Accessibility links

Breaking News

The Power Vertical

When the hackers met the spooks.

It's an espionage case. It's a byzantine struggle among clans inside Moscow's security services. It's a window into Russian cyberattacks on the United States. It's a glimpse at how officials monetize their positions and run protection rackets.

It's all of the above. It's some of the above. Or it's none of the above.

In many ways, reports about the arrest of two FSB officers, a cybersecurity expert, and the founder of a notorious hacking group offer up a classic Russian tale replete with multiple layers of subterfuge, deception, diversion, and embedded meaning.

It's a tale told through leaks, rumors, innuendo, and speculation -- albeit without the benefit of many officially verified facts.

At the simplest level, two FSB officers working in cyberdefense, Sergei Mikhailov and Dmitry Dokuchayev, as well as Ruslan Stoyanov, a former Interior Ministry official who works for the cyber security company Kaspersky Lab, are reportedly being charged with espionage.

According to Russian media reports, Mikhailov is suspected of alerting U.S. intelligence to the FSB's connection to a Russian server-rental company called King Servers.

Last year, the U.S.-based cybersecurity firm ThreatConnect had identified King Servers as the nexus for hacking attacks against the United States.

If U.S. intelligence did indeed have a highly placed source like Mikhailov, it would explain why it was able to conclude with such a high degree of confidence that Russia was behind the cyberattacks during the election campaign.

The timing of the arrests and the timing of the decision by former U.S. President Barack Obama to declassify and make public parts of the U.S. intelligence report on the alleged Russian hacking also makes sense.

Mikhailov was arrested in December. And the U.S. released the intelligence report a month later, in January.

If Mikhailov was indeed a source, then Washington would have been reluctant to declassify its intelligence for fear of compromising him.

After he was arrested, this, of course, would no longer be an issue.

So far, so straightforward. Until it isn't.

Leaks to the Russian media have also connected Mikhailov and his subordinate Dokuchayev to a hacker group known as Shaltai-Boltai, or Humpty Dumpty, which in the past has released embarrassing material about top Russian officials.

Vladimir Anikeyev, the founder of Shaltai-Boltai, has also been arrested, but is not being charged with espionage.

Moreover, Russian media reports claim that Dokuchayev is actually a former hacker known as Forb, who was serving a prison sentence for credit-card theft when he was recruited by the FSB, where he held the rank of major.

As Leonid Bershidsky notes in his column for Bloomberg, "parallel to their official duties, officers often run private security operations involving blackmail and protection. If Mikhailov ran such a business out of the FSB's Information Security Center, he wouldn't stand out among his colleagues."

And it's also not unusual for the FSB to recruit former hackers. In fact, it's pretty much standard practice.

This is where the story diverts into the murky world of FSB officers and their civilian collaborators monetizing their positions and forming protection rackets.

"An FSB officer, recruited from the hacking community, can use his rank and position to obtain compromising material and sell it to wealthy clients. A team profiting from these opportunities can include both officers and civilians," Bershidsky writes.

"The Russian government can hire such a team through intermediaries if it needs something sensitive done -- but so can foreign intelligence services. It's a murky world in which actors are both predator and prey. The Kremlin enjoys access to brilliant and unscrupulous people; the downside, of course, is that they may be hard to control."

If you follow this line of logic, then it's easy to imagine that Mikhailov and Dokuchayev inadvertently or unwittingly sold information exposing King Server's FSB connections to a front for U.S. intelligence.

But the fact of the matter is we simply don't know.

And if things aren't confusing enough yet, there is also the matter of the bitter personal and clan rivalries in the shadow world of the Russian security services.

In a recent post on his blog KrebsOnSecurity, Brian Krebs, author of the book Spam Nation: The Inside Story Of Organized Cybercrime, suggested the whole affair might be traced to a personal rivalry between Mikhailov and Pavel Vrublevsky, an Internet businessman whose partner owns King Servers.

Mark Galeotti, an expert on Russia's security services and a senior research fellow at the Institute of International Relations in Prague, notes that the FSB's Information Security Center, which Mikhailov headed and where Dokuchayev was his subordinate, has emerged as "a pivotal agency" and "a source of power."

And this makes it a prime arena for fierce rivalries and power plays.

"This is probably an intelligence leak that is being cleared up. But the question is: why now? And I wonder if domestic politics explains the leaking of the information now. It could be a rebuke to the FSB for having messed up," Galeotti said on last week's Power Vertical Podcast.

The views expressed in this blog post do not necessarily reflect the views of RFE/RL

ON MY MIND

In many ways, reports about the arrest of two FSB officers, a cybersecurity expert, and the founder of a notorious hacking group are a classic Russian story replete with layers of subterfuge, deception, diversion, and embedded meaning.

At the simplest level, two FSB officers working in cyberdefense, Sergei Mikhailov and Dmitry Dokuchaev, as well as Ruslan Stoyanov, a former Interior Ministry official who works for the cybersecurity company Kaspersky Lab, are being charged with espionage.

According to Russian media reports, Mikhailov is suspected of alerting U.S. intelligence to FSB links with a Russian server-rental company believed to be the nexus for cyberattacks against the United States.

So far, so straightforward.

Until it isn't.

Leaks to the Russian media have linked Mikhailov to a hacker group known as Shaltai Boltai, which in the past has released embarrassing material about top Russian officials.

Moreover, Dokuchaev is reported to be a former hacker known as Forb who was serving a prison sentence for credit-card theft when he was recruited by the FSB. He has also been identified in press leaks as a member of Shaltai Boltai.

Vladimir Anikeev, the founder of Shaltai Boltai has also been arrested, but is not being charged with espionage.

As Leonid Bershidsky notes in a piece featured below, this isn't uncommon in the FSB, where "officers often run private security operations involving blackmail and protection." And it's also not unusual for the FSB to recruit former hackers. In fact, it's pretty much standard practice.

Adding to the intrigue and high stakes, Mark Galeotti notes in a commentary featured below, the FSB's Information Security Center, which Mikhailov headed and where Dokuchaev was his subordinate, has emerged as "a pivotal agency" and "a source of power." And this makes it a prime arena for fierce rivalries and power plays.

So was this a straightforward espionage case that got entangled in high-stakes clan warfare?

Was it an FSB protection racket that spun out of control and inadvertently passed information to U.S. intelligence?

Is this truly connected to the U.S. election hacking scandal?

Is the whole Shaltai Boltai angle a smokescreen?

We'll need to see a lot more data points before reaching definitive conclusions.

IN THE NEWS

The U.S.-based watchdog Freedom House warns that civil liberties came increasingly under threat in 2016 as authoritarian powers gained strength in many parts of the world and "populist and nationalist forces" rose in democratic states.

Russia's Federal Security Service has announced that Ilma Umerov, deputy chairman of the Crimean Tatar Mejlis, the community's top executive organ, has been charged with "actions aimed at violating the territorial integrity of the Russian Federation."

A former Russian presidential envoy to the Sakhalin region in the Far East, Vitaly Guly, has been detained in Moscow on extremism charges.

Russia's foreign minister Sergei Lavrov is suggesting that U.S. President Donald Trump did not raise the issue of human rights with Russian President Vladimir Putin during their telephone conversation on January 28.

The Ukrainian soccer club Shakhtar Donetsk will play their future home games in the city of Kharkiv throughout the year, the club announced on January 30.

The International Paralympic Committee has moved to bar Russian athletes from participating in qualifiers for the 2018 Winter Paralympic Games in Pyeongchang, South Korea.

Russia's No.2 oil producer, Lukoil, is seeking opportunities for growth in the Middle East as Iran opens its oil fields to international partners, a senior executive says.

Ukrainian President Petro Poroshenko has cut short a working visit to Germany to oversee an emergency situation that has developed around the eastern Ukrainian town of Avdiyivka.

WHAT I'M READING

Hackers, Spies, And Intrigue

In The Moscow Times, Mark Galeotti of the Institute of International Relations in Prague weighs in, arguing that the arrests of FSB cybersecurity officials is probably both a genuine espionage case and political infighting.

In his column for Bloomberg, Leonid Bershidsky looks at how Russia's hackers became a headache for the Kremlin, citing the case of the hacking group Shaltai Boltai as an example of how security and law-enforcement officials use their positions to run protection rackets.

And in Republic.ru, Anastasia Yakoreva looks at some of the revelations resulting from Shaltai Boltai's hacks.

Here Comes The Reset

In The Moscow Times, foreign affairs analyst Vladimir Frolov weighs in on the Trump-Putin phone call and the future of U.S.-Russian relations.

The Great Ukrainian Wall

Anna Nemtsova has a piece in The Daily Beast looking at whether Ukraine will really "build a wall to keep out the Russians."

Inside The Disinformation Machine

The Hungarian online news site Index.hu has an investigation into how pro-Kremlin websites operate in that country.

The View From The Baltics

Aliide Naylor has a piece in New Eastern Europe on "Trump, Russia, and the New Geopolitics of the Baltics."

Mr. Putin Goes To Budapest

The Center for Euro-Atlantic Integration and Democracy previews Putin's upcoming visit to Hungary.

Peter Kreko, a visiting professor at Indiana University and a senior associate at the Political Capital Institute, has a piece in EUObserver arguing that the axis between Putin and Hungarian Prime Minister Viktor Orban is threatening the European Union.

Anti-Putin Speakers Not Welcome

BuzzFeed reports that the Paris School of International Affairs is now cancelling anti-Putin speakers.

The Kremlin And CalExit

In a piece for Bloomberg, Leonid Ragozin looks behind the CalExit movement and finds -- Putin.

From The You-Can't-Make-This-Stuff-Up Department

Kevin Rothrock at Global Voices has a piece on how the pro-Kremlin tabloid Life has released a video explaining how Russians can exploit the recent decriminalization of domestic violence. The video is titled, "He Beats You Because He Loves You," and it explains the "top five ways to commit domestic violence without leaving any traces on your loved ones."

Load more

About This Blog

The Power Vertical
The Power Vertical

The Power Vertical is a blog written especially for Russia wonks and obsessive Kremlin watchers by Brian Whitmore. It offers Brian's personal take on emerging and developing trends in Russian politics, shining a spotlight on the high-stakes power struggles, machinations, and clashing interests that shape Kremlin policy today. Check out The Power Vertical Facebook page or

Subscribe

Latest Posts

Latest Podcast

XS
SM
MD
LG