Mikhailov case

Last updated

The Mikhailov Case refers to an espionage scandal surrounding the activities of the Center of Information Security (CIS) of FSB (18th Center), whose employees were implicated in high treason after participating in a number of high-profile criminal cases. January 31, 2017 was arrested that the head of the 2nd department of the CIS Sergei Mikhailov (FSB) [1] and his deputy Dmitry Dokuchaev [2] In the same case, the head of the department of investigation of computer incidents of Kaspersky Lab Ruslan Stoyanov and Georgy Fomchenkov were arrested. [3] The men were convicted of giving information to American private sector researcher Kimberly Zenz, but Zenz herself was never charged, and her requests to testify for the defense were ignored. [4]

Contents

The result of the case was the complete cessation of cooperation between Russia and the US on cybercrime. [5] This was perhaps the goal of the case, according to Russian investigative journalists Andrei Soldatov and Irina Borogan. [6] Zenz spoke about her belief that the case was due at least in part to infighting between Russian security services at BlackHat USA in 2019. [7] [8] The New York Times hypothesized that the treason trial was at least in part the revenge of a convicted cybercriminal, Pavel Vrublevsky's as Mikhailov, Dokuchev and Stoyanov participated in his conviction. [9]

Confrontation of the CIS FSB of the Russian Federation and Vrublevsky

Prosecution of the company management Chronopay

In 2011-2012 CIS FSB filed a case against the owner of Chronopay Pavel Vrublevsky and a number of its employees. They were convicted of organizing a DDoS attack on the payments processor serving Aeroflot, in a bid to win Aeroflot's business for Chronopay. On July 31, 2013, a conviction was pronounced in the case. [10] In the course of the trial, the operatives and investigative materials on Pavel Vrublevsky's case were posted to the Internet by unknown persons, including those that were not submitted to the court. [11]

Spy espionage scandal in early 2017

On January 31, 2017, Interfax reported, citing sources, that the head of the 2nd department of the CIS FSB, [12] Sergey Mikhailov, and his deputy senior operative in the planning department of the CIS FSB Dmitry Dokuchaev were arrested and charged for high treason. [13] News of the arrests of head of the computer incident investigation department of Kaspersky Lab Ruslan Stoyanov and Georgy Fomchenkov came later.

The men are accused of sharing information about the cybercriminal operations of Vrublevksy and his company ChronoPay [14] in return for a payment of ten million dollars, [15] the information that was already posted online to be downloaded free of charge. [11] For comparison's sake, the FBI offered just three million US dollars for information leading to the arrest of Russian hacker Evgeniy Bogachev, a man accused of running both major cybercriminal operations and espionage operations on behalf of the Russian state. [16] [17] [18]

Chronology

Aeroflot case

On July 11, 2010, due to the DDoS attack on the servers of the Assist payment system, air ticket reservation on Aeroflot's website was not available for a week. [19]

June 24, 2011 Lefortovo Court of Moscow authorized the arrest of Pavel Vrublevsky. [20] The arrest was carried out at the request of the Investigative Directorate of the FSB with the support of the Center of Information Security of the Federal Security Service of the Russian Federation. Vrublevsky returned with his family to Moscow from the Maldives and was arrested at the Sheremetyevo airport. The FSB accused Vrublevsky of ordering a DDOS attack on the site of the competing payment system "Assist". [21] Then the system of sales of electronic tickets of "Aeroflot" was put out of operation, because of what the airline left from "Assist" to "Alfa-bank". Aeroflot also filed a claim for 194 million rubles. to "VTB-24", which through "Assist" provided Aeroflot with payment processing. [22]

For the next six months, Vrublevsky was in the Lefortovo detention center. [23] After being released from custody, Vrublevsky was preparing to sell ChronoPay, the buyer was supposed to be a large state bank.

Vrublevsky's lawyer argued that the case was completely fabricated, and demanded that the FSB officers be held accountable. [24] The criminal case was sent for further investigation by a curious circumstance - the investigation of the FSB confused (and the Prosecutor General's Office confirmed this in the indictment) the number of the federal law on which Vrublevsky was involved: instead of 26-FZ (articles 272 illegal access and 273 creation and use of viruses) FZ, [25] the law on ratification of the agreement of the Russian Federation and the countries of Asia on creation of the joint drug center. Subsequently, the prosecution in 273 articles was withdrawn by the Tushinsky District Court in view of the expired statute of limitations. [26]

The reasons and motives for the criminal prosecution of Vrublevsky were actively discussed in the press. Thus, the article by Irek Murtazin in Novaya Gazeta [27] argued that despite the fact that Vrublevsky is pursued by the CIS FSB, he may be an agent or partner of the FSB "Office K" for illegally withdrawing money from the country.

On July 31, 2013, a court session was held on the case of a DDoS attack on the Assist system site, during which Pavel Vrublevsky was recognized by the court as an organizer for an attack on Assist "with the aim of destroying it" and sentenced to 2.5 years in a general regime colony. Igor and Dmitri Artimovich, who were also participating in the case as accomplices, were sentenced to 2,5 years of the colony of the general regime, and Maxim Permyakov received two years probatory sentence "for active repentance and assistance to the investigation". [28] [29] [30]

A few months later, the Moscow City Court mitigated the punishment of Vrublevsky and other defendants for a “colony-settlement”. [31] On May 27, 2014, Vrublevsky was released on parole ahead of time from the colony. [32] Russian investigative journalist Irek Murtazin reported that this early release was in return for assistance by Vrublevksy in running a Russian government payments system designed to circumvent attempts by Western states to restrict Russian transactions. [33] Vrublevksy's co-defendant Igor Artimovich, told the New York Times that he was offered a similar deal for a reduced sentence in return for working for the Russian government, but he declined. [34]

Treason Care

In December 2016, officers of the CIS FSB Sergey Mikhailov, Dmitry Dokuchaev, head of the cybercrime investigation department of Kaspersky Lab Ruslan Stoyanov, and Georgy Fomchenkov were arrested for treason.

In January 2017, it became known that the head of the site "Humpty Dumpty", journalist Vladimir Anikeev, also known as the "Anonymous International", who hacked the mail of Russian businessmen and high-ranking officials, was detained shortly before the arrest of FSB officers. In January, Rosbalt told about the circumstances of the capture of Anikeev: the FSB detained him in October 2016, and later, according to his testimony, high-ranking FSB officers Dmitry Dokuchayev and his boss Sergey Mikhailov were arrested. They were accused of state treason and cooperation with the CIA.

In February 2017, Reuters reported that the case of a state treason in the FSB was due to Vrublevsky's testimony from 2010. [35] The New York Times hypothesized that the treason trial was Vrublevsky's revenge for his conviction. [9]

The result of the case was the complete cessation of cooperation between Russia and the US on cybercrime. [5] This was perhaps the goal of the case, according to Russian investigative journalists Andrei Soldatov and Irina Borogan. [6] Zenz spoke about her belief that the case was due at least in part to infighting between Russian security services at BlackHat USA in 2019. [7] [8]

Stoyanov himself released a letter from prison, sharing his belief that he was charged because he opposed efforts by the Russian state to protect cybercriminals in return for cooperation with the state. [36]

In March 2017, the US Department of Justice announces the involvement of Sergei Mikhailov and Dmitry Dokuchaev in the hacking of 500 million Yahoo mail accounts. [37]

On June 12, 2017, a significant part of the documents on the Mikhailov case was sealed with a "secret" stamp, Rosbalt reported, citing an informed source. [38]

Related Research Articles

Russian apartment bombings 1999 terrorist bombings in Russia

The Russian apartment bombings were a series of explosions that hit four apartment blocks in the Russian cities of Buynaksk, Moscow and Volgodonsk in September 1999, killing more than 300, injuring more than 1,000, and spreading a wave of fear across the country. The bombings, together with the Invasion of Dagestan, triggered the Second Chechen War. The handling of the crisis by Vladimir Putin, who was prime minister at the time, boosted his popularity greatly and helped him attain the presidency within a few months.

Lubyanka Building Headquarters of the FSB in Moscow, Russia

Lubyanka is the popular name for the headquarters of the FSB and affiliated prison on Lubyanka Square in Meshchansky District of Moscow, Russia. It is a large Neo-Baroque building with a facade of yellow brick designed by Alexander V. Ivanov in 1897 and augmented by Aleksey Shchusev from 1940 to 1947. It was previously the national headquarters of the KGB; Soviet hammer and sickles can be seen on the building's facade.

German Ugryumov

German Alexeyevich Ugryumov was a Soviet and Russian navy and security services official. During his childhood he lived in Chelyabinsk Oblast.

<i>Blowing Up Russia</i> Book by Alexander Litvinenko and Yuri Felshtinsky

Blowing Up Russia: Terror from Within is a book written by Alexander Litvinenko and Yuri Felshtinsky. The authors describe the Russian apartment bombings as a false flag operation that was guided by the Russian Federal Security Service to justify the Second Chechen War and bring Vladimir Putin to power. The story was initially printed by Yuri Shchekochikhin in a special issue of Novaya Gazeta in August 2001 and published as a book in 2002. In Russia the book was prohibited because it divulged state secrets, and it was included in the Federal List of Extremist Materials. However, it was published in more than twenty other countries and translated into twenty languages.

Interstate Aviation Committee Commonwealth of Independent States body

The Interstate Aviation Committee is an executive body of the Civil Aviation and Airspace Use Council of the Commonwealth of Independent States (CIS) and was formed in 1991 according to the Civil Aviation and Airspace Use Multilateral Agreement, signed on 25 December 1991.

Basic Element Ltd. is one of the largest diversified industrial groups in Russia. The company was founded in 1997 and is owned by Oleg Deripaska. It is based in the British tax haven of Jersey and is headquartered in Moscow. It was known as Siberian Aluminum until 2001.

Pavel Olegovich Vrublevsky is a Russian, owner and general manager of the processing company ChronoPay. He is also the founder of investment company RNP and a Russian Forbes contributor on matters relating to blockchain, cryptocurrencies, and cybersecurity. He was also implicated in a range of criminal cases related to hacking.

Roman Seleznev Russian computer hacker

Roman Valerevich Seleznev, also known by his hacker name Track2, is a Russian computer hacker. Seleznev was indicted in the United States in 2011, and was convicted of hacking into servers to steal credit-card data. His activities are estimated to have caused more than $169 million in damages to businesses and financial institutions. Seleznev was arrested on July 5, 2014, and was sentenced to 27 years in prison for wire fraud, intentional damage to a protected computer, and identity theft.

Ivan Pavlov (lawyer)

Ivan Yuryevich Pavlov is a Russian advocate and open government activist. He participated in the development of Russian federal and regional freedom of information legislation. He specializes in protecting the right to access government information in Russia, and defending citizens from ungrounded accusations of disclosing state secrets, high treason, and espionage. Additionally, he focuses on raising public awareness of the need for modern legislation on state secrets and the use of current legislation as a means of repression.

Anonymous International is a hacking group known for leaking Russian government information and personal documents of government officials. They target high-ranking members of the government, large corporations, and media, and sell the stolen data. These actions are publicized on their blog, Shaltai Boltai,, the name by which the group is also known. Over a period of 15 months the group published information about Russian politicians on 75 separate occasions.

Artpodgotovka Political party in Russia

Artpodgotovka, Russian for "Artillery or art preparation" and known in English as the Interregional Social Movement 'Artpodgotovka') is a Russian political organization of a left-wing nationalist character. Recognized as extremist, it was banned on the territory of the Russian Federation.

Moscow FSB headquarters shooting Mass shooting at the Federal Security Service headquarters in Moscow, Russia

The Moscow FSB headquarters shooting took place on the evening of 19 December 2019 near the headquarters of Russia’s Federal Security Service (FSB) in the center of Moscow. The first reports of the incident were controversial. During the shooting, the attacker was shot dead by a sniper. One FSB officer died on the spot, another died the next day and a few more were injured. One bystander was slightly injured. After the incident, security officials displayed aggression to the reporters covering the event. The attack took place on the eve of the security services day, when President Putin was at a festive concert dedicated to this day, and the shooting also came hours after Putin's annual press conference. According to preliminary data, the attacker was alone, and his name was Yevgeny Manyurov, 39, who was from a small town near Moscow. Due to the inconsistency of the special services, the shooting continued after Manyurov was killed; this may have led to additional casualties. Soon after the shooting, there was report that the attacker "was shouting slogans typical of Islamic State", but in his apartment, insignia of the NOD movement, known for its provocations against the opposition, was found, along with indications that he was a member of a Neo-Nazi group called the Ethnic National Union. The Investigative Committee of Russia opened a criminal investigation into an attempt on the life of a law enforcement officer.

Sergei Mikhailov was deputy head of the FSB security agency’s Center for Information Security. In February 2019, he was sentenced to 22 years in prison for treason.

Dmitry Dokuchaev

Dmitry Aleksandrovich Dokuchaev is a Russian convicted cyber criminal and a former intelligence officer of the Federal Security Service (FSB), the principal security agency of Russia. In April 2019, he was sentenced to six years in prison for treason.

Kimberly Zenz is a cybersecurity research with an emphasis on the RuNet. Her work experience includes RuNet researcher at Verisign iDefense and Head of Threat Intelligence at the Deutsche Cyber-Sicherheitsorganisation. In 2019, a Moscow court reportedly accused her of passing along information of interest to the Russian government to U.S. intelligence officials. Zenz refuted these accusations and repeatedly requested to testify. The court ignored her request and did not permit her to testify.

Ruslan Stoyanov is a Russian computer scientist. In December 2016, he was arrested on charges of treason as part of the Mikhailov case. In 2019, he was sentenced to 14 years in prison.

The Insider is an independent Russian online newspaper specializing in investigative journalism, fact-checking and political analytics. Founded in 2013 by Roman Dobrokhotov, journalist and political activist, who is the owner of the newspaper. The newspaper is known for exposing fake news in Russian media. The editorial office of the website is located in Riga, Latvia. Andris Jansons is the editor-in-chief of the website.

The Kansk affair or the affair of Kansk teens is an ongoing criminal case in the Russian city of Kansk where in June 2020 the FSB agents arrested three 14-year-old boys while they were putting up political leaflets, whom the authorities accused of being an anarchist terror cell. One of the pieces of evidence in the case is the boys' actions in the video game Minecraft, where they constructed a virtual FSB building that they were blowing up in the game. A Russian human rights organization, Memorial, characterized the case against the three Kansk teens as political persecution.

Mikhail Poluboyarinov Russian businessman

Mikhail Igorevich Poluboyarinov is a Russian businessman, former CEO of Aeroflot, Russia's largest airline, since 20 November 2020 by April 2022 and current deputy CEO of Russian Post. In March 2022, in response to the 2022 Russian invasion of Ukraine, Poluboyarinov was placed on a list of sanctioned individuals by the European Union.

Sergei B. Korolev Russian intelligence officer

Sergei Borisovich Korolev is a Russian intelligence officer currently serving as first deputy director of the Federal Security Service (FSB). He previously served as head of the Economic Security Service of the FSB from 2016 to 2021. A secretive figure with extensive connections to the Russian mafia, he is considered one of the leading candidates to succeed Alexander Bortnikov as director of the FSB. He has held the military rank of General of the Army since 2021.

References

  1. "СМИ рассказали о взломавшем Yahoo по заказу ФСБ "хорошем парне"". RBC. Retrieved 2017-03-16.
  2. "Арестованных офицеров ФСБ обвинили в сотрудничестве с ЦРУ". Interfax.ru (in Russian). 2017-01-31. Retrieved 2017-01-31.
  3. СМИ: Четвертый фигурант дела ЦИБ ФСБ — Георгий Фомченков — Grani
  4. Poulsen, Kevin (2019-02-23). "Kremlin Accused Her of Being a U.S. Spy. She Offered to Go to Moscow". The Daily Beast. Retrieved 2021-08-16.
  5. 1 2 «Лаборатория Касперского» не ощутила влияния ареста сотрудника на репутацию компании — Kommersant
  6. 1 2 Soldatov, Andreĭ (2015). The red web : the struggle between Russia's digital dictators and the new online revolutionaries. I. Borogan (First ed.). New York. ISBN   978-1-61039-573-1. OCLC   914136614.
  7. 1 2 USA: Russian intelligence cyber infighting scrutinised at Black Hat 2019 , retrieved 2021-08-16
  8. 1 2 Eddy, Max (2019-08-09). "Russian Intel Agencies Are a Toxic Stew of Competition and Sabotage". PCMag UK. Retrieved 2021-08-16.
  9. 1 2 Kramer, Andrew E. (2019-02-26). "Was Russia Treason Trial About U.S. Election Meddling or a Convict's Revenge?". The New York Times. ISSN   0362-4331 . Retrieved 2021-08-16.
  10. Владелец Chronopay получил 2,5 года тюрьмы за Ddos-атаку на «Аэрофлот» — Cnews.ru
  11. 1 2 Арестован полковник ФСБ Сергей Михайлов, курировавший сферу интернет-безопасности — The Insider
  12. "СМИ рассказали о взломавшем Yahoo по заказу ФСБ "хорошем парне"". RBC. Retrieved 2017-03-16.
  13. "Арестованных офицеров ФСБ обвинили в сотрудничестве с ЦРУ". Interfax.ru (in Russian). 2017-01-31. Retrieved 2017-01-31.
  14. "A Shakeup in Russia's Top Cybercrime Unit – Krebs on Security" . Retrieved 2021-08-16.
  15. "Гостайна раскрылась за $10 млн". www.kommersant.ru (in Russian). 2018-10-05. Retrieved 2021-08-16.
  16. "Want a Quick $3 Million? Find This Alleged Russian Cyber Hacker". NBC News. Retrieved 2021-08-16.
  17. "EVGENIY MIKHAILOVICH BOGACHEV". Federal Bureau of Investigation. Retrieved 2021-08-16.
  18. The Editorial Board (2021-07-31). "Opinion | Russia's New Form of Organized Crime Is Menacing the World". The New York Times. ISSN   0362-4331 . Retrieved 2021-08-16.
  19. Assist поломался из-за DDoS - roem.ru
  20. Гендиректора Chronopay арестовали по подозрению в организации DDoS-атаки сайта «Аэрофлота» - Gazeta.ru
  21. За что арестовали Павла Врублевского | Forbes.ru
  22. Financial Mogul Linked to DDoS Attacks — Krebs on Security
  23. "Врублевский: после выхода из СИЗО я стал гораздо жестче | Digit". Archived from the original on 2012-06-26. Retrieved 2017-10-31.
  24. ВЕДОМОСТИ — Дело владельца Chronopay передано в суд
  25. Прокуратура случайно обвинила Врублевского в контрабанде наркотиков | Roem.ru
  26. M24.RU — Снята часть обвинений по делу об атаке на сайт «Аэрофлота» — Городской информационный канал — «Москва 24»
  27. Киберпреступник № 1 Павел Врублевский: Суперагент или жертва ФСБ?
  28. Павел Врублевский признан виновным по делу о кибератаке на «Аэрофлот» - КоммерсантЪ
  29. Павел Врублевский признан виновным по делу о кибератаке на сайт «Аэрофлота» - Interfax.ru
  30. Основатель Chronopay Врублевский осужден на 2,5 года за хакерскую атаку на сайт «Аэрофлота»
  31. Мосгорсуд смягчил приговор организатору Ddos-атаки на сайт «Аэрофлота» в 2010 году - Tass.ru
  32. Владельца Сhronopay Павла Врублевского освободили из тюрьмы - TheVillage
  33. Murtazin, Irek (2014-05-27). "Врублевский возвращается в Москву". Ирек Муртазин. Retrieved 2021-08-16.
  34. Kramer, Andrew E. (2013-09-02). "Online Attack Leads to Peek Into Spam Den". The New York Times. ISSN   0362-4331 . Retrieved 2021-08-16.
  35. Обвинения в госизмене против российских кибер-экспертов связаны с делом 2010 года — источники - Reuters
  36. "Arrested Kaspersky Labs Cybercrimes Chief Says Russia Trades Hackers Immunity for Stolen Info". The Moscow Times. 2017-04-12. Retrieved 2021-08-16.
  37. Washington Post: США заподозрили арестованного сотрудника ЦИБ ФСБ Докучаева во взломе Yahoo - Mediazona
  38. ФСБ засекретила дело «Шалтая-Болтая» — Rosbalt