On Wednesday, the Justice Department unsealed an indictment of two Russian intelligence officers and two hackers, one Russian and the other from Kazakhstan, who, the indictment alleges were responsible for the 2014 massive data breach of Yahoo in which tremendous amounts of personal data was stolen. The indictment was originally filed on February 28th, but was only unsealed two days ago. The intelligence officers used the information to spy on specific targeted companies and individuals for political purposes while the hackers were permitted to use the data for a wide range of profit producing scams including credit card fraud and spamming operations. The indictment even details how the hackers diverted Yahoo users looking for erectile dysfunction drugs to a particular pharmacy chosen by the hackers.
This indictment confirms what many of us have long known, which is that the Russian government’s cyberintelligence and cyberwarfare operations are done through a joint venture between criminal hackers with tremendous computer skills and conventional Russian intelligence officers. Under the terms of this joint venture, the hackers working with the government are permitted to perform their own cybercriminal acts without fear of government interference so long as they do not attack Russian targets. This is quite different from what is generally found in other centers of cybercriminal activity such as North Korea and China where the hackers are state workers.
Here is a link to a copy of the indictment:
Whether the cybercriminals trying to attack you are state sponsored or not, the threat is still the same and the defensive measures you must take are no different. Cybersecurity requires constant diligence along with the recognition that you are only as safe as the places that have your information with the weakest security. Limit the amount of personal information you provide to anyone with which you do business. It is also important to use and constantly update security software on all of your devices as well as avoid clicking on links or downloading attachments unless you are absolutely sure that they are legitimate. These are some of the basic steps we all should take to make ourselves safer in cyberspace.