Nevada gaming official targeted in Yahoo hack; Russian agents charged

A Nevada gaming official was targeted by the Russian government in a wide-ranging cyberattack that broke into 500 million Yahoo accounts in 2014, according to an indictment unsealed by federal prosecutors on Wednesday.

The document was made public as the Justice Department charged two Russian intelligence officers and two other hackers in a conspiracy to illegally access Yahoo’s network and use some of that stolen information to access a number of Yahoo accounts, including those belonging to the gaming official, business executives, journalists and U.S. and foreign officials.

According to the indictment, Dmitry Aleksandrovich Dokuchaev, a 33-year-old agent with Russia’s Federal Security Service, accessed an account belonging to an unnamed “Nevada gaming official” on March 30, 2016. Other accounts accessed by the hackers include those belonging to employees of a Swiss bitcoin wallet and banking firm, a sales manager at a major U.S. financial company and a Shanghai-based managing director of a U.S. private equity firm. Affected individuals are described generally by their titles and not by name in the indictment.

A.G. Burnett, chairman of the Nevada Gaming Control Board, said in an email Thursday morning that it is the board's belief that it was the personal Yahoo account of one of the more than 400 employees who work for the board that was hacked. He declined to release the employee's name to protect their privacy.

He said that the board was told that the employee's Yahoo account was never used for work, that the employee had to reset their Yahoo password and that nothing further took place. He added that the board's email accounts and servers were not involved in the hack and that all systems are secure.

"Nothing the Gaming Control Board does was touched or affected," Burnett said.

Wednesday marks the first time that Russian FSB officials have been indicted on cybercrime charges in the United States, Jack Bennett, special agent in charge of the FBI’s San Francisco office, told the New York Times, which first noted the Nevada connection. The four defendants face 47 criminal charges among them including computer hacking, economic espionage and other criminal offenses.

In addition to breaking into the Yahoo accounts, the hackers also used data to break into Google and other webmail accounts, send spam and steal credit card and gift card information, according to the indictment. Yahoo said that they believed the accounts were compromised by a “state-sponsored actor” when they first made new of the hack public in September.

Photo courtesy of Thomas Hawk under Creative Commons.

Updated 3-15-17 at 8:23 p.m. to include additional clarifying information from Gaming Control Board Chairman A.G. Burnett.

Updated 3-16-17 at 9:33 a.m. to include further clarifying information from Burnett.