Alexsey Belan’s career as a successful cyberthief was nearly derailed in 2013 when he was arrested in Greece at the request of American authorities. But he evaded extradition and slipped back into Russia.
Back at home, Mr. Belan stayed busy stealing credit cards and populating the internet with ads for erectile dysfunction treatments, but he was no longer working only for himself. He was put to work by Russia’s main intelligence directorate, the Federal Security Service, or F.S.B., on a very ambitious project: to breach Yahoo and steal account information from hundreds of millions of users.
The relationship between Mr. Belan and two Russian agents — Dmitry Aleksandrovich Dokuchaev and Igor Anatolyevich Sushchin — was described in an indictment unsealed on Wednesday in federal court in San Francisco. If true, the allegations offer an extraordinary case study of Russian cyberespionage, and particularly the symbiotic relationship between identity thieves and spammers and Russia’s elite intelligence services.
The podcast that makes sense of the most delirious stretch of the 2016 campaign.
Cybersecurity experts and the F.B.I. have long suspected that Russian spies employed and protected criminal hackers to a striking degree, but evidence has been scarce. The indictment made public on Wednesday describes this collusion in detail for the first time.
The Justice Department alleges that the F.S.B. agents provided Mr. Belan with the tools of Russian spycraft to minimize detection by American law enforcement. At their direction, he helped surveil foreign officials and even Russian citizens, including a newspaper reporter and an officer with the Internal Affairs Ministry.
Ultimately, the team stole the subscriber information of more than 500 million accounts in 2014, and used proprietary Yahoo software to gain access to about 6,500 of them.
Exactly what information the Russian spies obtained is not clear from the court papers. But prosecutors noted that some of the accounts that were penetrated belonged to American government officials, “including cybersecurity, diplomatic, military and White House personnel,” according to the indictment. The court papers also outlined a secondary scheme, in which the F.S.B. officers paid a Canadian hacker to breach individual Gmail accounts.
The indictment reveals varying tactics used by Russian intelligence at a time when officials are still investigating what the American intelligence community has characterized as Russian attempts to meddle in the 2016 election. There were low-tech strategies like the basic spear-phishing attacks that have become a fact of life for anyone online. And more exotic schemes, such as tricking Yahoo into believing that a computer in Russia was in fact a certain user’s home computer, allowing Russian intelligence officials instant access to an email account without a password.
The list of targets is a glimpse into both the global reach of Russia’s spying apparatus and the internecine power struggles of Russia’s competing security agencies. Russian government officials were among the victims — including an officer with the Russian Internal Affairs Ministry’s cybercrime unit — suggesting that the F.S.B. was using its own intelligence resources to gain an advantage over a rival agency.
“All Russian intel agencies are competitive and carnivorous,” Mark Galeotti, a Russia expert at the Institute of International Relations in Prague, said.
Mr. Belan, who is 29 and has red-tinted hair, came into the F.B.I.’s cross hairs about five years ago, and was previously indicted on charges related to hacking into e-commerce companies. In December, in response to the American intelligence community’s conclusion that Russia had tried to meddle in the presidential election, the Obama administration announced sanctions against Mr. Belan and Evgeniy M. Bogachev, who is also suspected of being a cyberthief and appears also to have ties to Russian intelligence.
Arkady Bukh, the Manhattan lawyer who represented Mr. Belan after his arrest in Greece, said he had not heard from Mr. Belan since he skipped bail and returned to Russia in 2013.
“For the last couple of years he cannot be reached,” Mr. Bukh said. “He disappeared.”
But even while working under Russian intelligence, Mr. Belan kept up his old rackets. Once he breached Yahoo, he began searching for things to steal, such as gift cards or credit card numbers found in email accounts. According to the indictment, he ran a large spam campaign, and also tweaked some of the servers associated with Yahoo’s search engine so that men searching for erectile dysfunction medication would be redirected to an online pharmacy that paid him a commission for driving traffic to the site.
The indictment does not say how Mr. Belan was recruited, or whether the idea for the Yahoo breach originated with him or the F.S.B. Nor does the indictment say how the F.B.I. identified Mr. Belan and the F.S.B. agents.
Officials provided little information about Mr. Sushchin, 43, an F.S.B. supervisor who the indictment says was embedded as a cybersecurity expert in a Russian financial firm. But there is plenty of intrigue swirling about Mr. Dokuchaev, 33, whom the indictment describes as Mr. Belan’s direct F.S.B. contact.
In Russia, Mr. Dokuchaev was arrested on suspicion of treason in early December and accused of passing secret information to the United States. The authorities have offered no public details of the charges, in what is the highest-profile counterintelligence detentions in the post-Soviet period.
After the arrests, RBC, a respected Moscow newspaper, described Mr. Dokuchaev as a former hacker using the online pseudonym “Forb” — who agreed work for the F.S.B. to avoid prosecution for credit card fraud.
In an interview with Vedomosti newspaper in 2004, a hacker identified as Forb bragged about hacking a “U.S. government website,” calling it his “crowning achievement.”