SAN FRANCISCO—The normally clandestine shadow war between U.S. and Russian intelligence agencies spilled into a California courtroom Wednesday in the form of Karim Baratov, an unassuming 22-year-old man making his first U.S. court appearance on charges that he worked as a freelance hacker for Moscow’s cyber spy masters.
Baratov, a Canadian citizen born in Kazakhstan, was arrested in Canada last March, and he arrived in the Bay Area late Tuesday in the custody of U.S. Marshals after waiving an extradition battle. In a 47-count indictment unsealed earlier this year, he and three Russian nationals are accused of conspiracy, computer intrusion, and economic espionage for a massive 2014 data breach at Yahoo that compromised account information on 500 million users.
The American government describes the hack as an intelligence-gathering operation run by Russia’s Federal Security Service, or FSB.
One current and one former FSB officer are also charged in the case, as is an alleged Russian hacker who was already wanted in two states for conventional cybercrime. But Baratov, who had the misfortune to live in Canada instead of Russia, is likely the only defendant that will ever confront American justice – a solitary stand-in for Moscow’s state-run cyber espionage rings, in a time of growing political and diplomatic tension over the Kremlin’s successful operation to help Donald Trump win the White House.
Tall and fit with neatly combed hair, Baratov appeared in court unshackled and wearing black jeans and a short-sleeved black tee shirt. He watched the proceedings impassively through round glasses, stating his name and age for the judge, then standing silently next to his attorneys as Justice Department prosecutor Christopher Ott read the long list of charges, along with maximum penalties potentially amount to decades in prison.
The heart of the case is the Yahoo breach, allegedly ordered by the FSB officers and carried out by an already-notorious Russian hacker named Alexsey Belan. Belan gained complete mastery over Yahoo’s network beginning in 2014, according to the indictment, and until mid-2016 used it to access Yahoo email accounts of journalists and politicians critical of the Russian government, officials in countries bordering Russia, and US government personnel like White House staffers, State Department diplomats and members of the armed forces. As a side business, Belan allegedly spun off a profitable spam operation from his Yahoo access, and manipulated Yahoo search results to market erectile dysfunction drugs.
Belan is living safe in Russia, as is Igor Sushchin, the undercover FSB officer that allegedly oversaw the hacking. The fourth defendant, Dmitry Dokuchaev, has more pressing legal issues at home: a former officer at the FSB’s computer crime branch, Dokuchaev was arrested by his own agency last December and charged with treason, under circumstances that remain shrouded in mystery.
Baratov played the smallest role in the hacking operation, as described by the indictment. He’s not accused of participating directly in the Yahoo hack. Instead, prosecutors say, his job was to fill the gap when his FSB handlers encountered a target that used Gmail, or another provider, instead of Yahoo. Baratov allegedly used spear phishing attacks to trick 80 FSB targets into giving up their webmail passwords, which he passed on to Russia. The charges don’t indicate how much money one earns by hacking for the Kremlin, but the government is seeking forfeiture of Baratov’s PayPal account, and his Aston Martin DBS and Mercedes C54.
On Wednesday, defense lawyers Andrew Mancilla and Robert Fantone entered Baratov’s not-guilty plea into the record, and a bail hearing was set for Tuesday of next week. Then Ott, the prosecutor, was escorted back to the holding cells behind the courtroom.
Though brief, the appearance underscored the importance of the case to the Justice Department, which dispatched Ott from the National Security Division in Washington to handle the pro-forma proceeding. Only once before has the U.S. filed hacking charges against a foreign government’s intelligence officials. That was in 2014, when the Justice Department indicted five officers in the Chinese army on charges of economic espionage against American companies. None were arrested, but the indictment gave the U.S. leverage in negotiations with China, and that nation eventually agreed to start limiting its cyber espionage to non-economic targets.
If there’s a similar diplomatic play in Baratov’s prosecution, it’s well hidden, and the Trump Administration has already disbanded the State Department office that negotiated the China cyber compact. But if Baratov were to cooperate with the US, it’s conceivable he could provide intelligence officials with some insight into Russia’s state-sponsored hacking, or the Kremlin’s recruitment of outside talent. Asked by the Daily Beast after the hearing if the U.S. was offering Baratov a cooperation deal, Ott declined to comment. “I’m not going to talk about that.”