When governments turn to private hackers to carry out state-sponsored attacks, as the FBI alleges Russia did in the 2014 breach of Yahoo, they’re taking a big risk.
When governments turn to private hackers to carry out state-sponsored attacks, as the FBI alleges Russia did in the 2014 breach of Yahoo, they’re taking a big risk.
On the one hand, it gives them a bit of plausible deniability while reaping the potential spoils of each attack, but if the hackers aren’t kept on a tight leash things can turn bad.
Karim Baratov, the 22-year-old Canadian hacker who the FBI alleges Russia’s state security agency hired to carry out the Yahoo breach, didn’t care much for a low profile.
His Facebook and Instagram posts boasted of the million-dollar house he bought in a Toronto suburb and there were numerous pictures of him with expensive sports cars — the latest an Aston Martin DB9 with the license plate „MR KARIM. „
But forget those for a moment and consider he wasn’t very careful in hiding his hacking work.
His name is registered to several Russian-language websites that offer email hacking for between $80 and $90 per account. In the domain name records, he listed his home address.
“When you bring in amateurs who don’t follow standard protocol, that carries risk,” said Alex Holden, chief information security officer at Hold Security.
Pictures from Baratov’s Instagram account.
The breach of Yahoo happened in 2014. At the time, the company notified the FBI but only believed 26 accounts had been targeted.