The FBI alleges that 22-year-old Karim Baratov, from Ancaster, Ont., was one of four men connected with a series of cyberattacks carried out on Yahoo that began in early 2014.
But you wouldn't know it from Baratov's online persona.
On Instagram, Baratov presents himself as a high-end car enthusiast. He has frequently posted pictures of Aston Martins, Audis, Mercedes and BMWs, among other cars that he claimed to own; gaining nearly 30,000 followers in the process.
In one post, he describes himself as "well off in high school to be able to afford driving a BMW 7 series and pay off a mortgage on my first house."
In others, he's shown spreading handfuls of $100 bills.
Baratov, who has dual Canadian-Kazakh citizenship, goes by at least two other names according to the FBI. He does not list his profession, nor how he became so well off at such a young age, on social media.
His Instagram profile describes him only as a: "Workaholic. Occasional drawer. Gym rat."
But a cached search reveals another description: "Self made entrepreneur/programmer/web developer/investor."
Clues left on Baratov's various social media profiles and websites registered under his name — coupled with allegations of computer hacking and economic espionage made by the FBI — offer a glimpse into how Baratov may have made his living.
He claimed in postings on the social media site Ask.fm that he made his "first million" when he was 15, working on "online services."
"I prefer online businesses because there is way less risk and less effort in a way," he wrote.
A call to the number tied with Baratov's home address was not answered.
Baratov made a brief appearance in a Hamilton courthouse on Wednesday morning and was returned to custody.
Old websites leave clues
Neighbours on Chambers Avenue where Baratov lives said Wednesday they often puzzled at the young man's lifestyle – to be able to afford to live alone in a large, new house in an expensive subdivision, and to always be seen driving pricey cars.
"His parents either bought him the house, or he's getting money somewhere else, because he doesn't seem to work all day; he just drives up and down the street," said Kerry Carter, a neighbour who lives a few doors down.
Baratov's Facebook page links to a website called Elite Space, written in Russian, which claims to offer a number of services, including servers for rent in Russia, protection from distributed denial of service (DDoS) attacks, and domain names in China.
Though it does not specifically mention hacking, there are clues on other sites that this may also have been among his services.
For example, an email address matching one of Baratov's aliases was used to register an account with a Russian discussion forum, which lists DDoS and hacking as the Canadian user's interests. The profile then links to a website that claims to offer email hacking services for a handful of Russian email services, including Mail.ru, as well as Gmail.
There are also a number of websites registered in Baratov's name, including one called "mail-google.us," and another "mail-yandex.us." Though the websites are no longer online, the URLs appear designed to trick visitors into thinking they are visiting a legitimate Google or Yandex email site — a common phishing tactic.
While it is difficult to definitively link the sites to Baratov, they appear to fit the FBI's description of his alleged illicit work.
According to the agency's indictment, Baratov's job was to use the information gleaned from the Yahoo intrusion to gain access to targets' email accounts with other service providers.
Baratov's last Instagram post was a photo from the 70Down restaurant and lounge in Toronto's Yorkville neighbourhood, the night before his arrest.