The operative, Karim Baratov, appeared in a San Francisco federal court on Tuesday afternoon. He also admitted that his role was to "hack webmail accounts of individuals of interest to the FSB," the Russian internal security service. Baratov then sent those passwords to his alleged co-conspirator, Dmitry Aleksandrovich Dokuchaev.
Karatov was indicted in late February 2017 along with three other men who remain in Russia.
"The illegal hacking of private communications is a global problem that transcends political boundaries," said United States Attorney Brian Stretch in a statement. "Cybercrime is not only a grave threat to personal privacy and security, but causes great financial harm to individuals who are hacked and costs the world economy hundreds of billions of dollars every year."
As Ars reported in March 2017, the targeted attack allowed the four (and possibly other unnamed parties) to gain direct access to Yahoo's internal networks. Once in, Alexsey Belan—a co-defendant hacker already wanted in the United States for a series of intrusions into the networks of e-commerce providers—is alleged to have conducted reconnaissance of Yahoo's networks. In the process, he discovered two key assets, according to the FBI: Yahoo's User Database (UDB) and an administrative tool called the Account Management Tool.
While the UDB's contents did not necessarily give everything required to access individual user accounts, it did give Belan and the two FSB agents information that could be used to locate and target specific accounts of interest. And the Account Management Tool could be used to make alterations to targeted accounts, including password changes.
Baratov, who waived extradition from Canada, is currently being detained in Northern California without bail. He was arrested in March in Ontario.
Baratov's sentencing hearing is scheduled for February 20, 2018 at 3:00 pm in federal court in San Francisco.