Two of the four men accused of being behind a 2014 cyber attack on Yahoo that led to the compromise of an estimated 500 million accounts are Russian FSB officers.
It follows charges against today them brought by the US Department of Justice, which has pointed the finger of blame at three Russia nationals and a Canadian-Kazakh national, who has been arrested in Canada and who is facing deportation to the US to face charges.
The men named by the Department of Justice are: Dmitry Aleksandrovich Dokuchaev; Igor Anatolyevich Sushchin; Alexsey Alexseyevich Belan; and, Karim Baratov, the Canadian and Kazakh national, resident in Canada.
Dmitry Dokuchaev and Igor Sushchin are officers of the FSB, the successor organisation to the Soviet Union's KGB security service, according to the Department of Justice.
It accuses the men not only of using the attacks for espionage purposes, but also for various criminal money-making schemes.
"The defendants used unauthorised access to Yahoo's systems to steal information from about at least 500 million Yahoo accounts and then used some of that stolen information to obtain unauthorised access to the contents of accounts at Yahoo, Google and other webmail providers, including accounts of Russian journalists, US and Russian government officials, and private-sector employees of financial, transportation and other companies," according to the indictment.
One of the men, Alexsey Belan, also used his access to the accounts to make some money on the side, with the support of the FSB officers.
He did this "by searching Yahoo user communications for credit card and gift card account numbers, redirecting a subset of Yahoo search engine web traffic so he could make commissions, and enabling the theft of the contacts of at least 30 million Yahoo accounts to facilitate a spam campaign".
The Department of Justice accused Dokuchaev and Sushchin of protecting, directing, and facilitating "paid criminal hackers to collect information through computer intrusions in the US and elsewhere".
Latvian-born Belan was known to US authorities, who claim that he has been behind a wave of cyber attacks, fraud and identify theft. He had been publicly indicted in September 2012 and arrested in Europe in June 2013.
However, he was able to escape to Russia before he could be extradited. On his return, claims the Department of Justice, he was put to work using his skills to crack Yahoo's network.
"In or around November and December 2014, Belan stole a copy of at least a portion of Yahoo's user database, a Yahoo trade secret that contained, among other data, subscriber information including users' names, recovery email accounts, phone numbers and certain information required to manually create, or 'mint', account authentication web browser cookies for more than 500 million Yahoo accounts," the Department of Justice claims.
It continues: "Belan also obtained unauthorised access on behalf of the FSB conspirators to Yahoo's Account Management Tool, which was a proprietary means by which Yahoo made and logged changes to user accounts.
"Belan, Dokuchaev and Sushchin then used the stolen UDB copy and AMT access to locate Yahoo email accounts of interest and to mint cookies for those accounts, enabling the co-conspirators to access at least 6,500 such accounts without authorisation."
In addition to the accounts of Russian journalists, officials and government officials in the US and elsewhere, the attackers also cracked accounts belonging to employees of a Russian investment bank, a French transport company, US financial services and private equity firms, a Swiss bitcoin wallet and a US airline.
The FSB officers also helped out Belan's money-making schemes on the side "by providing him with sensitive FSB law enforcement and intelligence information that would have helped him avoid detection by US and other law enforcement agencies outside Russia, including information regarding FSB investigations of computer hacking and FSB techniques for identifying criminal hackers".
The Kazakh-Canadian national Karim Baratov, meanwhile, was commissioned to gain access to the accounts of targets who used the email services of companies other than Yahoo, using information gleaned from the successful attacks on the company.
The Department of Justice claims that he gained access to more than 80 accounts. A warrant was put out for his arrest in Canada on 7 March.
The 2014 attacks was just one of a number of major security breaches at Yahoo in recent years.
An August 2013 breach also saw account credentials leaked.
While investigating that breach in 2013 Andrew Komarov, the chief intelligence officer of cybersecurity firm InfoArmor, claimed that the spillage included 150,000 names of people working for the US government and military, as well as accounts associated with EU, Canadian, British, and Australian governments among those compromised.
Yahoo had tried to hush-up the 2014 attack, but when the full details became public in 2016, it disrupted the sale of Yahoo's assets to Verizon and, as a result, it was able to extract a $350m discount on the price it had initially agreed to pay at auction in July 2016.
This also meant a drastic cut in the pay-off due to Yahoo CEO Marissa Mayer after the deal had been concluded. She was expected to be given a ‘golden parachute' worth $55m but, instead, has had to make do with a pay-off of ‘only' $23m.
Flagship device also supports firm's modular MotoMod add-ons
Comes just week after firm announced plans to bin the service
Details of a trio of Intel Coffee Lake CPUs leaked
Ding-dong Adobe Flash is dead