Karim Baratov, who is also known as Kay, Karim Taloverov, and Karim Akehmet Tokbergenov was sentenced to five years in prison on Tuesday. Baratov, 23, was ordered to pay a fine, which encompasses all of his remaining assets. The sentence was less than prosecutors had sought for his crimes in an effort to warn against foreign intelligence services and malicious hackers. He pleaded guilty to federal conspiracy and identity theft charges in November in connection to his black market hacking business that he operated from 2010 until his arrest in March 2017. 

Prosecutors had originally wanted Baratov sentenced to seven years and 10 months in prison. In court, Assistant U.S. Attorney Jeffrey Shih said, “It is hard to catch these people,” who added,  “And in terms of the state-sponsored connection, it really is a deterance concern.”

Baratov was born in Kazakhstan, but is a Canadian citizen and resident. 

“Criminal hackers and the countries that sponsor them make a grave mistake when they target American companies and citizens. We will identify them wherever they are and bring them to justice,” said Assistant Attorney General John C. Demers. “I would like to thank Canadian law enforcement authorities for their tremendous assistance in bringing Baratov to justice.  We will continue to work with our foreign partners to find and prosecute those who would violate our laws.”

“The sentence imposed reflects the seriousness of hacking for hire,” said Acting U.S. Attorney Alex G. Tse. “Hackers such as Baratov ply their trade without regard for the criminal objectives of the people who hire and pay them.  These hackers are not minor players; they are a critical tool used by criminals to obtain and exploit personal information illegally.  In sentencing Baratov to five years in prison, the Court sent a clear message to hackers that participating in cyber attacks sponsored by nation states will result in significant consequences.”

“It's difficult to overstate the unprecedented nature of this conspiracy, in which members of a foreign intelligence service directed and empowered criminal hackers to conduct a massive cyber-attack against 500 million victim user accounts,” said Special Agent in Charge John F. Bennett. “Today's sentencing demonstrates the FBI's unwavering commitment to disrupt and prosecute malicious cyber actors despite their attempts to conceal their identities and hide from justice.”

Baratov charged customers about $100 to obtain another person’s webmail password, using phishing attacks that tricked Gmail users into entering their passwords into a fake password reset page. Before he was caught, Baratov hacked more than 11,000 accounts in Russia and the U.S. before he was arrested. 

One of Baratov’s clients was an officer with Russia’s Federal Security Service (FSB), who used a fake identity to commission hacks on 80 targets. Among the targets were Russian government agencies, and officials in the governments of neighboring Eastern European nations. However, only eight of the hacks related to the FSB were successful. Prosecutors and Baratov’s defense team agreed that he did not know that the commissions were coming from the Russian government. U.S. District Judge Vince Chhabria struggled to find an adequate sentence for Baratov, having noted his youth and lack of a criminal history. After the judge postponed sentencing to give both sides more time to make their respective arguments, discussion centered on the seriousness of the crimes when compared to other hacks. Defense attorneys argued that a 45 month sentence was sufficient, having noted that his hacks were ostensibly less serious than the thefts of credit card numbers that have drawn prison terms as high as 25 years. However, the government argued that Baratov was worse, because he hacked email users on behalf of anonymous clients without regard for the consequences.

Baratov and three other defendants, including two officers of the Russian Federal Security Service (FSB), Russia’s domestic law enforcement and intelligence service, were charged with a number of offenses relating to the hacking of webmail accounts at Yahoo and other service providers.  In particular, the defendants were charged in a computer hacking conspiracy in which the two Russian FSB officers hired criminal hackers to collect information through computer intrusions in the United States and abroad, which resulted in the unauthorized access of Yahoo’s network and the spear phishing of webmail accounts at other service providers between January 2014 and December 2016.

Baratov’s role in the charged conspiracy was to hack webmail accounts of individuals of interest to his co-conspirator who was working for the FSB and send those accounts’ passwords to Dokuchaev in exchange for money.

The Indictment is available here, and its allegations are summarized in greater detail in the press release that attended the unsealing of the Indictment on March 15, 2017.

Baratov has been detained since his arrest in Canada in March 2017.  Baratov waived extradition to the United States and was transferred to the Northern District of California in August 2017.  In November 2017, Baratov pleaded guilty to Count One and Counts Forty through Forty-Seven of the Indictment.  Count One charged Baratov, Dmitry Dokuchaev {a.k.a. Patrick Nagel], Igor Sushchin and Alexey Belan [a.k.a. Magg] with conspiring to violate the Computer Fraud and Abuse Act by stealing information from protected computers and causing damage to protected computers. Counts Forty through Forty-Seven charged Baratov and Dokuchaev with aggravated identity theft.

As part of his plea agreement, Baratov not only admitted to agreeing and attempting to hack at least 80 webmail accounts on behalf of one of his FSB co-conspirators, but also to hacking more than 11,000 webmail accounts in total from in or around 2010 until his March 2017 arrest by Canadian authorities.  In addition to any prison sentence, Baratov agreed to pay restitution to his victims, and to pay a fine up to $2,250,000, at $250,000 per count, with any assets he has remaining after satisfying a restitution award.

Russian hackers have been blamed for hacking into the Democratic National Committee’s computer system and for supposedly meddling in U.S. elections. 

Dimitry Dokuchaev is not likely to face trial in San Francisco. He was arrested by FSB in December 2016 and charged with treason, under circumstances that remain mysterious. Igor Sushchin is a notorious hacker who named Alexsey Belan, who was wanted in two states for cybercrimes. The three Russians are accused of conspiring to commit a 2014 data breach at Yahoo that compromised account information on 500 million users. They are alleged to have asked Baratov for assistance when they found an FSB target that used Gmail, or another provider, instead of Yahoo where they had complete access.



Remains of WW2 pilot found on the bottom of Pacific Ocean

U.S. Navy personnel have discovered the remains of an American aviator who was shot down in combat over the Pacific Ocean in 1944. A team aboard USNS ...


Short Link

Spero News writer Martin Barillas is a former US diplomat, who also worked as a democracy advocate and election observer in Latin America. His first novel 'Shaken Earth', is available at Amazon.

Do you like what you just read?

Back our investigations with an immediate financial contribution. Spero News operates on the financial support from you and people like you who believe in media independence and free speech.