Skip to main content

Trump Administration
  Justice Department Indicts Russian Spies in Yahoo Hacking Attack  CSPAN  March 15, 2017 9:23pm-9:51pm EDT

9:23 pm
outlook or of the appropriate course for monetary policy. i'll have more to say about monetary policy shortly, but -- ofyou can watch the rest janet yellen's news conference on c-span2 or watch it now on the justice department today announced indictments against four russian intelligence officers for the 2014 hacking of yahoo! that compromised 500 million accounts. justice department officials gave details about the legal case in the 25 minute news briefing. >> good morning, thank you for being here today. i'm mary mccord, acting director attorney general for the
9:24 pm
division of the department of justice. fbi executive assistant director paul bayne. us district attorney for the district of california, brian stretch. and the national director of affairs. we're here to announce a major law enforcement action related to one of the largest data breaches in u.s. history. today we are announcing the indictment of four individuals responsible for the 2014 hack into the network provider of yahoo!. the theft of information of 500 million yahoo! accounts and the use of that information to obtain the contents of accounts at yahoo! and other email providers. the defendants include two officers of the russian federal andrity service, intelligence and law enforcement agency of the russian
9:25 pm
federation. and two criminal hackers with whom they conspired to accomplish these intrusions. dmitry dokuchaev and igor sush, both f.s.c. officers, protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the united states and elsewhere. they worked with co-conspirators alexsey belan and karim baratov to hack into the computers of american companies providing internet and email related services. to maintain unauthorized access to those computers and to steal information, including information about individual users and the private contents of their accounts. the defendants targeted yahoo! accounts of russian and u.s. government officials, including cyber security, diplomatic, and military personnel. they also targeted russian journalists, numerous employees
9:26 pm
of other providers whose networks the conspirators sought to exploit, and employees of financial services and other commercial entities. belan has been indicted twice before in the united states for three intrusions into ecommerce companies that victimized millions of customers. and he has been one of the f.b.i.'s most wanted cyber criminals for more than three years. belan's notorious criminal conduct and a pending interpol red notice did not stop the fsb officers who, instead of detaining him, used him to break into yahoo!'s networks. meanwhile, belan used his relationship with the two fsb officers and his access to yahoo! to commit additional crimes to line his own pockets with money. used his access to yahoo! to search for and steal financial information such as gift card and credit card numbers from users email
9:27 pm
accounts. he also gained access to more than 30 million yahoo! accounts whose contacts he then sold to facilitate an email scan -- scam. with these charges, the department of justice is continuing to send a powerful message that we will not allow individuals, groups, nation states, or a combination of them to compromise the privacy of our citizens, the economic interests of our companies or the security of our country. for those who may not be familiar with the f.s.b., it is an intelligence and law enforcement agency and a successor to the soviet union's k.g.b. the f.s.b. unit that the defendants worked for, the center for information security, also known as center 18, is also the f.b.i.'s point of contact in moscow for cyber crime matters. the involvement and direction of f.s.b. officers with law enforcement responsibilities makes this conduct that much
9:28 pm
more egregious. there are no free passes a for foreign, state sponsored criminal behavior. through the work of the national security division, the f.b.i., the united states attorneys' officers around the country, we continue to pursue national security cyber threats using all available tools to investigate malicious activity and attribute it to the country, agency, and individuals involved. when possible and supported by the evidence, we intend to charge those individuals and bring them to justice. as iraq up, i am pleased to announce that a fourth co-conspirator charged in the , wastment, karim baratov arrested yesterday in canada on a provisional arrest warrant. i'd like to thank all of those who worked diligently to bring the investigation to this point, including the men and women of the national security division, the f.b.i., and the u.s. attorney's offices for the northern district of california and the criminal divisions
9:29 pm
office of international affairs for their tireless work. i'd also like to extend a special thanks to yahoo! and google, whose customers were targeted and who cooperated with law enforcement. it is very important for corporations around the country to know that when you are going against the resources and backing of a nation state, it is not a fair fight and it is not a fight you are likely to win alone. but you do not have to go it alone. we can put the full capabilities of the united states behind you to make cases like this. but we cannot do it without your help. at this time, i'd like to introduce f.b.i. executive assistant director paula bates who will provide additional details on today's announcement. >> thank you. good morning everyone, and welcome. today's announcement is a
9:30 pm
tremendous testament to the work and extraordinary efforts that have been done to identify and hold accountable those individuals believed to be responsible for this significant breach of yahoo!'s networks and information technology systems. this indictment details how servicefederal security officers working together with criminal hackers conspired to planning carry out one of the largest cyber intrusions in u.s. history. compromised the networks, along with accounts and personal information of approximately yahoo! users and further stole 500 million millions of user contacts in order to carry out fraud schemes for their own personal financial gain and enrichment, among other things. i want to note, this is a highly complex, long-term investigation that has only reached this stage as a result of the relentless and persistent and dedicated efforts of the team. it also further underscores the
9:31 pm
immense and essential value of early, proactive engagement and cooperation between the private sector and the government. our ability to identify, detect and ultimately hold cybercriminals accountable you -- accountable under the law while preventing and mitigating harm is contingent upon our ability to work closely and cooperatively with companies and individuals who are targeted and victimized as in this case. as mary noted, yesterday's arrest of co-conspirator karim baratov, which was executed by the canadian fugitive services squad, demonstrates our unyielding commitment to bringing to justice cyber criminals no matter where they operate or reside. the criminal hackers in this case used a variety of techniques to access the information they sought. including email spearfishing,
9:32 pm
downloading malicious files and code onto yahoo!'s networks, leasing servers in the u.s. and around the world to carry out their schemes and avoid detection, and registering email accounts using false subscriber information. as this indictment demonstrates, regardless of what methods are employed or where the criminal actors live, if you illegally target u.s. citizens or american companies you will be identified, pursued and heldo account wherever you are. i want to highlight and commend the exceptional work of the f.b.i.'s san francisco field office, the f.b.i. cyberdivision, the u.s. attorney's office for the northern district of california, and our partners here at the department of justice and the national security division. thank you to all of those involved for your outstanding and ongoing contributions to resolving this case. we are extremely grateful as well to our international partners for their assistance and support leading up to these
9:33 pm
criminal charges today. those partners include canada's royal canadian mounted police and as mentioned, the toronto police service and their fugitive squad. as well, the united kingdom's mi-5 made substantial cricks to -- substantial contributions to the advancement of this investigation also. i want to thank additionally our f.b.i. legal attache personnel in ottawa and in london for their great work in supporting and moving forward the operations and investigations that underlie the charges today. and i want to close by saying that we at the f.b.i. together with our partners in the d.o.j. will continue to work hard day in and day out together with our interagency international and private sector partners to one, identify those who conduct cyber attacks against the united states and our allies, two, to identify and expose them to the world, and three, most importantly, to hunt them down and hold them responsible no matter where they live or where
9:34 pm
they attempt to hide. thank you all for being here today and with that, i'd like to turn it over to bryan stretch, the u.s. attorney for the northern district of california. >> paul, thank y. my name is bryan stretch, i'm the u.s. attorney in san francisco. i'm pleased to join the head of national security division and the executive assistant at the f.b.i. to advise you that criminal charges returned in connection with the widely reported yahoo! breach that occurred in 2014. as an important reminder to everybody, the criminal charges and the indictment announced today are allegations only and all four defendants are presumed innocent unless and until proven guilty. we are joined today by the investigating ausa, national security division lawyers and experienced f.b.i. agents who worked tirelessly with yahoo! and google to identify the
9:35 pm
responsible rties and their methods and means for perpetrating one of the largest data breaches ever. silicon valley is home to the world's leading technology companies. the valley's computer infrastructure provides the means by which people around the world communicate with each other in business and in the personal lives. every day, criminal hackers endeavor to gain unauthorized access to personal and proprietary information for nefarious purposes. the department of justice and the technology companies together share a goal and responsibility to protect private communications from cybercriminals. the privacy and security of our internet based communications must be governed by the rule of law. people rightly expect that the government and technology companies both will make every effort to ensure that
9:36 pm
communications through internet providers will remain private. exceptions to this should be few and governed by law. in recent years, the d.o.j. has made cybersecurity a top priority and has taken a number of steps to protect the public from cybercrime. part of this effort has involved conducting extensive outreach throughout silicon valley and elsewhere to encourage service providers to report unauthorized intrusions and the theft of trade secrets. both the d.o.j. and the technology companies throughout the country are beginning to see fruits of this outreach. the benefits of reporting intrusions to the u.s. government include the following. the company's are able to determine the scope and extent of the intrusion and determine the identity of the hackers. the companies are also able to obtain information about what
9:37 pm
could do withs the information obtained. prevent could unnecessary access to the private records of the innocent victims and account holders. regarding the hacks we are talking about today, yahoo! and google informed d.o.j. of the data breaches, cooperated extensively with f.b.i. and d.o.j. teams to investigate the intrusions. and by leveraging the combined efforts of the government and service providers, they assisted in effectuating a targeted, streamlined and effective investigation. the update to this type of approach, the responsible parties have been identified, charges have been returned, one defendant has been arrested and arrest warrants have been issued for the remaining defendants.
9:38 pm
importantly, the cooperative efforts of the government and private sector in this instance allow the u.s. attorney's office along with the national security division and the f.b.i. to accomplish these initial results while maintaining the fundamental privacy interests of the account holders who had their information stolen. we commend both yahoo! and google for working with our office, the f.b.i., and the national security division lawyers to identify and seek justice for the perpetrators of these intrusions. i'll turn it back to mary. >> we'll take a few questions now. >> i was wondering, what do you see as the purpose of this conspiracy? was it financeable gain? -- financial gain? intelligence gathering? >> what the indictment alleges is the fsb officers used criminal hackers to gain information that clearly some of which has intelligence value but in doing so, in using criminal hackers to do so, the criminal hackers used this opportunity
9:39 pm
also to line their own pockets for private financial gain. >> you said this morning at the "financial times" seminar that the government has a number of tools at its disposal, including prosecution. will the u.s. seek other means other than these indictments to go after the russians, sanctions, trade limitations? >> i think those are things that have yet to be determined. as you noted, we are committed to using all tools and we certainly in this case we were able to develop the evidence to the point where we were able to bring criminal charges consistent with the standard required for that. but that doesn't mean we won't look to see if there are other tools that might be available. >> will you look to see if there are other tools? >> i think we will definitely engage in those discussions and considerations. >> is expulsion of diplomats one of those? >> for this type of matter, that is not something we are prepared to address today. >> quickly, you talk about two
9:40 pm
of the indicted are members of the center 18, the f.b.i.'s point of contact in moscow on cyber crime matters. and you described in the press release as beyond the pale. wouldn't it be just natural that people would use that to exploit this? it seems a degree of naivete on the part of the u.s. government. >> i don't think it does. the point is, these are the very people we are supposed to work with, cooperatively, in law enforcement channels. rather than do that type of work they actually turned, you know, sort of against that type of work. and i can certainly pass to paul if he has additional comments on that. >> i would just add, we've had limited cooperation with that element of the russian government in the past. in this case, with respect to belan, he's been charged previously in one case out of the northern district of
9:41 pm
california and also in nevada back in 2012. we have asked for his return. in 2014, through official channels from the russian government and had no response. i think that's reflective of the relationship and the approach we needed to take in terms of the lack of cooperation we've gotten. >> does this need to change or end? >> we need and have to have cooperation from all international partners in order to resolve cases like this among many other threats that we face. but when we look at this case, i'm speaking to this case now, we expect and hope for their cooperation here and in fact post this announcement, we're going to go out with another official request, not just for mr. belan but also the other two individuals who are charged here and residing in russia now. >> this model you're alleging
9:42 pm
officers working with criminal hackers, is this sort of the new normal we're seing in -- seeing in russia and is this a deviation of how you expect these to be carried out? and how were you able to make the link that all four were involved together? >> to take your first question, i'm not going to be specific as to russia on that. we are certainly seeing more and more use by nation states of criminal hackers to carry out some of their intentions. i don't think that's necessarily unique to russia in this particular case of the fsb. and the indictment, i think, alleges in pretty great detail the conspiracy among these four men. the sharing of infrastructure and hacking techniques and tools and procedures. the sharing of the cookies that were minted to be able to gain access into account. with baratov to do other intrusions with email
9:43 pm
providers such as google. >> do you think there's a connection between this case and russian fsb's interference in the election and the hacking there and can you speak to the , president's claim that he was subjected to surveillance in trump tower? allege anyt interference between this and intrusions in the d.n.c. that is a separate investigation. and i have no comment on the other. >> f.s.b. was involved in both, was that coincidental? do you think these were separated operations? they were hacking into yahoo! and google, and other parts like the dnc into the election process? >> we don't have anything that suggests in our indictment that there's any relationship between them. it's an ongoing investigation. >> is there any evidence you've uncovered? i understand the indictment doesn't address it. did investigators uncover any samence, or is this the model you saw, from the perspective of the dnc hack?
9:44 pm
>> i am a sure i am fully understanding your question about this, is this the same model that we saw. and if you're talking about use of criminal hackers, that is a separate an ongoing investigation and i do not have more information on that. >> what about the fsb officers -- your remarks did not specify whether these fsb officers were acting individually or on behalf of the fsb. that's the first question, the second question is, mr. belan based on the f.b.i. warrant says he's a latvian national. in your department of justice statement said he was russian. >> we'll have to get back to you with any correction on that. >> you have two official documents with -- can you answer the first question? >> i nlonger recall your first
9:45 pm
question. >> the first question is whether these two fsb officers were acting individually or on behalf of that agency. >> so when they're -- as our indictment alleges and as we have reason to believe based on our evidence, they were acting in their capacity as fsb officials. >> the attorney general is quoted -- the attorney general, is not recused from this investigation? >> he is not recused from this investigation. >> the authority granted to him in president obama's executive order about malicious hacking, to freeze the assets of officers enforcementt an fsb told? >> as you are aware from this morning's -- there is an executive order that allows for sanctioning in certain circumstances, including circumstances involving economic espionage. again to go back to my response to pete's question, the tools that are potentially on the table remain though table. >> can you just talk a little bit more about how to maintain, or if it's possible to maintain a trusting working relationship
9:46 pm
between the f.b.i. and the fsb given these indictments? how does that work? >> i think that's a challenge. something we're going to continue to work at. i think this case is going to be a great test of that so we can gauge the level of cooperation we get from them now having charged these individuals, we would like to see their full cooperation and assistance in bringing those individuals to justice further aiding us in , expanding the scope of the investigation. >> may i ask about dokuchaev, he had a history before going to the fsb of operating in the dark web and using this alias of forb. do you have any details about whether he continued using that alias, continued conducting criminal activity once he was formally part of the f.s.b., and which dark form did he operate on and what criminal activity did he engage in? >> i am not prepared to address
9:47 pm
those questions only what we're , covering in this indictment. >> to clarify an earlier question, did you see a similar strategy or model that was used in the d.n.c. hack as you saw in this case? >> that's an ongoing investigation so it's not one i'm prepared to discuss what we've seen and how -- what the status of that investigation is. >> has the d.o.j. or f.b.i. heard anything about the possibility of extradition? >> we do not have an extradition treaty with russia. we would hope that they would respect our criminal justice system and respect that these charges -- respect these charges and what they need to do. >> last question. when can we expect -- [inaudible] >> of that is an ongoing pending , matter, which extradition will be requested but i can't estimate what kind of timeline that would be on. >> back to a previous question
9:48 pm
do you and the justice department have any evidence that president trump was wiretapped during his campaign? >> that's not part of this indictment or what we're here to discuss today. >> all right, thanks very much folks. [captioning performed by the national captioning institute, which is responsible for its caption content and accuracy. visit] >> tonight on c-span, the leaders of the house intelligence committee on russian meddling in the 2016 committee. at the msn hearing on influencing democratic governments around the world. later, president trump visits michigan. c-span's washington journal, live every day with news and policy issues that impact you. coming up thursday morning, virginia republican congressman tom garrett discusses the house at gop bill. then, wisconsin democratic congressman, first vice chair of
9:49 pm
the progressive caucus looks at the house democratic agenda, the gop repeal and replace bill, and bill.ump and, the decision by the federal reserve to raise the short-term interest rates and how consumers could be affected by the decision. be sure to watch c-span's washington journal live thursday morning. join the discussion. >> please raise your right hand. with the confirmation hearing for neil gorsuch starting next week, thursday at 8:00 p.m. eastern we will look at the confirmation hearings of all eight current supreme court justices, starting with anthony kennedy in 1987, clarence thomas in 1991, ruth bader ginsburg, 1993, stephen breyer, 1994, john 2006, so to5, alito
9:50 pm
er, and kagen.ay house intelligence committee ranking chair spoke to reporters of the capital about their investigation into russian interference in the 2016 elections. they also commented on president trump's allegation that the obama administration wiretapped trump tower during the campaign. this is 35 minutes. >> welcome, everyone. i want to thank you for being here today. as promised, we will try to keep you updated as we make progress in our investigation, we have to announce the committee hearing on monday, march