Karim Baratov, one of four men accused of hacking Yahoo and making off with credentials of 500 million accounts (most of them probably not used in 15 years) has pleaded not guilty in a San Francisco, California court.
His plea comes after he volunteered to face charges last weekend rather than fight a long and expensive battle against extradition.
Canada based Baratov is not only facing charges of conspiring to commit computer fraud and abuse, conspiring to commit access device fraud, conspiring to commit wire fraud and aggravated identity theft.
He is the only one of the four to be charged as his co-defendents are based in Russia. Unlike Baratov, they also face charges of economic espionage and theft of trade secrets because the authorities in the US contend that the four men were working on behalf of the Russian security services, the FSB.
The indictment claims that at least two FSB officers, Dmitry Dokuchaev, Igor Sushchin "and others known and unknown" directed Alexsey Belan and Karim Baratov "and others known and unknown" to break-in to the email accounts of Russian journalists, accounts of both Russian and US government officials, and the employees of a "prominent Russian cyber security company".
The attacks weren't just aimed at Yahoo, but other webmail operators and internet service providers.
With members of the bureaucracies of the Russian government often going freelance for personal gain, it's unclear whether the attacks might have been official or unofficial. However, the indictment also links the four men with attacks on a Russian investment banking firm, a French transport company, a US airline, US financial services and private equity firms, and a Swiss bitcoin wallet.
Intriguingly, perhaps, the indictment adds that the FSB used the threat of extradition posed by an Interpol ‘red notice' issued against defendant Alexsey Belan in 2012 to persuade him to work for them.
In return, they provided "FSB law enforcement and intelligence information" to help him avoid detection by law enforcement, "including information regarding FSB investigations of computer hacking and FSB techniques for identify criminal hackers".
The indictment claims that the attackers - Baratov and Belan - were able to access Yahoo's systems for around 18 months before they were discovered and the company improved its lackadaisical security. But it wasn't just Yahoo accounts that were compromised, with the indictment suggesting that Baratov accessed up to 50 Google accounts in a spree that continued until December 2016.
While Sushchin and Belan are unlikely to face justice, unless they travel to a country with an extradition treaty with the US, Dokuchaev was charged with treason by the Russian authorities earlier this year in a case involving Kaspersky Lab employee Ruslan Stoyanov.
Stoyanov was a hacker in his youth known by his handle ‘Forb', who was employed by the FSB following an interview in Russian newspaper Vedomosti, in which he boasted of earning up to $1,000 a month in various illegal hacking activities.
Baratov, meanwhile, ought to have the money to fund his defence, providing his accounts have not been frozen.
According to reports, he began driving expensive cars while still in High School in Canada, with Canadian Ministry of Transportation documents indicating that he has fixed his personalised 'Karim' number plate to an Aston Martin, a Porsche, an Audi, a Lamborghini, a Mercedes Benz and three BMWs.
A new RSA report urges coders to sign a 'Hippocratic Oath' before embarking on AI programmes.
IT security vendor believes APT33 is working for the Iranian government
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal