Thursday March 16, 2017

Who is the Canadian charged in Russian hack of Yahoo accounts?

Accused of a massive data breach at Yahoo, from left, Alexsey Belan, Karim Baratov, Igor Sushchin and Dmitry Dokuchaev.

Accused of a massive data breach at Yahoo, from left, Alexsey Belan, Karim Baratov, Igor Sushchin and Dmitry Dokuchaev. (Reuters/FBI, Bartov: Instagram/Canadian Press)

Listen 19:26

Read story transcript

U.S. Department of Justice dropped a bombshell on March 15, announcing charges against four people accused of compromising 500 million Yahoo accounts in 2014.

Russia is thought to be behind the attack, with interest in accessing the private data of politicians, business executives, activists and foreign officials.  

Three of those accused are Russian — two are agents of the Federal Security Service.

But of the four named, only one is in custody — and he's Canadian.

The 22-year-old Karim Baratov was arrested in Ancaster, Ont., on March 15, with allegations that he helped the Russians at the latter part of their operation — after they had hacked into Yahoo.

"They basically went to Baratov and said, 'OK we have these targets, they have Yahoo accounts. We want you to help us break into their other accounts," explains Matthew Braga, a technology reporter for CBC.  

"He's alleged to have helped the Russian intelligence officials break into about 80 email accounts — 50 of those being Google accounts."

But who is Karim Baratov? How did a 22-year-old from a Hamilton suburb get here?

"He loves his luxury vehicles … his Aston Martins, his Mercedes, his Lamborghinis," jokes Braga.

Karim Baratov

Karim Baratov is an exotic car buff. (Facebook)

"[Online] you see all these comments from posters saying 'how exactly can you afford this lifestyle?' And he always seems to kind of demur and say, 'well you know I just I work in online services.'"

But Baratov's online record reveals more than an appetite for luxury.

"Once you go a little bit further, there's little bits of evidence showing that he may have also been engaging in some of the stuff that the FBI is alleging," Braga tells Anna Maria Tremonti.

"You can find his name and his address tied to domain names that look like they would have been used for phishing attacks — domain names that have been crafted or picked to look similar to an official Google account or a Russian web mail provider."

And Braga assures these are not trivial offences. 

"The FBI is very much of the stance that he is part of an international crime ring ... [and he] played a pretty important part. Arguably, accessing the account credentials of 500 million users is a huge deal. But it was only, you know, the first step."

This segment was produced by The Current's Liz Hoath and Sujata Berry.