Accessibility links

Breaking News

Moscow Spy Scandal Snowballs: What We Know

To date, not a single Russian official or law enforcement agency has commented on the record about the reported case against the Federal Security Service (FSB) officers, identified as Sergei Mikhailov and Dmitry Dokuchayev, and other alleged accomplices. (illustrative photo)
To date, not a single Russian official or law enforcement agency has commented on the record about the reported case against the Federal Security Service (FSB) officers, identified as Sergei Mikhailov and Dmitry Dokuchayev, and other alleged accomplices. (illustrative photo)

The murky investigation of Russian intelligence officers reportedly facing treason charges has taken a fresh turn, with the Interfax news agency quoting unnamed sources as saying that two suspects are accused of collaborating with the U.S. Central Intelligence Agency (CIA).

The news, unverified and uncorroborated, is the latest in a growing number of remarkable leaks that hint at possible struggles and hidden agendas inside Russia's formidable security apparatus.

To date, not a single Russian official or law enforcement agency has commented on the record about the reported case against the Federal Security Service (FSB) officers, identified as Sergei Mikhailov and Dmitry Dokuchayev, and other alleged accomplices.

Instead, numerous Russian media citing anonymous sources have reported the suspects may be tied to hackers targeting the Russian elite and may have disclosed information related to cyberattacks targeting the U.S. election system.

These reports come on the heels of an assessment by U.S. intelligence agencies in early January concluding that Russia orchestrated a hacking campaign aimed at helping President Donald Trump defeat his Democratic rival, Hillary Clinton, in the election.

The anonymous sources have not expressly linked the reported accusations against Mikhailov and Dokuchayev to the breaches of Democratic Party servers, though the Novaya Gazeta newspaper has reported there may be links to attacks on U.S. state-electoral systems.

Here's a look at what we know and don't know about the case:

Who Are The Suspects?

So far, Mikhailov and Dokuchayev are the only FSB officers to be identified, based on anonymous sources cited by several Russian media outlets, as suspects in the investigation. Media reports, however, indicate there may be a total of six suspects -- including a third FSB officer -- already detained.

Mikhailov's arrest, reportedly in December, was first revealed by Kommersant on January 25. He served as a department head at the FSB's Center for Information Security (CIS). Mikhailov is "well-known" among Russia's cybersecurity experts, according to Andrei Soldatov, an investigative journalist who has written widely about Russian intelligence services and their cybercapabilities.

Mikhailov was also a prominent witness in the trial of Pavel Vrublevsky, who ran an electronic-payment company called Chronopay and in 2013 was convicted of cyberattacks on Russian companies, including state-owned airline Aeroflot. Mikhailov testified in court that he knew Vrublevsky and his talents well.

The arrest of Dokuchayev, whom media reports identify as a CIS employee, was first reported by Rambler News Service on January 26. Other Russian media reports have identified Dokuchayev as a former hacker who used the alias Forb.

Russian media reports have also tied their arrests to that of Ruslan Stoyanov, a manager of the renowned Russian cybersecurity company Kaspersky Lab. The company confirmed the arrest to RFE/RL, identifying Stoyanov as the head of its investigation unit.

Novaya Gazeta reported on January 31 that a total of six suspects -- including Mikhailov, Dokuchayev, and Stoyanov -- have been arrested.

Ivan Pavlov, a prominent Russian lawyer who has previously defended individuals against treason charges, confirmed to Kommersant that the investigation involved more than two suspects, one of whom is his client.

Pavlov, who has yet to publicly identify his client, indicated the suspects were arrested in December. He did not immediately respond to a request for comment from RFE/RL.

Vrublevsky, meanwhile, is a successful entrepreneur and colorful figure among Russia's digital elite. In a book published in 2014, Brian Krebs, an American investigative reporter, investigated some of the Russian crime networks involved in the vast amounts of e-mail spam that clutter the Internet. His book, Krebs wrote in a blog post on January 29, was based on a cache of leaked e-mails from Vrublevksy's company.

Vrublevsky also told Krebs that he believed Mikhailov was the one who stole the e-mails and leaked them. Krebs said Vrublevsky was also convinced Mikhailov was leaking sensitive information to U.S. intelligence.

What Are They Charged With?

Russian authorities have not officially made the charges public, but media reports say Mikhailov and Dokuchayev have been accused of treason. Kommersant cited Pavlov as confirming that suspects in the case were accused of disclosing state secrets.

Precisely what secrets they are accused of disclosing remains unclear. Interfax on January 31 quoted "sources familiar with the situation" as saying that they were suspected of relaying confidential information to the CIA.

Mikhailov and Dokuchayev "are accused of violating their oath and cooperating with the CIA," Interfax quoted one source as saying.

It quoted the same source as saying that a total of four people had been formally charged in the matter, and that several other potential accomplices had been identified as well.

Another source cited by Interfax was quoted as saying that the investigation involves parallel charges of treason and hacking.

Is Case Linked To U.S. Election Hacking?

No clear link has been made between the investigation and what U.S. intelligence called a Kremlin-directed operation to influence the U.S. presidential election with cyberattacks and propaganda.

But Novaya Gazeta last week quoted unidentified sources as saying that Mikhailov was suspected of providing U.S. intelligence with information about King Servers, a hosting service owned by Russian citizen Vladimir Fomenko.

The company was used as a platform by hackers who targeted state-election computer systems in Arizona and Illinois last year. Fomenko, who rents space on his servers, has denied any links to the perpetrators of the cyberattacks.

Novaya Gazeta reported that Fomenko rented server space to Vrublevsky, the Chronopay proprietor against whom Mikhailov testified.

So far, no claims have surfaced in the leaks indicating the suspects may have relayed information about breaches of U.S. political organizations like the Democratic National Committee that were widely seen as damaging to Clinton's campaign.

The Kremlin has denied any involvement in the cyberattacks.

Is Humpty Dumpty A Fall Guy?

This is where things get even murkier.

Unconfirmed media reports have linked Mikhailov to the shadowy hacking collective known as Shaltai-Boltai -- or Humpty Dumpty, in Russian -- that has published troves of e-mails and text messages stolen from prominent Russian officials and well-connected entrepreneurs.

The RosBalt news agency quoted a source over the weekend as saying that the accused mastermind of Shaltai-Boltai, Vladimir Anikeyev, told investigators that Mikhailov was involved with the group.

RosBalt was founded by Natalya Cherkesova, the wife of Soviet and Russian intelligence veteran Viktor Cherkesov, the former head of Russia's federal antinarcotics agency. The publication frequently quotes unidentified sources in Russia's security services.

Pavlov, however, told Rambler News Service on January 31 that he was familiar with the details of the investigation and that, as far as he knew, it had nothing to do with Shaltai-Boltai.

Soldatov, meanwhile, told The Guardian that the leaks about the hacking collective "suggest a hastily made cover-up."

"Mikhailov and Stoyanov were real experts in one thing, the Russian digital underground, not the kind of stuff that Shaltai-Boltai leaked," he said.

"So if there is anything real about the treason charges, the kind of information they could pass on would be about this, perhaps about informal actors in the DNC hacking scheme," Soldatov added.

  • 16x9 Image

    Carl Schreck

    Carl Schreck is an award-winning investigative journalist who serves as RFE/RL's enterprise editor. He has covered Russia and the former Soviet Union for more than 20 years, including a decade in Moscow. He has led investigations into corruption, cronyism, and disinformation campaigns in Russia and Central Asia, as well as on poisoning attacks against Kremlin opponents and assassinations of Iranian exiles in the West. Schreck joined RFE/RL in 2014.

  • 16x9 Image

    Mike Eckel

    Mike Eckel is a senior correspondent reporting on political and economic developments in Russia, Ukraine, and around the former Soviet Union, as well as news involving cybercrime and espionage. He's reported on the ground on Russia's invasion of Ukraine, the wars in Chechnya and Georgia, and the 2004 Beslan hostage crisis, as well as the annexation of Crimea in 2014.

RFE/RL has been declared an "undesirable organization" by the Russian government.

If you are in Russia or the Russia-controlled parts of Ukraine and hold a Russian passport or are a stateless person residing permanently in Russia or the Russia-controlled parts of Ukraine, please note that you could face fines or imprisonment for sharing, liking, commenting on, or saving our content, or for contacting us.

To find out more, click here.