The indictments Wednesday in the United States of four people in a 2014 cyber attack on Yahoo Inc provides the clearest details yet on what some U.S. officials say is a symbiotic relationship between Moscow’s security services and private Russian hackers.
The indictment charges two officers of the FSB, Russia’s Federal Security Service, and two hackers who allegedly worked hand-in-hand with them to crack 500 million Yahoo user accounts.
U.S. authorities and cyber security specialists have long said the Kremlin employs criminal hackers for its geostrategic purposes. They say the arrangement offers deniability to Moscow and freedom from legal troubles for the hackers.
A U.S. intelligence official, speaking on condition of anonymity, said employing criminal hackers helps “complement Kremlin intentions and provide plausible deniability for the Russian state.”
The FSB in Moscow did not respond immediately to a request for comment on Wednesday evening.
The United States sometimes engages with criminal hackers as well, buying tools from them or recruiting them to help find other criminal hackers, cyber security professionals and government officials say.
Milan Patel, a former FBI cyber agent and now managing director for cyber defense at K2 Intelligence, said the intermingling of espionage and cyber crime in Russia had led the United States and its allies to be far more wary about alerting Moscow to criminal hackers.
“Magically those guys would disappear off the battlefield and most likely end up working for the Russian government,” Patel said of the names shared by Washington.
The Russian government had no official comment on the charges in the Yahoo case.
Russian news accounts stressed that one of the FSB agents, Dmitry Dokuchaev, was arrested by Russian authorities in December and charged with treason.
The indictment charges Dokuchaev with having acted as a handler for a hacker named Karim Baratov, directing him to use the Yahoo data to crack emails on other systems and paying him a bounty when he succeeded.
Baratov is in custody in Canada, according to the Toronto police, while Dokuchaev remains in Russia.
The charges coincide with mounting tensions between U.S. intelligence agencies and Russian President Vladimir Putin’s government, which they accused of hacking the 2016 U.S. presidential election to influence the vote in favor of then-Republican candidate Donald Trump.
In addition, congressional committees are investigating possible links between Russian figures and associates of President Trump.
Senator John Warner of Virginia, the ranking Democrat on the Senate Select Committee on Intelligence, said in a statement the indictments showed “the close and mutually beneficial ties between the cyber underworld and Russia’s government and security services.”
He said the case “underscores the complexity and the urgency” of the committee’s investigation of Russian interference in the U.S. election.
James Lewis, a former State Department official and now a cyber expert at the Center for Strategic and International Studies, said there were three rules for cooperation between the Russian government and criminal hackers.
Private hackers know to avoid attacking Russian-language sites and to share their profits with authorities, he said. “Rule Number Three (is), if we ask you to do us a favor, do it.”
(Reporting by Warren Strobel and Jonathan Landay; Additional reporting by Dustin Volz; Editing by Jonathan Weber, Grant McCool and Paul Tait)