Karim Baratov poses in front of his house in Ancaster, Ont., in this undated photo. Online, Baratov presents himself as a high-end car enthusiast who made his 'first million' at age 15. (Facebook)

22-year-old Hamilton resident's social media profiles paint different picture than FBI's

The FBI alleges that 22-year-old Karim Baratov, from Ancaster, Ont., was one of four men connected with a series of cyberattacks carried out on Yahoo that began in early 2014.But you wouldn't know it from Baratov's online persona.

On Instagram, Baratov presents himself as a high-end car enthusiast. He has frequently posted pictures of Aston Martins, Audis, Mercedes and BMWs, among other cars that he claimed to own; gaining nearly 30,000 followers in the process.

In one post, he describes himself as "well off in high school to be able to afford driving a BMW 7 series and pay off a mortgage on my first house.

"In others, he's shown spreading handfuls of $100 bills.


Baratov, who has dual Canadian-Kazakh citizenship, goes by at least two other names according to the FBI. He does not list his profession, nor how he became so well off at such a young age, on social media.

Karim Baratov InstagramThe 22-year-old was arrested Tuesday morning in Ancaster by Toronto police and turned over to the RCMP. (Instagram)

His Instagram profile describes him only as a: "Workaholic. Occasional drawer. Gym rat.

"But a cached search reveals another description: "Self made entrepreneur/programmer/web developer/investor.

"Clues left on Baratov's various social media profiles and websites registered under his name — coupled with allegations of computer hacking and economic espionage made by the FBI — offer a glimpse into how Baratov may have made his living.

He claimed in postings on the social media site Ask.fm that he made his "first million" when he was 15, working on "online services."


 "I prefer online businesses because there is way less risk and less effort in a way," he wrote.

A call to the number tied with Baratov's home address was not answered.

Baratov made a brief appearance in a Hamilton courthouse on Wednesday morning and was returned to custody.

Old websites leave clues

Neighbours on Chambers Avenue where Baratov lives said Wednesday they often puzzled at the young man's lifestyle – to be able to afford to live alone in a large, new house in an expensive subdivision, and to always be seen driving pricey cars.

"His parents either bought him the house, or he's getting money somewhere else, because he doesn't seem to work all day; he just drives up and down the street," said Kerry Carter, a neighbour who lives a few doors down.

Karim Baratov House 56 Chambers Ancaster Yahoo hacking hackerKarim Baratov's house in Ancaster. A call to the number tied to Baratov's house address was not answered. (Kelly Bennett/CBC News)


Baratov's Facebook page links to a website called Elite Space, written in Russian, which claims to offer a number of services, including servers for rent in Russia, protection from distributed denial of service (DDoS) attacks, and domain names in China.

Though it does not specifically mention hacking, there are clues on other sites that this may also have been among his services.

For example, an email address matching one of Baratov's aliases was used to register an account with a Russian discussion forum, which lists DDoS and hacking as the Canadian user's interests. The profile then links to a website that claims to offer email hacking services for a handful of Russian email services, including Mail.ru, as well as Gmail.

There are also a number of websites registered in Baratov's name, including one called "mail-google.us," and another "mail-yandex.us." Though the websites are no longer online, the URLs appear designed to trick visitors into thinking they are visiting a legitimate Google or Yandex email site — a common phishing tactic. 

Karim BaratovKarim Baratov is shown in a photo from his Instagram account. In online postings, he claims he made his 'first million' when he was 15, working in online services. (Instagram/Canadian Press)

While it is difficult to definitively link the sites to Baratov, they appear to fit the FBI's description of his alleged illicit work.

According to the agency's indictment, Baratov's job was to use the information gleaned from the Yahoo intrusion to gain access to targets' email accounts with other service providers.


​Baratov's last Instagram post was a photo from the 70Down restaurant and lounge in Toronto's Yorkville neighbourhood, the night before his arrest.

Source : cbc.ca

Categorized in Internet Privacy

Earlier this year, a security consultant from Telus Security Solutions, Milind Bhargava revealed that over 70,000 Canadian credit card numbers were listed for sale on a dark web market.

Bhargava released the findings as part of a presentation that was aimed at providing insight on just how much personal information from Canada was available on dark web markets.

He announced this at a SecTor conference held in Toronto.

Credit Cards Were All From One Province

Bhargava’s division, which is usually tasked with monitoring dark web sites that deal in the sale of credit cards for their corporate clients, said that like any other credit and debit cards, Canadian credit cards were easy to identify using the first six digits on the card.


These identify the type of card and also the bank it is affiliated with. As it stands, no organization has claimed credit card theft.

In his presentation, Bhargava said that more than 70,000 Canadian credit cards were suddenly put up for sale on the dark web following the data breach.

Despite the cards being from multiple banks, the security consultant noted that they all came from the same province.

Bhargava noted that it was rare to find such a large amount of stolen credit card information coming from such a localized area. He refused to disclose the identity of the province in question.

Data Breach was Some Form of Contest

70,000 credit cards for sale on the dark web shaken the belief that Canada is immune to cyber and malware attacks rarely make it to the public eye.


The stolen Canadian credit cards were on sale for as little as forty cents to as much as $3. The expiry dates on the cards ranged from this year to 2020.

According to Bhargava, there is no clear indication as to how or when exactly the data breach occurred.

The only assumption that could be derived from the situation was that the data collection may have happened for at least over a year.

He also speculated that due to the fact that the cards were sourced from all over Canada, it was possible that the credit card data collection was hosted by some sort of an organization as a contest.

Cyintelligence Inc. Emphasizes on Diligence in Protecting Organizational Data

The CEO of Cytelligence Inc., Daniel Tobok, was not impressed by the figures, saying that the discovery of 70,000 Canadian cards on the dark web market was not that astonishing.

The former managing director of the forensics and security consulting division at Telus, who is now the current head of the Toronto-based digital security consulting firm Cytelligence Inc., divulged in an interview that an upwards of 400,000 different credit and debit cards from Canadian banks are currently on the dark web.

He confirmed the speculation that Canadian cybercrime is largely underestimated, saying that Canada is just as targeted by cyber criminals and malware attacks as any other country.

What’s more, these dark web criminals seek more than just credit card information.


Human resource department databases are often raided for personal data such as social security numbers and T4 income tax information, among other sensitive information.

As Tobok divulged in the interview, his firm had recently been investigating year-long data breaches that resulted in the thefts of approximately 18,000 records containing credit card information and T4 income tax information from a Canadian organization, which he refused to name.

The organization’s security was breached using a carefully executed phishing scam which included email spoofing to install malware in order to breach the organization’s security.

The organization in question was negligent, in Tobok’s opinion, as they had last carried out a thorough security audit two and a half years ago.

Stolen Information Unverifiable

In Bhargava’s presentation alongside Telus consultant Peter Desfigies, he highlighted the fact that despite the alarming amount of Canadian data available for sale on the dark web, there was no way to verify the legitimacy of the stolen data on offer.

However, the availability of Canadian Interac accounts from almost all the major banks in Canada, which came with all the necessary information such as usernames, passwords, and PIN codes, and even security questions spoke volumes about the legitimacy of the stolen information.

Bhargava is, however, sure that little can deter criminals from piecing together bits of data even without the assurance of verification.

He himself had previously been a target of a crime under the pretense of a Canadian government official who tried to extort him in connection with an immigration violation.

The anonymous caller had every bit of Bhargava’s information down pat.

 Source:  darkwebnews.com

Categorized in Deep Web

Upon discovering that it had been hacked by China, the Canadian government’s scientific-research body did digital damage control on an enormous scale. Firing up its vintage fax machines, it jettisoned scores of computer servers, bought its staff hundreds of new laptops and drew up a list of about 20,000 corporate partners in Canada whose secrets risked being collateral damage.

Records newly released to The Globe and Mail reveal these and other details about the extensive fallout from this nightmare at the National Research Council. The hack of the NRC was highlighted in July 2014, when the then-Conservative government blamed China, making it the only cyber-espionage campaign that Canada has ever pinned on a specific state adversary.

While hacks of government departments occur relatively routinely, the NRC could be considered a more valuable target than most. For decades, it has been routing tax dollars to fund cutting-edge research in agriculture, engineering and computer science. Placing bets on Canadian companies helps the NRC work to ensure future prosperity, and its staff gets a glimpse of emerging technologies and proprietary business plans. 

That’s why the Canadian government was alarmed when federal officials announced two years ago that they had “detected and confirmed a cyber intrusion” within the NRC by “a highly sophisticated Chinese state-sponsored actor.”

But while prime minister Stephen Harper's government took the unprecedented step of allowing officials to make the controversy public, it remains unknown how or when Chinese hackers first infiltrated the NRC’s computer systems, or what drew them to it in the first place.

The records released to The Globe under the Access to Information Act show only the aftermath. Job No. 1 at the agency was to warn the “clients” – corporations, academics, entrepreneurs – via phone calls and mailed letters that they were at risk. “The NRC has been the target of a cyber intrusion. As a result the information held in our systems from your organization may have been compromised,” one form letter reads.


One version of this letter in the NRC files was accompanied by a spreadsheet of more than 20,000 Canadian firms, most of them apparently engaged in government-sponsored research.

“As a precautionary measure, NRC informed all clients and research partners involved in business relationships and research activities of the cyber intrusion,” spokesman Guillaume Bérubé said in reply to questions about this list.

Several of the companies that were contacted by The Globe said they felt that the fallout was minimal because they were careful, even before the hack, about sharing trade secrets with the agency. Their biggest gripe with the NRC was that correspondence and payments became frustratingly slow in 2014. “It wasn’t back to the buggy, but it was pretty close,” said one entrepreneur, who asked not to be named.

This was because staff at the scientific agency had been told not to use computers to communicate. E-mail “must not be used to transmit secure, sensitive or confidential information,” one memo read. “The preferred way of transferring confidential information … is paper (fax, mail, courier),” another said.

Clients were to be told that “if you must share sensitive information with the NRC, the best practice is to do it via physical media” – meaning on paper or via USB sticks.

As the hack was announced publicly, one enterprising NRC employee wrote that he found a stash of safe digital devices. “I’ve dug up a box of brand new McAfee USB keys that we bought a few years ago,” he told colleagues in an e-mail. Calling them “state of the art” for their encryption capability, he said they could serve as a “stopgap, at least until NRC gets in more for everyone.”

Even the act of plugging a smartphone into an NRC computer was deemed risky. “Instead of using your computer to charge your phone, charge it through a wall outlet,” one memo says.

The agency started to pull the plug on almost all of its existing computer architecture as it created the data equivalent of an airlock. The hope was to move electronic files from the NRC’s legacy “black” environment to a blank slate of new machines dubbed the “green” environment.

The in-between step was the “grey zone,” a locked-down “scrubbing” station with no external network connectivity and which banned unfamiliar digital devices and outsiders. “The process of scrubbing data to be taken out of the Grey Zone can take a long time. We have seen up to 40 minutes to scrub 1 GB [gigabyte] of data,” one employee complained.

The NRC’s initial hope was to have fully rebuilt systems within a year. Most are in now place, but the Canadian Press recently reported that some parts will not be ready until July 2018.

Early this summer, the NRC announced that it had embarked on a partnership with its scientific counterparts in a foreign country.


That country is China. This new joint venture with Guangdong province aims to better fund collaborative Canadian and Chinese research projects.

The NRC was asked by The Globe why it would want to do business with a country that allegedly stole from it just two years ago.

Mr. Bérubé said simply that “global collaboration is a competitive necessity to generate new business opportunities.” The NRC spokesman added in his e-mailed reply that “the government of Canada is committed to deepening our trade relationships with established and emerging markets, including China.”

Over the years, the NRC has engaged in several foreign partnerships, and has done business with China before.

But Peter Phillips, a University of Saskatchewan professor who specializes in agriculture and innovation, suggests that several motivations could be at play in the new partnership.

“There’s an old adage that if you can’t beat them, join them,” he quipped.

He added that 2014 will be remembered as a painful year at the NRC. “Everything was down to hard copy, paper, and fax machines at best,” he said. “And this is our largest research organization in the country.”

Source : http://www.theglobeandmail.com/news/national/records-show-extensive-fallout-from-chinese-hack-of-national-research-council/article31695327/

Categorized in Internet Technology

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media

Finance your Training & Certification with us - Find out how?      Learn more