Research

Bail Hearing in Yahoo! Hacking Case

Written by Reflare Research Team | Apr 6, 2017 4:41:00 PM

Karim Baratov is accused of using his role as a "criminal hacker-for-hire" and conspiring to harvest users' personal data from Yahoo's network using no less than five different methods.

First Published 6th April 2017

"Bail? Yaaaa Hooooooo!!!"

4 min read  |  Reflare Research Team

As we reported in a previous briefing, the US District Court of the Northern District of California has issued an indictment against four people alleged to have hacked Yahoo, Inc. Only one of the four indictees - Canadian citizen Karim Baratov - has been taken into custody since.

This week, Mr. Baratov faced his initial bail hearing on April 5th with a bail judgement expected later this month. We will take this opportunity to review ongoing developments in the case.

Origin

Contrary to earlier reports, Mr. Baratov is not and has never been a Russian citizen. He currently holds Canadian citizenship and previously held Kazakh citizenship. Mr. Baratov’s court statements further claim that he has never visited Russia.

Much of the confusion around his country of origin originates from the accused himself: He allegedly has referred to himself as being Russian and travelling to Russia online. His mother is quoted as offering the explanation that the family was ashamed of their Kazakh heritage due to a negative portrayal of the country in western media.

At this point, it is unclear whether or not Mr. Baratov has ever visited Russia. Ultimately, this fact is unlikely to change the overall outcome of the case as hackers do not require to be in a specific physical location to be recruited.

Cashflow

Mr. Baratov maintained several social media accounts containing pictures showing him with expensive cars. According to his own statements, his income is derived from a company he founded which provides general website services. The business allegedly generated CAD 110,000 in 2014 and “less” in the following years.

This amount of money is insufficient to acquire the cars in his possession. Mr. Baratov claims that his parents financially support him, while the prosecution alleges the cars are proof of hidden income from hacking contracts.

Cashflow is significantly easier to trace than cyber attacks. We thus expect the trail of Mr. Baratov’s finances to play a large role in the outcome of his trial.

Remaining Indictees

There is no update on the remaining indictees in this case. Since 3 of them are suspected of currently residing in Russia and one of them appears to have been arrested by Russian authorities on charges of treason 6 weeks ago, it is highly unlikely that anyone except Mr. Baratov will face trial in Canada or the US.

As it is one of the few legal procedures surrounding the current cyber security accusations made between the US and Russia, the case will be closely watched by the international business and intelligence communities. It is likely to both provide insights and set a precedent regarding how people alleged to be hackers working for a foreign government may be prosecuted. We will keep you updated on new developments.