In Moscow Treason Trial, A Major Scandal For Russian Security Agency
By Mike Eckel February 27, 2019
It is the biggest scandal to hit Russia's powerful Federal Security Service (FSB) in years.
At issue is the agency's cybersecurity unit, which had been at the forefront of Russia's efforts to fight cybercrime.
The unit, called the Center for Information Security, had working partnerships with the FBI and other Western agencies, cooperating in cracking down on things like spammers, child pornography, cyberextortion, and other issues. Its deputy director, Colonel Sergei Mikhailov, was widely believed to have been responsible for dismantling a pernicious cybercrime operation in the late 2000s.
Now the center could be an embarrassment for the FSB -- and possibly even a national-security concern.
On February 26, in a trial behind closed doors, a Moscow military court formally sentenced Colonel Mikhailov to 22 years in prison, having convicted him of state treason for passing classified information to Western intelligence agencies. Ruslan Stoyanov, a researcher who used to be a law-enforcement investigator and later worked with the Kaspersky Lab, a Moscow-based cybersecurity and antivirus firm, was sentenced to 14 years.
The verdicts, reported by Russian news agencies, were confirmed by Ivan Pavlov, a defense lawyer who has been involved in a related case.
Stoyanov and Mikhailov "were known for one thing: both were middlemen," said Andrei Soldatov, an investigator and expert on Russia's security agencies. "Mikhailov -- between the Russian secret service and Western cyber law enforcement. Stoyanov -- a middleman between Western/Russian cyber law enforcement and the private sector."
"That made them uniquely positioned to be in a crosspoint of the most sensitive information in all cyberthings," he told RFE/RL in a text message.
The convictions were based in large part on the plea deals that prosecutors struck with Mikhailov's former deputy, Dmitry Dokuchayev, a former hacker who was enlisted to join the FSB. Another Russian, Georgy Fomchenkov, also reached a plea deal.
The newspaper Kommersant said the two men, in their final comments to the court, maintained their innocence.
Until 2016, the FSB cyberunit worked with U.S. law enforcement, meeting regularly with Justice Department officials and exchanging information on cybercrime and other matters.
In early December 2016, Mikhailov was arrested, while attending a staff meeting in Moscow. News reports said he had a sack put over his head as he was escorted from the room.
The other men were also arrested around the same time. News of the arrests didn't emerge until nearly a month later. The head of the cyberunit, a veteran FSB officer named Andrei Gerasimov, was reportedly forced into early retirement.
In a series of leaks to Russian newspapers in the months that followed their arrest, the narrative that emerged said that Mikhailov and Dokuchayev were arrested for passing classified information to Western intelligence agencies.
Last year, more details emerged from Russian media: the prosecution focused on information that had been relayed to Western agencies about Pavel Vrublevsky, a Russian businessman who was notorious for a global spamming operation.
Vrublevsky had been convicted in 2013 in Russia of masterminding a spam attack three years earlier that disabled a payment system used by the Russian airline Aeroflot. He served 1 ½ years in prison.
Mikhailov testified in the trial against Vrublevsky, who founded a successful online payment system called ChronoPay.
Russian prosecutors accused Mikhailov and Stoyanov of passing classified information about Vrublevsky to the FBI. Russian press reports, citing unnamed officials, alleged that Mikhailov was paid $10 million for the information.
Vrublevsky, who has made no secret of his contempt for Mikhailov and Stoyanov, made clear his satisfaction with the February 26 verdict. He gave three hours of testimony in the trial against the two.
"These people are directly responsible for the cyberhysteria, eventually going as far as [the] election-meddling scandal. I am very happy it's over," he told RFE/RL in a message.
"As for accusations against me, I find this already [is a] kind of fairy tale which people first made up and then made themselves [believe in]," he said.
Vrublevsky's spamming exploits were the focus of a 2014 book by the U.S. cyberresearcher Brian Krebs, who said he was leaked massive amounts of files from Vrublevsky's computers and had also met with unnamed FSB officers.
From the beginning of the case, there were hints of competing narratives, and score-settling among Russia's rival security agencies.
The independent TV channel Dozhd said Mikhailov passed information regarding Roman Seleznyov, a Russian arrested by U.S. authorities in the Maldives and wanted for trafficking in stolen credit card numbers. The son of a Russian member of parliament, Seleznyov was sentenced in 2017 to 14 years in a U.S. prison.
In December 2017, the online publication The Bell, citing unnamed Russian sources, reported that the Russian military-intelligence agency known as the GRU had investigated the FSB cyberunit and discovered the cooperation with U.S. intelligence.
Among Russian security agencies, the GRU is considered a primary rival of the FSB.
According to the publication, the FSB agents had revealed to U.S. intelligence that Russian hackers were involved in the 2016 hacking of U.S. political parties, including the Democratic National Committee.
That assertion has not been corroborated, but a Justice Department indictment handed down in March 2017 -- four months after Mikhailov's arrest -- hints at one piece of corroborating evidence.
The indictment focused on the hacking and theft of millions of e-mail accounts from Yahoo in 2014. Mikhailov's deputy, Dokuchayev, was named. Mikhailov is not named, though several details included in the indictment strongly suggest that "FSB Officer 3" is Mikhailov.
According to the Justice Department, Dokuchayev also oversaw the work of a Russian hacker named Aleksei Belan.
Belan, who was already one of the FBI's most-wanted cybercriminals, had been targeted by then U.S. President Barack Obama in December 2016 -- the same month Mikhailov, Dokuchayev, and the others were arrested-- when he announced new punitive sanctions against Russia.
The sanctions were in response to Russia's alleged meddling in the 2016 election campaign. Several GRU and FSB officers were also named in the sanctions announcement. However, when Special Counsel Robert Mueller announced indictments in 2018 of Russian operatives for alleged meddling in the U.S. elections, only GRU officers were named.
Belan is now believed to be living in Russia and is unlikely to be extradited to the United States. Another man, a Kazakh named Karim Baratov, was arrested in Canada, extradited to the United States, and later pleaded guilty.
The involvement of Belan, and Baratov, in doing work on behalf of Russian security agencies drew new attention to a long-running trend in Russia: hackers and cybercriminals being enlisted to undertake covert state-sponsored actions.
The same was true for Dokuchayev, who prior to joining the FSB had gained renown as a hacker operating under the moniker "Forb," dealing in stolen credit card numbers.
In a series of often cryptic missives posted to his Facebook page over a 14-month period, Stoyanov warned of the danger of government agencies enlisting hackers and cyber criminals.
"The essence of the deal is that the state gets access to the technologies and information of 'cyberthieves,' in exchange for allowing them to steal abroad with impunity," Stoyanov said in one post that was published in April 2017 and reprinted by TV Dozhd.
One of the most intriguing questions in the case concerns the role played by an American cyberanalyst who lived at least part-time in Moscow: Kimberly Zenz.
Zenz lived in the Russian capital for nearly a decade, working as an analyst for iDefense, a U.S. research company that was acquired by Verisign, and later purchased by another large American consulting firm, Accenture.
In a blog post published in 2017, Krebs, the U.S. cyberresearcher, noted that one of the e-mails that was leaked to him and dated 2010 showed that Vrublevsky suspected Mikhailov and Stoyanov had been leaking classified information to the FBI, with the help of Zenz. That allegation reflects the case that Russian prosecutors built against Mikhailov and Stoyanov.
Zenz was close friends with Stoyanov and, according to Russian news reports, was believed by prosecutors to be responsible for relaying classified cyberinformation to U.S. intelligence agencies.
In December 2016, the same month that Mikhailov and the others were arrested, Zenz fled Russia. Her Moscow apartment was also raided by Russian agents, according to people familiar with the investigation.
Asked to comment on the Moscow court verdict or other details of the case, Zenz declined to comment.
"I don't have anything to say beyond it's sad," she told RFE/RL in a message.
Copyright (c) 2019. RFE/RL, Inc. Reprinted with the permission of Radio Free Europe/Radio Liberty, 1201 Connecticut Ave., N.W. Washington DC 20036.
|Join the GlobalSecurity.org mailing list|