A Canadian man accused in a massive hack of Yahoo emails posed an “extremely high flight risk” in part due to his alleged ties to Russian intelligence agents, law enforcement officials allege in documents filed with an Ontario court.
In an application for Karim Baratov’s arrest, U.S. authorities describe the 22-year-old Hamilton resident as an alleged “hacker-for-hire” paid by members of the Russian Federal Security Service, known as the FSB.
They argue in the documents that Baratov allegedly has the money to leave Canada and the ability to destroy evidence related to his alleged activities while on the run.
“Given the serious nature of his conduct, the public impact of his hacking-for-hire conduct, his substantial earnings as a result of the unlawful hacking, and his ties to foreign intelligence officers with nation state resources at their disposal, he should be arrested on an urgent basis and detained,” the documents say.
“Even assuming that Baratov does not receive assistance from his known and unknown Russian government conspirators, he possesses the skills and financial resources to flee justice,” the documents say, noting that Baratov does not appear to have any “legitimate employment.”
Baratov, who is of Kazakh origins, was arrested under the extradition act in the community of Ancaster last Tuesday. U.S. authorities said on Wednesday that he and three others — two of them allegedly officers of the FSB — were indicted for computer hacking, economic espionage and other crimes.
Baratov’s lawyer, Amedeo Dicarlo, has said the allegations against his client are unfounded.
Baratov appeared briefly in a Hamilton court by video link on Friday. A bail hearing has been scheduled for April 5.
Dicarlo said he will seek to have Baratov released and plans to fight an extradition order. He declined to discuss Baratov’s personal or professional life, describing him only as a successful entrepreneur.
In documents filed with the Hamilton court, U.S. authorities warned that if Baratov found out about the warrant for his arrest before it could be carried out, he may attempt to flee.
They pointed to the case of one of Baratov’s alleged co-conspirators, Alexsey Belan, who was previously arrested for another matter in Greece in 2013 and was to be extradited to the United States.
Belan was released on bail while waiting for his extradition hearing and “promptly” fled to Russia, where he “benefited from the protection afforded by Russian government officials,” according to the documents.
“Belan has been able to continue his crimes — namely, providing hacking services to the Russian government and victimizing hundreds of millions of innocent third-parties for, in some instances, private financial gain,” the documents said.
Belan had previously been indicted in 2012 and 2013 and was named one of FBI’s most wanted cyber-criminals in November 2013.
Indicted along with Baratov in the alleged conspiracy that authorities said began in January 2014 were Dmitry Aleksandrovich Dokuchaev, 33, and Igor Anatolyevich Sushchin, 43, who U.S. authorities describe as Russian intelligence agents who allegedly masterminded and directed the hacking.
Dokuchaev and Sushchin allegedly tasked Baratov with hacking more than 80 accounts in exchange for commissions, U.S. authorities have said.
The application for Baratov’s arrest shines further light on how authorities believe the alleged hacking scheme operated.
Google records indicate Baratov used “spear phishing” messages designed to look like emails from trustworthy senders so recipients were “lured into opening attached files or clicking on hyperlinks in the messages and into providing valid login credentials for their accounts,” the application alleges.
Baratov would then allegedly email Dokuchaev screenshots of the successfully hacked email accounts and demand payment before handing over the login information, it says.
U.S. authorities alleged the payments were made to various online accounts including a PayPal account that was registered to Baratov from an IP address traced to his home and linked to a bank account under his name. The documents said nearly $212,000 was paid to that account between early 2013 and late 2016, though not all would have come from the alleged conspiracy.
An affidavit from a Toronto police officer included in the application and filed with the court alleged Baratov had hacked thousands of other accounts outside of the Yahoo-related allegations and noted that “current websites advertise Baratov’s hacking services.”
Baratov appeared to live a lavish lifestyle, which he documented on public social media accounts such as Instagram, posting photos of luxury cars and money.