The Mikhailov Case refers to an espionage scandal surrounding the activities of the Center of Information Security (CIS) of FSB (18th Center), whose employees were implicated in high treason after participating in a number of high-profile criminal cases. January 31, 2017 was arrested that the head of the 2nd department of the CIS Sergei Mikhailov (FSB)[1] and his deputy Dmitry Dokuchaev[2] In the same case, the head of the department of investigation of computer incidents of Kaspersky Lab Ruslan Stoyanov and Georgy Fomchenkov were arrested.[3] The men were convicted of giving information to American private sector researcher Kimberly Zenz, but Zenz herself was never charged, and her requests to testify for the defense were ignored.[4]
The result of the case was the complete cessation of cooperation between Russia and the US on cybercrime.[5] This was perhaps the goal of the case, according to Russian investigative journalists Andrei Soldatov and Irina Borogan.[6] Zenz spoke about her belief that the case was due at least in part to infighting between Russian security services at BlackHat USA in 2019.[7] The New York Times hypothesized that the treason trial was at least in part the revenge of a convicted cybercriminal, Pavel Vrublevsky's as Mikhailov, Dokuchev and Stoyanov participated in his conviction.[8]
In 2011–2012 CIS FSB filed a case against the owner of Chronopay Pavel Vrublevsky and a number of its employees. They were convicted of organizing a DDoS attack on the payments processor serving Aeroflot, in a bid to win Aeroflot's business for Chronopay. On July 31, 2013, a conviction was pronounced in the case.[9] In the course of the trial, the operatives and investigative materials on Pavel Vrublevsky's case were posted to the Internet by unknown persons, including those that were not submitted to the court.[10]
On January 31, 2017, Interfax reported, citing sources, that the head of the 2nd department of the CIS FSB,[11] Sergey Mikhailov, and his deputy senior operative in the planning department of the CIS FSB Dmitry Dokuchaev were arrested and charged for high treason.[12] News of the arrests of head of the computer incident investigation department of Kaspersky Lab Ruslan Stoyanov and Georgy Fomchenkov came later.
The men are accused of sharing information about the cybercriminal operations of Vrublevksy and his company ChronoPay[13] in return for a payment of ten million dollars,[14] the information that was already posted online to be downloaded free of charge. For comparison's sake, the FBI offered just three million US dollars for information leading to the arrest of Russian hacker Evgeniy Bogachev, a man accused of running both major cybercriminal operations and espionage operations on behalf of the Russian state.[15] [16] [17]
On July 11, 2010, due to the DDoS attack on the servers of the Assist payment system, air ticket reservation on Aeroflot's website was not available for a week.[18] June 24, 2011 Lefortovo Court of Moscow authorized the arrest of Pavel Vrublevsky.[19] The arrest was carried out at the request of the Investigative Directorate of the FSB with the support of the Center of Information Security of the Federal Security Service of the Russian Federation. Vrublevsky returned with his family to Moscow from the Maldives and was arrested at the Sheremetyevo airport. The FSB accused Vrublevsky of ordering a DDOS attack on the site of the competing payment system "Assist".[20] Then the system of sales of electronic tickets of "Aeroflot" was put out of operation, because of what the airline left from "Assist" to "Alfa-bank". Aeroflot also filed a claim for 194 million rubles. to "VTB-24", which through "Assist" provided Aeroflot with payment processing.[21]
For the next six months, Vrublevsky was in the Lefortovo detention center.[22] After being released from custody, Vrublevsky was preparing to sell ChronoPay, the buyer was supposed to be a large state bank. Vrublevsky's lawyer argued that the case was completely fabricated, and demanded that the FSB officers be held accountable.[23] The criminal case was sent for further investigation by a curious circumstance - the investigation of the FSB confused (and the Prosecutor General's Office confirmed this in the indictment) the number of the federal law on which Vrublevsky was involved: instead of 26-FZ (articles 272 illegal access and 273 creation and use of viruses) FZ,[24] the law on ratification of the agreement of the Russian Federation and the countries of Asia on creation of the joint drug center. Subsequently, the prosecution in 273 articles was withdrawn by the Tushinsky District Court in view of the expired statute of limitations.[25]
The reasons and motives for the criminal prosecution of Vrublevsky were actively discussed in the press. Thus, the article by Irek Murtazin in Novaya Gazeta[26] argued that despite the fact that Vrublevsky is pursued by the CIS FSB, he may be an agent or partner of the FSB "Office K" for illegally withdrawing money from the country.
On July 31, 2013, a court session was held on the case of a DDoS attack on the Assist system site, during which Pavel Vrublevsky was recognized by the court as an organizer for an attack on Assist "with the aim of destroying it" and sentenced to 2.5 years in a general regime colony. Igor and Dmitri Artimovich, who were also participating in the case as accomplices, were sentenced to 2.5 years of the colony of the general regime, and Maxim Permyakov received two years probatory sentence "for active repentance and assistance to the investigation".[27] [28] [29]
A few months later, the Moscow City Court mitigated the punishment of Vrublevsky and other defendants for a "colony-settlement".[30] On May 27, 2014, Vrublevsky was released on parole ahead of time from the colony.[31] Russian investigative journalist Irek Murtazin reported that this early release was in return for assistance by Vrublevksy in running a Russian government payments system designed to circumvent attempts by Western states to restrict Russian transactions.[32] Vrublevksy's co-defendant Igor Artimovich, told the New York Times that he was offered a similar deal for a reduced sentence in return for working for the Russian government, but he declined.[33]
In December 2016, officers of the CIS FSB Sergey Mikhailov, Dmitry Dokuchaev, head of the cybercrime investigation department of Kaspersky Lab Ruslan Stoyanov, and Georgy Fomchenkov were arrested for treason.
In January 2017, it became known that the head of the site "Humpty Dumpty", journalist Vladimir Anikeev, also known as the "Anonymous International", who hacked the mail of Russian businessmen and high-ranking officials, was detained shortly before the arrest of FSB officers. In January, Rosbalt told about the circumstances of the capture of Anikeev: the FSB detained him in October 2016, and later, according to his testimony, high-ranking FSB officers Dmitry Dokuchayev and his boss Sergey Mikhailov were arrested. They were accused of state treason and cooperation with the CIA.
In February 2017, Reuters reported that the case of a state treason in the FSB was due to Vrublevsky's testimony from 2010.[34] The New York Times hypothesized that the treason trial was Vrublevsky's revenge for his conviction.
The result of the case was the complete cessation of cooperation between Russia and the US on cybercrime. This was perhaps the goal of the case, according to Russian investigative journalists Andrei Soldatov and Irina Borogan. Zenz spoke about her belief that the case was due at least in part to infighting between Russian security services at BlackHat USA in 2019.
Stoyanov himself released a letter from prison, sharing his belief that he was charged because he opposed efforts by the Russian state to protect cybercriminals in return for cooperation with the state.[35]
In March 2017, the US Department of Justice announces the involvement of Sergei Mikhailov and Dmitry Dokuchaev in the hacking of 500 million Yahoo mail accounts.[36]
On June 12, 2017, a significant part of the documents on the Mikhailov case was sealed with a "secret" stamp, Rosbalt reported, citing an informed source.[37]