Soon after two top Russian cyber crime officers vanished late last year, the rumours began to spread.
One newspaper reported that Sergei Mikhailov, head of cyber security at the FSB, the KGB’s successor agency, was abruptly escorted from a meeting with a dark bag over his head. A far-right website suggested that Mr Mikhailov had been plotting to overthrow Russian president Vladimir Putin.
In the past few days, a flurry of news reports has suggested Mr Mikhailov and Dmitry Dokuchaev, his deputy, have been arrested and face charges of treason for passing information to the CIA. If found guilty, they could face jail sentences of up to 20 years. Two other men from outside the agency, including a senior official at Kaspersky Lab, the cyber company, have been arrested.
Trials for treason are held in secret and the FSB rarely comments on them. This makes details of the case difficult to confirm. But detailed clandestine security briefings to the press have shed light on Russia’s murky hacking underworld, including the shadowy Shaltai-Boltai outfit, named after the Humpty Dumpty character in the Russian translation of Alice in Wonderland.
“The issue here is that people from a very responsible agency — the FSB — were playing games with information, ” said Gleb Pavlovsky, a former Kremlin spin-doctor. “From what’s been published, it seems believable.”
The charges follow US accusations that Russian intelligence hacked Democratic party servers last year. While there is no direct link between those accusations and the latest arrests, Russian media say the FSB investigation into the two men began after ThreatConnect, a US cyber security company, alleged that hackers used King Servers, an internet hosting company, to attack US state election rolls. The business partner of the owner of King Servers has long accused Mr Mikhailov of working for the FBI.
This is believed to have prompted the investigation into Mr Mikhailov and Mr Dokuchaev, a former hacker known as “Forb” who joined the secret services to avoid prison, according to the Interfax news agency. The men were arrested as part of a wider-reaching investigation into a group that, according to the Interfax report, conducted cyber attacks, stole private information from people close to the Kremlin, and worked as sources for US intelligence.
Details of the case have emerged during the past week in a range of independent and pro-regime Russian publications.
Russian media often publishes news it says is sourced to anonymous members of the secret services. The stories often appear to push the Kremlin’s line, reflect internal dissent among officials, be a deliberate attempt to mislead the public or a combination of all three. The speed and detail in which elements of the case have been made public is, however, highly unusual. Life, a tabloid whose owner boasts about bribing security officers for stories, reported on Tuesday that police found $12m in cash stashed away in Mr Mikhailov’s home and dacha.
Ruslan Stoyanov, head of the cyber crime investigations department at Kaspersky Lab, and Vladimir Anikeev, a journalist said to have lived in Ukraine, have also been arrested. Kaspersky Lab confirmed Mr Stoyanov’s arrest. He is believed to be facing treason charges. A Moscow court has said that Mr Anikeev is being held in pre-trial detention until March 8. Mr Anikeev, who denies all wrongdoing, faces charges of hacking unnamed victims’ private information in proceedings that are apparently separate from those against the two FSB officers and Mr Stoyanov.
Rosbalt, an obscure news site that occasionally publishes leaks from the security services, has reported that Mr Anikeev was a key figure in Shaltai-Boltai, the group that in 2014 leaked the hacked email accounts of Kremlin officials.
Russian news agencies have suggested that Mr Mikhailov was also involved in Shaltai-Boltai and worked with Mr Anikeev. A member of Shaltai-Boltai in 2014 said the group was made up of several disgruntled officials and people outside government who wanted to “change reality” with leaks from what he described as a large cache of hacked materials.
The real scope of interaction between Shaltai-Boltai and the allegedly treacherous FSB officers is unclear. In the world of Russian spycraft, there are still some who reserve judgment. “It looks like a cover-up,” says Andrei Soldatov, author of a history of Russia’s attempts to control the internet. “The Shaltai story could have nothing to do with [the FSB officers] — they [the two arrested agents] didn’t have anything to do with government communications or the presidential administration or have any access to them.”
Sample the FT’s top stories for a week
You select the topic, we deliver the news.
