Yahoo Hackers: Who They Targeted and What They Stole
The Justice Department on Wednesday laid criminal charges against four men, including Russian spies, related to a massive hack of Yahoo user accounts in 2014. The accusations also revealed important new details about who they allegedly targeted and what they are said to have stolen.
In a 39-page indictment, the government described a range of criminal activities that included spying on executives, a spam operation, a scheme to market erectile dysfunction drugs, and the use of Yahoo accounts to target other online services such as Google’s Gmail.
The schemes allegedly began in 2014 when two members of Russia’s FSB (the successor the Soviet Union’s KGB) worked with two cyber mercenaries, including one in Canada, to hack and exploit Yahoo user data.
As the indictment explains, one of the hackers searched compromised Yahoo email accounts for terms like “visa” and “mastercard” and for credit cards’ three digital security code that are required for online purchases. Other searches targeted “Apple..account” as well as “iTunes.. account” and gift cards.
The indictment (you can see a copy here with key parts underlined) also cites numerous examples of the hackers using stolen Yahoo data as a stepping stone to target the Gmail accounts of certain individuals. This happened when those individuals provided a Gmail account as an alternative contact to Yahoo.
As the indictment explains, the FSB agents asked one of the hackers to trick the owners of those Gmail accounts to give up their passwords, paying him $100 for each successful attempt.
The Justice Department claims the Russians targeted over 50 Gmail accounts in this fashion, though it’s unclear how many of the attempts were successful. Google did not immediately return a request for comment.
The Gmail scheme reflects how, on some occasions, the FSB used the Yahoo data to target specific people—presumably those who had important or valuable information (the indictment doesn’t name the victims).
This effort also extended to the contents of certain Yahoo email accounts. For instance, the indictment claims the hackers got access to the Yahoo accounts of senior executives at a major U.S. airline, a financial company, and of “three different officers of U.S. Cloud Computing Company 1.” (The document describes two “cloud computing companies” but it didn’t identify them).
Get Data Sheet, Fortune’s technology newsletter.
The indictment also lists journalists, Russian politicians, diplomats, and White House staff as among those with compromised accounts.
But while this activity shows how some of the Yahoo hacking was tied to espionage, many of the other examples in the indictment point to familiar financially-motivated scams.
“Erectile dysfunction medications”
The alleged hacker, Alexsey Belan, who received $100 payments for getting into Gmail accounts, may have been acting as a spy for the FSB. But he also is said to have behaved like a common cyber criminal.
One his schemes involved meddling with Internet searches conducted on Yahoo’s browser. Specifically, when people searched for erectile dysfunction medications, Belan’s alleged scam showed them a fraudulent link. If they clicked on it, the person would be redirected first to another search site (presumably Google or Microsoft’s Bing), then to an online pharmacy. Belan profited from the scheme by collecting referral commissions from the pharmacy.
Meanwhile, the indictment also says Belan burrowed into millions of Yahoo email accounts to obtain the users’ contacts list. Those contacts were in turn the target of a spam email campaign in which the sender appeared to be a Yahoo user.
More broadly, the Justice Department charges reflect an odd mix of high-level espionage coupled with banal Internet crime. This mix appears to reflect the willingness on the part of the Russian intelligence community to use ordinary cyber fraudsters as their agents, and even to permit those fraudsters to make a buck on the side as they carry out the spy work.
As the New York Times recently reported, the Russian government has repeatedly piggy-backed on the schemes of cyber-criminals as a way to gain access to computers. The Yahoo hacks may turn out to be one more example of that.