It’s an espionage case. It’s a byzantine struggle among clans inside Moscow’s security services. It’s a window into Russian cyberattacks on the United States. It’s a glimpse at how officials monetize their positions and run protection rackets.
It’s all of the above. It’s some of the above. Or it’s none of the above.
In many ways, reports about the arrest of two FSB officers, a cybersecurity expert, and the founder of a notorious hacking group offer up a classic Russian tale replete with multiple layers of subterfuge, deception, diversion, and embedded meaning.
It’s a tale told through leaks, rumors, innuendo, and speculation — albeit without the benefit of many officially verified facts.
At the simplest level, two FSB officers working in cyberdefense, Sergei Mikhailov and Dmitry Dokuchaev, as well as Ruslan Stoyanov, a former Interior Ministry official who works for the cyber security company Kaspersky Lab, are reportedly being charged with espionage.
According to Russian media reports, Mikhailov is suspected of alerting U.S. intelligence to the FSB’s connection to a Russian server-rental company called King Servers.
Last year, the U.S.-based cybersecurity firm ThreatConnect had identified King Servers as the nexus for hacking attacks against the United States.
If U.S. intelligence did indeed have a highly placed source like Mikhailov, it would explain why it was able to conclude with such a high degree of confidence that Russia was behind the cyberattacks during the election campaign.
The timing of the arrests and the timing of the decision by former U.S. president Barack Obama to declassify and make public parts of the U.S. intelligence report on the alleged Russian hacking also makes sense.
Mikhailov was arrested in December. And the U.S. released the intelligence report a month later, in January.
If Mikhailov was indeed a source, then Washington would have been reluctant to declassify its intelligence for fear of compromising him.
After he was arrested, this, of course, would no longer be an issue.
So far, so straightforward. Until it isn’t.
Leaks to the Russian media have also connected Mikhailov and his subordinate Dokuchaev to a hacker group known as Shaltai Boltai, or Humpty Dumpty, which in the past has released embarrassing material about top Russian officials.
Vladimir Anikeev, the founder of Shaltai Boltai, has also been arrested, but is not being charged with espionage.
Moreover, Russian media reports claim that Dokuchaev is actually a former hacker known as Forb, who was serving a prison sentence for credit card theft when he was recruited by the FSB where he held the rank of major.
As Leonid Bershidsky notes in his column for Bloomberg, “parallel to their official duties, officers often run private security operations involving blackmail and protection. If Mikhailov ran such a business out of the FSB’s Information Security Center, he wouldn’t stand out among his colleagues.”
And it’s also not unusual for the FSB to recruit former hackers. In fact, it’s pretty much standard practice.
This is where the story diverts into the murky world of FSB officers and their civilian collaborators monetizing their positions and forming protection rackets.
“An FSB officer, recruited from the hacking community, can use his rank and position to obtain compromising material and sell it to wealthy clients. A team profiting from these opportunities can include both officers and civilians,” Bershidsky writes.
“The Russian government can hire such a team through intermediaries if it needs something sensitive done — but so can foreign intelligence services. It’s a murky world in which actors are both predator and prey. The Kremlin enjoys access to brilliant and unscrupulous people; the downside, of course, is that they may be hard to control.”
If you follow this line of logic, then it’s easy to imagine that Mikhailov and Dokuchaev inadvertently or unwittingly sold information exposing King Server’s FSB connections to a front for U.S. intelligence.
But the fact of the matter is we simply don’t know.
And if things aren’t confusing enough yet, there is also the matter of the bitter personal and clan rivalries in the shadow world of the Russian security services.
In a recent post on his blog KrebsOnSecurity, Brian Krebs, author of the book Spam Nation: The Inside Story Of Organized Cybercrime, suggested the whole affair might be traced to a personal rivalry between Mikhailov and Pavel Vrublevsky, an Internet businessman whose partner owns King Servers.
Mark Galeotti, an expert on Russia’s security services and a senior research fellow at the Institute of International Relations in Prague, notes that the FSB’s Information Security Center, which Mikhailov headed and where Dokuchaev was his subordinate, has emerged as “a pivotal agency” and “a source of power.”
And this makes it a prime arena for fierce rivalries and power plays.
“This is probably an intelligence leak that is being cleared up. But the question is: why now? And I wonder if domestic politics explains the leaking of the information now. It could be a rebuke to the FSB for having messed up,” Galeotti said on last week’s Power Vertical Podcast.
The views expressed in this blog post do not necessarily reflect the views of RFE/RL.