Ancaster man arrested over massive Yahoo breach
Colin Perkel, CTV Toronto
Published Wednesday, March 15, 2017 12:12PM EDT
Last Updated Wednesday, March 15, 2017 7:02PM EDT
A Canadian man of Kazakh origins who appeared to live a lavish lifestyle in southern Ontario was arrested as one of four suspects in a massive hack of Yahoo that targeted American government officials, Russian journalists opposed to the regime of President Vladimir Putin, and ordinary email users, authorities said Wednesday.
Karim Baratov, 22, was taken into custody in Ancaster, Ont., on Tuesday morning at the request of American officials, a Toronto police spokesman said.
"Our job was to locate and arrest one of the people," Mark Pugash told The Canadian Press. "We did that safely without incident."
The U.S. Department of Justice said a grand jury in California had indicted Baratov and three others -- two of them allegedly officers of the Russian Federal Security Service -- for computer hacking, economic espionage and other criminal offences.
According to the department, the four are alleged to have hacked into Yahoo's systems and stolen information from more than 500 million user accounts.
"(They) then used some of that stolen information to obtain unauthorized access to the contents of accounts at Yahoo, Google and other webmail providers, including accounts of Russian journalists, U.S. and Russian government officials, and private-sector employees of financial, transportation and other companies," the department alleged.
"One of the defendants also exploited his access to Yahoo's network for his personal financial gain, by searching user communications for credit-card and gift-card account numbers."
Baratov was arrested under the extradition act, and appeared in court in Hamilton Wednesday morning, court staff said. His case was put over until Friday afternoon, when he was expected to appear by video.
Mike Le, owner of All In Detailings in Mississauga, Ont., called Baratov an exotic car buff who had referenced doing some "computer geek stuff." His client was popular and flashy but also reserved about anything personal, Le said.
"All my friends know him too, and none of them know anything about his life," Le said. "He's very secretive about his life."
Le said he worked on an Aston Martin for Baratov, who he said frequently bought and sold expensive cars.
If convicted, American authorities said they wanted to seize a grey Aston Martin DBS with the licence plate "MR KARIM" and an unspecified amount of money in Baratov's PayPal account for "Elite Space Corporation," a copy of the indictment in the case shows.
On his Facebook page, Baratov poses with numerous high-end luxury cars in front of a detached home on Chambers Drive in Ancaster. They include an Aston Martin convertible, a Mercedes S500 sedan, a blue Lamborghini and a black Porsche convertible.
Baratov wrote on Facebook that a suspension from high school, where he says he was accused of making death threats against his ex-girlfriend “as a joke,” turned into an expulsion.
He said the expulsion helped him “work on my online projects 24/7 and really move my online businesses to the next level.”
He told a friend on Instagram a month ago that his work consisted of “a few small online projects, just using a few computer skills,” he learned online. He said he now supplements his income by trading stocks.
He lists himself online as a "Self made entrepreneur/programmer/web developer."
None of the allegations against Baratov have been proven in court. The maximum combined penalty for the charges he faces is 27.5 years in prison.
Baratov's Facebook profile links to a Russian-language company website for Elite Space that offers a "server in Russia with any configuration and unlimited traffic" and "persistent domains in China."
A neighbour said police were at Baratov's home all day Tuesday but said she didn't know him that well.
"He doesn't seem to work all day, he just drives up and down the street, and always has a different coloured car," said neighbour Kerry Carter.
Baratov was quiet except for "huge parties" he threw several times a year said Carter, adding that he moved in about two years ago. The home, which had security cameras installed, was listed for sale two days ago for about $930,000 but was abruptly delisted Wednesday.
U.S. officials said Baratov also went by the names Kay, Karim Taloverov and Karim Akehmet Tokbergenov.
RCMP spokesman Sgt. Harold Pfleiderer said the Mounties assisted the FBI in its investigation, and Pugash said Toronto officers effected the arrest because its fugitive squad has a strong reputation.
"This was a very large operation," Pugash said. "Our job was that final part of it, which was to locate and arrest him."
Also indicted in the alleged conspiracy that authorities said began in January 2014 were Dmitry Aleksandrovich Dokuchaev, 33, Igor Anatolyevich Sushchin, 43, and Alexsey Alexseyevich (Magg) Belan, 29, all Russian nationals and residents. Dokuchaev and Sushchin were said to be Russian intelligence agents who allegedly masterminded and directed the hacking, the justice department said.
Dokuchaev and Sushchin allegedly tasked Baratov with hacking more than 80 accounts in exchange for commissions, according to U.S. authorities, who submitted a provisional arrest warrant to Canadian authorities March 7.
"When Baratov was successful, as was often the case, his handling FSB officer, Dokuchaev, paid him a bounty," the 34-page indictment states.
Top American justice and security officials, including Attorney General Jeff Sessions and FBI Director James Comey, announced the 47-count indictment against the four men.
"Cyber-crime poses a significant threat to our nation's security and prosperity, and this is one of the largest data breaches in history," Sessions said.
Belan, who had previously been indicted in 2012 and 2013, was named one of FBI's most wanted cyber-criminals in November 2013 but escaped to Russia before he could be extradited from Europe, the department said.
In December, then-president Barack Obama updated an executive order naming Belan as among hackers whose activities posed a "significant threat" to U.S. national security or financial stability or were aimed at "interfering with or undermining election processes or institutions."
Based in Sunnyvale, Calif., Yahoo was already facing a proposed $50-million class action on behalf of Canadians whose personal information may have been stolen. The company informed the representative plaintiff, Natalia Karasik, of Barrie, Ont., late last year that her information was part of a hack of its servers in 2013.
In September, Yahoo sent a mass email to users to inform them that their account information had been stolen from its network in a cyberattack in late 2014. The information included email addresses, telephone numbers, dates of birth, passwords and security questions. The company said at least 500 million user accounts were affected.
Yahoo also faces class actions in the United States.
-- with files from Michelle McQuigge in Toronto, Nicole Thompson in Hamilton and Nathan Denette in Ancaster, Ont. and CP24