The U.S. Federal Bureau of Investigation has been investigating the intrusion for two years, but it was only in late 2016 that the full scale of the hack became apparent. On Wednesday, the FBI indicted four people for the attack, two of whom are rogue FSB spies who work for the division that is supposed to cooperate with America’s FBI on cybercrime investigations. (The FSB is the succcessor to the KGB).
Kremlin Intelligence Services Overlap With Russian Cybercrime Underworld
One of these two rogues, Dmitry Dokuchaev, was himself recently arrested on what the Moscow press calls “treason” charges for passing information to the CIA. In reality, Dokuchaev started out as a criminal hacker who moved to the FSB but never stopped his old tricks. He was just one of the many criminals working inside Russia’s intelligence bureaucracy, and for personal profit he sold information to intermediaries that ultimately found its way to the CIA.
The investigation exposed rivalries inside the Kremlin intelligence establishment as well as inside the Russian cybercrime underworld with which it overlaps. Dokuchaev was part of the Shaltai-Boltai, a hacker group that exploits stolen data to embarrass and blackmail Russian politicians and business officials.
Here's how the FBI says they did it:
The hack began with a spear-phishing email sent in early 2014 to a Yahoo company employee. It's unclear how many employees were targeted and how many emails were sent, but it only takes one person to click on a link, and it happened. Unimaginable that Yahoo did not sufficiently step employees through new-school security awareness training to prevent disasters like this.
It was all over the press, but CSO had the best story about, with more detail, background and even video: