Mikhailov case explained

The Mikhailov Case refers to an espionage scandal surrounding the activities of the Center of Information Security (CIS) of FSB (18th Center), whose employees were implicated in high treason after participating in a number of high-profile criminal cases. January 31, 2017 was arrested that the head of the 2nd department of the CIS Sergei Mikhailov (FSB)[1] and his deputy Dmitry Dokuchaev[2] In the same case, the head of the department of investigation of computer incidents of Kaspersky Lab Ruslan Stoyanov and Georgy Fomchenkov were arrested.[3] The men were convicted of giving information to American private sector researcher Kimberly Zenz, but Zenz herself was never charged, and her requests to testify for the defense were ignored.[4]

The result of the case was the complete cessation of cooperation between Russia and the US on cybercrime.[5] This was perhaps the goal of the case, according to Russian investigative journalists Andrei Soldatov and Irina Borogan.[6] Zenz spoke about her belief that the case was due at least in part to infighting between Russian security services at BlackHat USA in 2019.[7] The New York Times hypothesized that the treason trial was at least in part the revenge of a convicted cybercriminal, Pavel Vrublevsky's as Mikhailov, Dokuchev and Stoyanov participated in his conviction.[8]

Confrontation of the CIS FSB of the Russian Federation and Vrublevsky

Prosecution of the company management Chronopay

In 2011–2012 CIS FSB filed a case against the owner of Chronopay Pavel Vrublevsky and a number of its employees. They were convicted of organizing a DDoS attack on the payments processor serving Aeroflot, in a bid to win Aeroflot's business for Chronopay. On July 31, 2013, a conviction was pronounced in the case.[9] In the course of the trial, the operatives and investigative materials on Pavel Vrublevsky's case were posted to the Internet by unknown persons, including those that were not submitted to the court.[10]

Spy espionage scandal in early 2017

On January 31, 2017, Interfax reported, citing sources, that the head of the 2nd department of the CIS FSB,[11] Sergey Mikhailov, and his deputy senior operative in the planning department of the CIS FSB Dmitry Dokuchaev were arrested and charged for high treason.[12] News of the arrests of head of the computer incident investigation department of Kaspersky Lab Ruslan Stoyanov and Georgy Fomchenkov came later.

The men are accused of sharing information about the cybercriminal operations of Vrublevksy and his company ChronoPay[13] in return for a payment of ten million dollars,[14] the information that was already posted online to be downloaded free of charge. For comparison's sake, the FBI offered just three million US dollars for information leading to the arrest of Russian hacker Evgeniy Bogachev, a man accused of running both major cybercriminal operations and espionage operations on behalf of the Russian state.[15] [16] [17]

Chronology

Aeroflot case

On July 11, 2010, due to the DDoS attack on the servers of the Assist payment system, air ticket reservation on Aeroflot's website was not available for a week.[18] June 24, 2011 Lefortovo Court of Moscow authorized the arrest of Pavel Vrublevsky.[19] The arrest was carried out at the request of the Investigative Directorate of the FSB with the support of the Center of Information Security of the Federal Security Service of the Russian Federation. Vrublevsky returned with his family to Moscow from the Maldives and was arrested at the Sheremetyevo airport. The FSB accused Vrublevsky of ordering a DDOS attack on the site of the competing payment system "Assist".[20] Then the system of sales of electronic tickets of "Aeroflot" was put out of operation, because of what the airline left from "Assist" to "Alfa-bank". Aeroflot also filed a claim for 194 million rubles. to "VTB-24", which through "Assist" provided Aeroflot with payment processing.[21]

For the next six months, Vrublevsky was in the Lefortovo detention center.[22] After being released from custody, Vrublevsky was preparing to sell ChronoPay, the buyer was supposed to be a large state bank. Vrublevsky's lawyer argued that the case was completely fabricated, and demanded that the FSB officers be held accountable.[23] The criminal case was sent for further investigation by a curious circumstance - the investigation of the FSB confused (and the Prosecutor General's Office confirmed this in the indictment) the number of the federal law on which Vrublevsky was involved: instead of 26-FZ (articles 272 illegal access and 273 creation and use of viruses) FZ,[24] the law on ratification of the agreement of the Russian Federation and the countries of Asia on creation of the joint drug center. Subsequently, the prosecution in 273 articles was withdrawn by the Tushinsky District Court in view of the expired statute of limitations.[25]

The reasons and motives for the criminal prosecution of Vrublevsky were actively discussed in the press. Thus, the article by Irek Murtazin in Novaya Gazeta[26] argued that despite the fact that Vrublevsky is pursued by the CIS FSB, he may be an agent or partner of the FSB "Office K" for illegally withdrawing money from the country.

On July 31, 2013, a court session was held on the case of a DDoS attack on the Assist system site, during which Pavel Vrublevsky was recognized by the court as an organizer for an attack on Assist "with the aim of destroying it" and sentenced to 2.5 years in a general regime colony. Igor and Dmitri Artimovich, who were also participating in the case as accomplices, were sentenced to 2.5 years of the colony of the general regime, and Maxim Permyakov received two years probatory sentence "for active repentance and assistance to the investigation".[27] [28] [29]

A few months later, the Moscow City Court mitigated the punishment of Vrublevsky and other defendants for a "colony-settlement".[30] On May 27, 2014, Vrublevsky was released on parole ahead of time from the colony.[31] Russian investigative journalist Irek Murtazin reported that this early release was in return for assistance by Vrublevksy in running a Russian government payments system designed to circumvent attempts by Western states to restrict Russian transactions.[32] Vrublevksy's co-defendant Igor Artimovich, told the New York Times that he was offered a similar deal for a reduced sentence in return for working for the Russian government, but he declined.[33]

Treason Care

In December 2016, officers of the CIS FSB Sergey Mikhailov, Dmitry Dokuchaev, head of the cybercrime investigation department of Kaspersky Lab Ruslan Stoyanov, and Georgy Fomchenkov were arrested for treason.

In January 2017, it became known that the head of the site "Humpty Dumpty", journalist Vladimir Anikeev, also known as the "Anonymous International", who hacked the mail of Russian businessmen and high-ranking officials, was detained shortly before the arrest of FSB officers. In January, Rosbalt told about the circumstances of the capture of Anikeev: the FSB detained him in October 2016, and later, according to his testimony, high-ranking FSB officers Dmitry Dokuchayev and his boss Sergey Mikhailov were arrested. They were accused of state treason and cooperation with the CIA.

In February 2017, Reuters reported that the case of a state treason in the FSB was due to Vrublevsky's testimony from 2010.[34] The New York Times hypothesized that the treason trial was Vrublevsky's revenge for his conviction.

The result of the case was the complete cessation of cooperation between Russia and the US on cybercrime. This was perhaps the goal of the case, according to Russian investigative journalists Andrei Soldatov and Irina Borogan. Zenz spoke about her belief that the case was due at least in part to infighting between Russian security services at BlackHat USA in 2019.

Stoyanov himself released a letter from prison, sharing his belief that he was charged because he opposed efforts by the Russian state to protect cybercriminals in return for cooperation with the state.[35]

In March 2017, the US Department of Justice announces the involvement of Sergei Mikhailov and Dmitry Dokuchaev in the hacking of 500 million Yahoo mail accounts.[36]

On June 12, 2017, a significant part of the documents on the Mikhailov case was sealed with a "secret" stamp, Rosbalt reported, citing an informed source.[37]

Notes and References

  1. News: СМИ рассказали о взломавшем Yahoo по заказу ФСБ "хорошем парне". RBC. 2017-03-16.
  2. News: Арестованных офицеров ФСБ обвинили в сотрудничестве с ЦРУ. Interfax. 2017-01-31. 2017-01-31. ru-RU.
  3. http://graniru.org/Society/Law/m.259040.html СМИ: Четвертый фигурант дела ЦИБ ФСБ — Георгий Фомченков — Grani
  4. News: Poulsen. Kevin. 2019-02-23. Kremlin Accused Her of Being a U.S. Spy. She Offered to Go to Moscow.. en. The Daily Beast. 2021-08-16.
  5. https://www.kommersant.ru/doc/3331632 «Лаборатория Касперского» не ощутила влияния ареста сотрудника на репутацию компании — Kommersant
  6. Book: Soldatov, Andreĭ. The red web : the struggle between Russia's digital dictators and the new online revolutionaries. 2015. I. Borogan. 978-1-61039-573-1. First. New York. 914136614.
  7. Web site: Max. Eddy. 2019-08-09. Russian Intel Agencies Are a Toxic Stew of Competition and Sabotage. 2021-08-16. PCMag UK. en-gb.
  8. News: Kramer. Andrew E.. 2019-02-26. Was Russia Treason Trial About U.S. Election Meddling or a Convict's Revenge?. en-US. The New York Times. 2021-08-16. 0362-4331.
  9. http://biz.cnews.ru/news/top/vladelets_chronopay_poluchil_25_goda Владелец Chronopay получил 2,5 года тюрьмы за Ddos-атаку на «Аэрофлот» — Cnews.ru
  10. http://theins.ru/news/42935 Арестован полковник ФСБ Сергей Михайлов, курировавший сферу интернет-безопасности — The Insider
  11. News: СМИ рассказали о взломавшем Yahoo по заказу ФСБ "хорошем парне". RBC. 2017-03-16.
  12. News: 2017-01-31. Арестованных офицеров ФСБ обвинили в сотрудничестве с ЦРУ. ru-RU. Interfax.ru. 2017-01-31.
  13. Web site: A Shakeup in Russia's Top Cybercrime Unit – Krebs on Security. 2021-08-16. en-US.
  14. Web site: 2018-10-05. Гостайна раскрылась за $10 млн. 2021-08-16. www.kommersant.ru. ru.
  15. Web site: Want a Quick $3 Million? Find This Alleged Russian Cyber Hacker. 2021-08-16. NBC News. en.
  16. Web site: EVGENIY MIKHAILOVICH BOGACHEV. 2021-08-16. Federal Bureau of Investigation. en-us.
  17. News: The Editorial Board. 2021-07-31. Opinion Russia's New Form of Organized Crime Is Menacing the World. en-US. The New York Times. 2021-08-16. 0362-4331.
  18. https://roem.ru/16-07-2010/121214/assist-polomalsya-iz-za-ddos/ Assist поломался из-за DDoS - roem.ru
  19. http://www.gazeta.ru/business/2011/06/25/3675597.shtml Гендиректора Chronopay арестовали по подозрению в организации DDoS-атаки сайта «Аэрофлота» - Gazeta.ru
  20. http://www.forbes.ru/tehno/internet-i-telekommunikatsii/69842-za-chto-arestovali-pavla-vrublevskogo За что арестовали Павла Врублевского | Forbes.ru
  21. http://krebsonsecurity.com/2011/06/financial-mogul-linked-to-ddos-attacks/ Financial Mogul Linked to DDoS Attacks — Krebs on Security
  22. Web site: Врублевский: после выхода из СИЗО я стал гораздо жестче Digit . 2017-10-31 . https://web.archive.org/web/20120626012206/http://www.digit.ru/business/20111229/388426023.html . 2012-06-26 . dead.
  23. http://www.vedomosti.ru/tech/news/1709953/vrublevskogo_vyzvali_v_sud ВЕДОМОСТИ — Дело владельца Chronopay передано в суд
  24. http://roem.ru/2012/06/13/addednews49471/ Прокуратура случайно обвинила Врублевского в контрабанде наркотиков | Roem.ru
  25. http://www.m24.ru/articles/5241 M24.RU — Снята часть обвинений по делу об атаке на сайт «Аэрофлота» — Городской информационный канал — «Москва 24»
  26. http://www.novayagazeta.ru/inquests/55663.html Киберпреступник № 1 Павел Врублевский: Суперагент или жертва ФСБ?
  27. https://www.kommersant.ru/doc/2245151 Павел Врублевский признан виновным по делу о кибератаке на «Аэрофлот» - КоммерсантЪ
  28. http://www.interfax.ru/russia/321159 Павел Врублевский признан виновным по делу о кибератаке на сайт «Аэрофлота» - Interfax.ru
  29. https://www.vedomosti.ru/technology/articles/2013/07/31/osnovatel-chronopay-vrublevskij-osuzhden-na-25-goda-za Основатель Chronopay Врублевский осужден на 2,5 года за хакерскую атаку на сайт «Аэрофлота»
  30. http://tass.ru/proisshestviya/788838/amp Мосгорсуд смягчил приговор организатору Ddos-атаки на сайт «Аэрофлота» в 2010 году - Tass.ru
  31. http://www.the-village.ru/village/business/news/158531-vladeltsa-shronopay-pavla-vrublevskogo-osvobodili-iz-tyurmy Владельца Сhronopay Павла Врублевского освободили из тюрьмы - TheVillage
  32. Web site: Irek. Murtazin. 2014-05-27. Врублевский возвращается в Москву. 2021-08-16. Ирек Муртазин.
  33. News: Kramer. Andrew E.. 2013-09-02. Online Attack Leads to Peek Into Spam Den. en-US. The New York Times. 2021-08-16. 0362-4331.
  34. https://web.archive.org/web/20170228135547/http://ru.reuters.com/article/topNews/idRUKBN1650RW Обвинения в госизмене против российских кибер-экспертов связаны с делом 2010 года — источники - Reuters
  35. Web site: 2017-04-12. Arrested Kaspersky Labs Cybercrimes Chief Says Russia Trades Hackers Immunity for Stolen Info. 2021-08-16. The Moscow Times. en.
  36. https://zona.media/news/2017/15/03/wash Washington Post: США заподозрили арестованного сотрудника ЦИБ ФСБ Докучаева во взломе Yahoo - Mediazona
  37. http://www.rosbalt.ru/moscow/2017/06/12/1622448.html ФСБ засекретила дело «Шалтая-Болтая» — Rosbalt