By indicting the FSB officers along with Belan, the U.S. Justice Department has revealed many of the advantages American spies have over their Russian counterparts, thanks to the fact that so many of the world’s tech companies are located in the United States.
The alleged Russian effort to spy on targets by hacking Yahoo worked much the same way the NSA’s spying does. By the indictment’s account, in 2014, Belan started by stealing a massive amount of metadata, ultimately downloading a database including account users’ names, secondary email addresses, phone numbers, and password challenge questions and answers from 500 million Yahoo customers. As the NSA did with the bulk internet and phone metadata databases it collected until 2011 and 2015, respectively—and still collects overseas—the Russians are alleged to have used that metadata to pick which Yahoo accounts they wanted content from, as well as to identify accounts from other email providers that might be of interest. From there, the Russian hackers would collect the email content of targeted accounts on an ongoing basis, according to the indictment.
That’s where this alleged Russian hack and NSA spying methods diverge. Because Yahoo and most major global internet companies like Google and Microsoft are located in the United States, it’s much easier for the NSA to spy on selected targets than it is for the Russians. Under the authority of Section 702 of the FISA Amendments Act, often referred to as PRISM, the U.S. government can simply hand Yahoo a directive listing the account identifiers it wants to collect, and Yahoo provides the content and other account information in response. In other words, for a great deal of its collection, the NSA can just ask nicely using a lawful order rather than breaking in. To obtain emails, Russia and all other countries (aside from America’s closest allies), by contrast, must break into the server, as they allegedly did with Yahoo, or conduct individualized phishing attacks like the type Russian hackers used to target John Podesta last year.
Perhaps as a result, the U.S. government gets its hands on the content of more Yahoo customers than Russia did here. According to the new indictment, Belan and the FSB officers collected metadata on 500 million Yahoo users, then created counterfeit digital cookies instead of account passwords to get the content from over 6,500 users from early January 2014 until December 1, 2016. By comparison: In 2015 alone, Yahoo provided content in response to U.S. law enforcement requests for foreign-intelligence gathering purposes on roughly 4,000 accounts, and provided content on over 40,000 accounts in response to these requests. We don’t know how many Americans that affects: The intelligence community has refused, through six years of requests from Senator Ron Wyden, to reveal how many Americans are swept up in that foreign intelligence dragnet simply because they happen to email a targeted person.