Canadian accused in Yahoo hack has bail hearing
HAMILTON, Ontario – A Canadian man accused in a massive hack of Yahoo emails said Wednesday he’ll live with his parents and forgo access to phones and any electronic equipment if he’s allowed out on bail.
Officials allege that Karim Baratov poses an “extremely high flight risk” because of his alleged ties to Russian agents.
But his lawyer Amedeo DiCarlo said that Baratov has never been to Russia and he will not flee if freed on bail. Baratov arrived in court for his bail wearing a black shirt and sweat pants with his legs shackled. His parents provided him with a dress jacket.
“Flight risk is the issue,” DiCarlo told reporters after arriving at the courthouse in a chauffeured Rolls Royce. “We are going to have measures put in place so that is not going to happen.”
Baratov’s parents have agreed to act as their son’s sureties. His father, Akhmet Tokbergenov, has agreed to turn off the internet in the family home if the court requests it.
Baratov, 22, said he registered an internet business in 2014 that made about $81,000 ($110,000 Canadian) that year registering websites, renting web spaces and preventing web servers from hack attempts. He said he made less in in 2015 and 2016. He was not asked directly about the allegations against him.
U.S. law enforcement officials call Baratov a “hacker-for-hire” paid by Russian Federal Security Service members. He has Kazakh origins, arriving in Canada in 2007 and becoming a citizen in 2011.
Baratov was arrested last month and faces extradition to the U.S. The breach at Yahoo affected at least a half billion user accounts.
He was indicted in the United States for computer hacking along with three other people, including two alleged Russian intelligence agents.
Officials have said Baratov has the money to leave Canada and the ability to destroy evidence related to his alleged activities while on the run.
Prosecutor Heather Graham said police seized about $22,000 ($30,000 Canadian) cash from his home and another $670 ($900 Canadian) from his wallet when he was arrested.
Baratov said he had virtually nothing in his bank accounts and testified that he largely financed a string of luxury cars that included a Lamborghini Diablo, an Austin Martin and a Mercedes Benz. He said half of the money he paid for the cars came from his parents. He also said half the $95,000 ($128,000 Canadian) down payment on a three-bedroom house came from his parents.
Social media pictures of Baratov show him as an exotic car buff. His Facebook and Instagram profiles were peppered with photos of expensive cars.
U.S. justice officials allege Baratov advertised services on a Russian hacker site as “Hacking of email accounts without prepayment” and listed his contact information on the web page email@example.com. The word vzlom is another word for hack in Russian. His posting also lists email providers that he’s hacked before including Gmail and corporate email accounts.
“Baratov has no known legitimate source of income; advertises himself as a hacker-for-hire: maintains significant resources abroad; has access to resources, contacts and finances worldwide; is able to operate his computer hacking business from anywhere; has posted about his travel to Russia; and has travelled internationally,” Brian Stretch, U.S. attorney for the Northern District of California, said in a letter dated March 31.
Despite his online claims, Baratov testified he has never been to Russia and only posted that on behalf of a friend to get advice.
In a scheme that prosecutors say blended intelligence gathering with old-fashioned financial greed, the four men targeted the email accounts of Russian and U.S. government officials, Russian journalists and employees of financial services and other private businesses, American officials said.
In some cases using a technique known as “spear-phishing” to dupe Yahoo users into thinking they were receiving legitimate emails, the hackers broke into at least 500 million accounts in search of personal information and financial data such as gift card and credit card numbers, prosecutors said.
The case, announced amid continued U.S. intelligence agency skepticism of their Russian counterparts, comes as American authorities investigate Russian interference through hacking in the 2016 presidential election. Officials said those investigations are separate.
Alexsey Belan, one of the others accused, is on the list of the FBI’s most wanted cyber criminals and has been indicted multiple times in the United States. It’s not clear whether he or the other two defendants, Dmitry Dokuchaev and Igor Sushchin, will ever step foot in an American courtroom because there’s no extradition treaty with Russia.
The indictment identifies Dokuchaev and Sushchin as officers of the Russian Federal Security Service, or FSB. Belan and Baratov were paid hackers directed by the FSB to break into the accounts, prosecutors said.