producer of InformationWeek's online radio and podcast episodes

Curtis has been writing about technologies and products in computing and networking since the early 1980s. He has been on staff and contributed to technology-industry publications including BYTE, ComputerWorld, CEO, Enterprise Efficiency, ChannelWeb, Network Computing, InfoWorld, PCWorld, Dark Reading, and ITWorld.com on subjects ranging from mobile enterprise computing to enterprise security and wireless networking.

Curtis is the author of thousands of articles, the co-author of five books, and has been a frequent speaker at computer and networking industry conferences across North America and Europe. His most recent books, Cloud Computing: Technologies and Strategies of the Ubiquitous Data Center, and Securing the Cloud: Security Strategies for the Ubiquitous Data Center, with co-author Brian Chee, are published by Taylor and Francis.

When he's not writing, Curtis is a painter, photographer, cook, and multi-instrumentalist musician. He is active in running, amateur radio (KG4GWA), the MakerFX maker space in Orlando, FL, and is a certified Florida Master Naturalist.

See more from Curtis Franklin, Principal Analyst, Omdia
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Pegasus Spyware concept with binary code background
Endpoint Security
WhatsApp: NSO Group Operates Pegasus Spyware for CustomersWhatsApp: NSO Group Operates Pegasus Spyware for Customers
byJai Vijayan, Contributing Writer
Nov 18, 2024
4 Min Read
Laptop with Palo Alto networks logo
Cyberattacks & Data Breaches
Palo Alto Networks Patches Critical Zero-Day Firewall BugPalo Alto Networks Patches Critical Zero-Day Firewall Bug
byBecky Bracken, Senior Editor, Dark Reading
Nov 18, 2024
3 Min Read
ChatGPT, typed out on a screen
Сloud Security
ChatGPT Exposes Its Instructions, Knowledge & OS FilesChatGPT Exposes Its Instructions, Knowledge & OS Files
byNate Nelson, Contributing Writer
Nov 15, 2024
4 Min Read
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers
Events
More Events