Truly a series of high-profile arrests in the country continues. And this time it touched the cyber hackers, working in conjunction with the FSB very high-ranking employees of special services.
Currently under arrest are 6 people associated with the group “Anonymous international”, or as they still called himself, “Humpty Dumpty”. Today, famous names of four of them is the immediate head of the “Humpty” Vladimir Anikeyev, better known as “Lewis”, the head of the Department of investigation of computer incidents “Kaspersky Lab” Ruslan Stoyanov, head of the 2nd operational management information security Center (Tsib) of the FSB Sergei Mikhailov and his “right hand” Dmitry Dokuchaev. Anikeeva and Stoyanov charged with article 272 of the criminal code (“illegal access to computer information”), and Mikhailov and Dokuchaev charged under article 275 of the criminal code (“treason”), the maximum period for which – up to 20 years in prison. In the case as suspects are still at least 10 people. Affected by the actions of a group of hackers can be considered up to 30 famous Russian public figures. According to recent reports, some detainees, including Mikhailov, gave a confession.They are not recognized in treason, but do not deny the fact of transmission of certain information to third parties.
It is difficult to overestimate the importance of controlling the information space in the country, and even on the eve of the presidential campaign. Therefore, according to their status and level of influence these people are, perhaps, the status was not below the speaker.
The “gray cardinal” of Russian Internet
For the first time Sergey Mikhailov “lit up” in the media back in 2011, when about fellowship with him said the founder of the site Roem.ru specializing in market Internet companies and social networks Yuri synods. Employee of CDC FSB turned to the journalist with a request to disclose one of the authors who wrote about the internal conflict in the “Classmates”. Soon’ email@example.com he came up with the coat of arms of the FSB, signed by the head of one of the divisions of CDC Sergei Mikhailov.
While synods noted that Mikhailov learned even before the first “request” from the operational management of CDC FSB he received in 2007. She touched one of the authors of the site Roem.ru. “I received a request to reveal the “user registration data “Alter Ego”. Taking in hand an official paper signed by the Director of CDC Sergei Mikhailov and seal “VCH 64829. For packages XXIV” (military unit No. 64829 just apply CDC FSB − approx.ed.), I talked a bit with the operative at the Lubyanka, explaining to him that Alter Ego is a certain analogue of the guest log and that log authors interesting review I have, after which we parted”, −wrote Synods.
In 2011, the synods decided so simply not to surrender and appealed to Management of own safety of FSB with the request to check whether such attention to the authors of his site legal. In response, the Deputy Operational management of CDC A. Lyutikova stated that the request is legitimate and is for reference only. The same question asked synods and the Prosecutor’s office. The response was completely unexpected: the audit found a violation of the law “On operative-investigative activity” by employees of the CDC, and the CDC has already stated about the inadmissibility of violation of the law.
After that synods in good conscience put her correspondence with the FSB and the Prosecutor General’s office public access.
What FSB could interest a conflict within a commercial company − hard to say. According to Sinodov, this can only be explained by the fact that the officers likely completed corporate order, figuring out channels of information leakage from “Classmates” in the media.
In 2013, the Mikhailov’s name resurfaced in the press in connection with the case of the company of Chronopay owner Paul Wroblewski, according to which Mikhailov was held as a witness. Of Vrublevsky was accused of organizing in the 2010 DDoS attacks on the payment system “assist”, where during the week it was impossible to buy tickets on the website of “Aeroflot”. Actually, the crime and revealed the Department Mikhailov. The FSB and the head of Chronopay, in recognition of the Mikhailov, were intimately acquainted both personally and professionally.Later, Wroblewski called Mikhailova person who “largely informal, determines the policy of the entire industry of cyber security and Internet Commerce”.
Note that this man was, so to speak, “not a stranger”. On the channels we learned that Mikhailov had razdelyat domain cimerussia.ru i.e. not just block access to the site, as it does Roskomnadzor (and whose decision can be appealed in court), but simply to deprive us of the domain name in a zone “RU”.
Now it turns out that Mikhailov was in charge of “Humpty-Baltay” from the FSB.
The adventures of “Humpty Dumpty” in Wonderland
The immediate supervisor of “Humpty Dumpty” was a Vladimir Anikeev, nicknamed “Lewis”. When last week the information appeared about his arrest, reporters immediately rushed to contact the representatives of “Humpty Dumpty” − then no one knew that “Lewis” is already almost 3 months in detention. He was detained first at the end of October (according to some − in early November), lured from Kiev to Saint Petersburg under the pretext of handing over large sums of money for the order. He immediately agreed to cooperate with the Department of own safety of the FSB, which leads the case.Soon followed by others of the arrest. In December, right at the meeting of the Board of the FSB were indicative of delayed Mikhailov – he put down the bag and quickly left the room.
About the Anikeeva is little known – was born in Makhachkala. In his rare interviews he said that in 90-e worked in St. Petersburg as a journalist. However, now nobody can name a single publication in which he worked. However, its current name may not be present. Anikeev you can also transcribe as AnyKey-EV – ie “anycast” − the playful name of a man, by the nature of the profession connected with computers.In the 2000s, he engaged in what then turned into “Humpty Dumpty” − with the help of another programmer hacked e-mails to various officials and businessmen, and then blackmailed them with incriminating evidence was found. In one place did not stay long. Of the currently known locations it is possible to allocate Moscow, St. Petersburg, Kiev and Bangkok. Ex-wife – Zinaida Anikeeva, fitness instructor, lives in Kiev.
A new level of grouping came out in late 2013, when a few hours before the New year, hackers had published the text of a congratulation of the President of Russia Vladimir Putin. At the same time they first became interested in special services.
Later free began to appear in correspondence of high-ranking officials. Often laid out only some of the letters, and the rest were put up for sale. The “Lewis” in 2015, in an interview said that his team has been collecting information and selling it to interested parties. They have positioned himself more altruistic. In particular, the representatives of “Anonymous international” has declared to journalists that want to “change the world for the better, at least for greater freedom and awareness”.
In 2014, hackers more nagleli “merging” in a network of various documents, mainly concerning the situation in Ukraine. Soon, however, “Humpty” switched to other types of materials, in particular, have posted information about real estate many officials, including the Deputy head of the presidential Administration Vyacheslav Volodin. Then “altaitsy” doing a little hooliganism – the hacking of the Twitter account of Dmitry Medvedev and publication on behalf of the Prime Minister several tweets criticizing the current policy of the state.
In an interview, “Lewis” gave in 2014, he appreciates the opportunities his group, believing that the information at their disposal, could “seriously change the situation in the political landscape.” However, he disparagingly mentions hunting for the hackers of the FSB, FSO, the Ministry of defense, claiming that “all is impossible to calculate,” and “critical” access have several people, some of whom live outside Russia. However, as it turns out, three years later, is not necessary to calculate all to stop the operation of the resource.
In three years of active activities of hackers was noted by a number of high-profile hacks. “Lewis” said that in addition to basic hacking Medvedev’s Twitter was discovered and another Twitter account of the Prime Minister, so to speak, for personal usage through which he reads the blogs Bulk, Kashin and Khodorkovsky. In addition, as argued by “Lewis”, the Prime Minister loved to shop in foreign online stores.
Other well-known “sink” hackers have become the materials of members of the movement “Nashi”. “Drain” contained a photograph of the former press-the Secretary of movement Christina Potupchik with a bag full of cash. As told in an interview with the Insider, the representative of “Anonymous international”, the money in the bag (and got Potupchik “five or ten millions”) was intended for payment to a Pro-government bloggers and organizers of the shares.
Later “international” was published and the correspondence of the ex-head of “Our”, now the Deputy chief of Management on internal policy of presidential administration Timur Prokopenko. Of materials meant that it was he coordinates the work of major Russian propagandists – starting with Vladimir Solovyov and Sergei Dorenko and ending with Aram Gabrelyanov.
He Gabrelyanov has also been the subject of interest of hackers – scale “drain” the contents of his mailbox and phone has been broken into several pieces and there was a huge amount of correspondence with various famous people, including the then press Secretary of the Investigative Committee Vladimir Markin, adviser to the Minister of defence Tatyana Zavyalova, lawyer Anatoly Kucherena, Deputy head of the presidential administration Alexei Gromov, head of the holding “Russia today” Dmitry Kiselev and others. Of the posted documents can be found on the financial difficulties of fixed assets Gabrelyanov.
Despite the losses, the company Gabrelyanov not discouraged, and discusses the recent purchase of a fine watch brand RICHARD MILLE (discussing prices are in thousands of dollars).
Went to another prominent media figure, Dmitry Kiselyov. Extracts from his correspondence showed that the host had purchased an apartment in Moscow with an area of 204 square meters, which cost him 162 million rubles. Also in it was an American boat at the price of 49 thousand dollars. From the correspondence it becomes clear that Kiselev extremely concerned about getting hit by sanctions, it tries through Western lawyers to reverse them in relation to themselves. Data Whatsapp messenger has been found pictures of the head of the MIA “Russia today” with his wife during trips to Syria.Mail of the spouse of the TV presenter has also been found in the hands of hackers – it became known that Maria Kiseleva was planning to buy ready-graduate work and scientific articles on psychiatry.
In the open access the hackers leaked only a small part of the available, and the rest was put up for auction. For example, the original price “Kiselevsky” array displacement of about 11 GB was 33 bitcoin (virtual currency exchange rate: 1 BTC = 55.5 thousand rubles). Note that this lot was later sold and the new information about the life of TV presenter no longer appear.
A separate unit theft on the activities of Pro-Russian forces in Ukraine, we are talking about the structure of the MGB of the DNI and the odious field commander Igor Strelkov-Girkin. However, if the data on MGB DNR reveal the ins and outs of the new government in Donetsk, which had no qualms about kidnapping, forcible seizure and sale of seats in government bodies, “sink” mail strelkov confirms the official information that he was “really who he claimed to be − a retired Russian officer, acting in the power of belief”.
In April 2015, “salty” gained access to emails of the head of Roskomnadzor Alexander Zharov. The hackers noted with regret that the head of the profile Committee uses work email for personal questions. His correspondence shows that he was closely associated with the Advisor of the General Director of “echo of Moscow” Mikhail Demin, with whom he discussed commercials of opposition politicians Boris Nemtsov and Mikhail Kasyanov, as well as the internal Affairs of the radio station.
“Humpty Dumpty” was also able to open the mail of employees of the company “Concord”, owned by Eugene Prigogine. He also attributed the “factory Olga trolls” − a company engaged in placement of paid reviews in social networks.In the published materials have been reports of waiters with large state banquets – they reported Prigogine about the events and stories of a businessman about how he used personal contacts with high-ranking officials (in particular, with the then defence Minister Anatoly Serdyukov) to get lucrative contracts to supply food to the Russian army.
However, the means of obtaining the necessary information, marked “Lewis”, looked quite exotic. For example, one member of the group – a kind of Alice, he said, was a “field officer”. She walked to a cafe located near the building of the presidential Administration, and tried to spy what it is, there sahajwala members of the administration are gaining on their computers. After the arrest Anikeeva media presented him as outgoing, able to gain the trust and obtain the necessary information, for example, the secretaries of officials.
Experts who spoke with journalists, to this method of production passwords were skeptical. Hardly the “field workers” could therefore reach the environment of the same Medvedev. But the relationship Anikeeva with the FSB much better explains how “Humpty” there was information about such persons.
In this respect, it is noteworthy that the founder of the “Humpty” and two of the FSB-schnick took the top Manager of “Kaspersky Lab” Ruslan Stoyanov. In the company he also headed the Department of investigation of computer incidents. It is known that till 2006 he served in the office of the special technical activities of the Moscow police (“K”). Another interesting point − from 2006 to 2010, Stoyanov worked in company “RTKOMM.RU”, which provided communications services, CDC FSB.
Note that the founder and CEO Eugene Kaspersky had previously accused of having links with the FSB. In particular, this was stated in 2015 Bloomberg, citing anonymous sources who worked in the firm at different times. According to the publication, earlier the virus worked in the KGB. He is nothide that he graduated from the Institute of cryptography, telecommunications and Informatics (ICSI) is now a structural unit of the Academy of the FSB of Russia. However, during his training there from 1982 to 1987 − it was the 4th (technical) Department of Higher school of the KGB of the USSR. Now he goes regularly with employees of the Russian special services in the bath to, in his words, to communicate with friends.
So one of the ways information is probably feasible technical and intellectual assistance of a company engaged in the development of anti-virus, and that means knowing and then act like viruses.
The second method is directly linked with the FSB’s SORM (system of technical means to ensure the functions of operative-investigative measures). With the help of her intelligence services can get access to everything passing through the Internet traffic. Mikhailov for his service definitely had access to it. The only problem of – too big flow of information yet to be processed. But it was need guys like “Humpty”.
Your contribution in the “General” case of the FSB and “Humpty” was provided by another detainee FSB − senior investigator of the Second Department of Operational management of CDC FSB major Dmitry Dokuchaev. It is known that the service he got in 2006 after “famous” in IT circles, the hacking of several major sites, including government sites USA.
In 2004, as a fourth-year student of one of technical universities of Ekaterinburg, Dokuchaev gaveinterview the newspaper “Vedomosti”, where he told me that he hacks websites to order, and hinted that it may be related to the theft of money from credit cards. At the same time under the name Forb he led the rubric of “Hacking” in the magazine “Hacker”. In this lesson he left and later, as a member of the FSB.
First about the relationship of the head of the 2nd operational management of CDC FSB Mikhailov with “Humpty” reported the website of the “Constantinople”, owned by businessman, or as it is called, “Orthodox businessman” Konstantin Malofeev.
In 2005 he founded the investment Fund Marshall Capital Partners. In 2009, he was elected to the Board of Directors of Svyazinvest, but the following year left the post. Initiated the creation in 2011 of the “League of safe Internet” − the government organization created for the purpose of censoring information on the Internet. The organization consistently lobbying for various laws to restrict access to information on the Internet – in particular, the creation of “white” and “black” list of sites. With the filing of the “League” came the Unified register of banned sites.
On the seriousness of the organization can speak of the fact that its the Board includes supervisor Mikhailov – head of CDC FSB Andrey Gerasimov. Now he is predicting a quick dismissal in these circumstances.
As told by a former employee of Marshall Capital Partners, “League” could be the order from the friendly Malofeev officials on the creation of the Internet regulation in the case of aggravation of the political situation in the country. The actions of the “League” can be traced purely financial interests Malofeyev – the organization’s plans was to divide the providers in the “white” (agree to distribute only approved by the “League” of the content) and “black”, whose services would have cost “much cheaper”.At the same time, PR-Manager Victor mikaelson, which was a proposal to conduct the project, believes that “League” was conceived as a PR stunt to divert attention from the scandals associated with Malofeev. And they have the “mastermind” of the businessman was much.
In 2012, the founder of social network “Vkontakte” Pavel Durov accused Malofeyev in the organization of an information attack on his company in order to force Durov and his partners to sell their shares.
At the end of 2012 − early 2013, the police conducted searches in the house office Malofeyev and Marshall Capital Partners in connection with brought the Investigative Department of the Ministry of internal Affairs criminal case under article 159 part 4 (fraud) the theft of the Bank VTB more than 200 million dollars.
VTB accused Malofeyev that he did not return the credit granted to “Rap” for the purchase in 2007 of the company “Nutritek” (the largest shareholder at the time was Marshall). Held in London, the court ruled in favor of the businessman. Later, the parties entered into a settlement agreement.
During the stay of Igor Shchegolev, Minister of communications of the company Marshall Capital Partners was able to obtain 10% of state shares of “Rostelecom”. Later the General Director of “Svyazinvest” Evgeny Yurchenko accused Malofeyev in raiding. 300 million dollars received “Gazprombank” from “Rostelecom” for the bill, were purchased the shares of “Rostelecom”, which were later transferred to owned by Malofeev of Marshall Capital Partners. While the shares of “Rostelecom” were purchased, most likely in a time when the value of securities has reached the “bottom”.Thus, at public expense, the businessman became the owner of shares worth nearly $ 1.3 billion (about 10% based on market capitalization) of the state “Rostelecom”. For this reason Yurchenko wrote an open letter to the Minister of communications Shchegolev, but no reply received. In protest Yurchenko left his post of head of Svyazinvest, but the situation is not changed. Later, the media wrote that furthermore he was the chief patron Malofeeva in government and his close friend.
In 2014 after the outbreak of the armed conflict in Eastern Ukraine, Malofeev is called the conductor of the Kremlin’s policy. The Prime Minister of DNR may 16, was assigned to Alexander Borodai, former consultant head of Marshall Capital. And the Minister of defence of the DNI was his security chief Igor Strelkov (Girkin).
Perhaps in that period, Malofeev and friends with Vladislav Surkov, the former zamglavy the administration of the President, and now his assistant and unofficial curator of the policy of Russia towards CIS countries, particularly Ukraine. At least, that Surkov came up for approval the lists of candidates for various positions in the unrecognized republics – this became known from the opened mail.
This the last of the major “sinks” of the team may have played for them a fatal role. In addition to the already known to us detention, you should pay attention to the dismissal of the chief of staff Surkov Alexander Pavlov, which also occurred in December 2016.
Oddly enough, but the contents of the box Surkov appeared in Ukraine. And the responsibility for the hacking took the group “Cyberhunt” acting against “Russian aggression”. Ukrainian hackers as evidence posted scans of passports Surkov, his wife and children. In the “leak” appeared thousands of letters and documents on operations in the South-East of Ukraine, as well as “Plan of priority measures to destabilize the situation in Ukraine, “the Rod”.Nobody really believes (nor in Ukraine nor in Russia) that the “drain” was organized by Ukrainian hackers, because they did not publish anything even remotely similar in scale. Therefore, if we assume that this drain also involved in “Humpty Dumpty”, it’s more like a serious political game, rather than the usual making money.
After analyzing the situation, we offer our vision of what is happening. The group’s activities from the very beginning caused discontent among certain government circles, however, there are no serious consequences for hackers was not. This suggests that either they his revelations did not touch any of the “big people”, or had a serious “roof” in the form of employees of power structures.However, according to sources of “Rosbalt”, in the summer of 2016 “Anonymous international” still catches the main “Cyberport” Russia Mikhailov, after which he personally deals with “Lewis”, takes the group under his wing and begins to use it in personal interests.
However, after the publication of the letters Surkov for “Humpty Dumpty” may have taken another group of security forces. The development group started with “Lewis” says that investigators knew the man what level oversees the group, and understood that any member of “Anonymous international” arrested in Moscow, will be immediately released by order of Mikhailov. Therefore, the FSB lured Anikeeva, as the most vulnerable member of the group, as it was in Kiev and was allegedly the one who gave the information received from the “Humpty Dumpty”, “Cyberhunt”.In the hands of the KGB, independent Mikhailov, Anikeev passed all members of the group, including their Mikhailov, who oversaw and supplied information Dokuchaev. Now by hackers to threatens only part 3 of article 272 of the criminal code (“illegal access to computer information, committed by an organized group”) which provides till 5 years of imprisonment, while Mikhailov and Dokuchaev charged with article 275 of the criminal code (“treason”), the maximum period for which – up to 20 years in prison.Thus, it could be a signal to all senior security officials who felt lately permissiveness.
The CIA – FSB: “internetmost” established
Meanwhile, in the West spins another version that tries to explain where in the article about treason. The more “Interfax” with reference to its sources said that Mikhailov and his Deputy Dokuchaev accused of violating the oath, began to cooperate with the CIA. About the suspicious behavior of the employee of the Russian special serviceswrites and well-known American journalist specializing in news about cybercrime − Brian Krebs. According to him, about the machinations Mikhailov Stoyanov and he knew 5 years ago. Stoyanov to employment in the “Kaspersky Lab” was the owner of the company “Indrik” and specialized on DDoS attacks and protection from them. “Indrik” and Stoyanov personally had close contact with Kimberly of Zinc − known analyst on cybercrime, working on the “Russian front” in the company iDefence. This company belongs to the infamous Verisign actively cooperating with us intelligence agencies.In turn, the journalist of “Novaya Gazeta” Irek Murtazin noted that the partner Stoyanova in “Indrik” and his close friend Dmitry Levashov was the civil husband of Kimberly Zenz. And it is through Levashova and Stoyanov of Zinc could receive information first from Mikhailov, and then from Dokuchaeva, with whom she was acquainted Stoyanov.
It Sent in 2007 first told about the so-called “Russian cybermafia”, provoking the interest of the Western press to the St. Petersburg hosting company Russian Business Network (RBN), which was accused of promoting the phishers, spammers and other cybercriminals. As an example cited the fact that through phishing sites, placed it on the RBN hosting, had stolen about $ 150 million. On the other hand, with the same success can be accused of and Google that through its mail – gmail − fraudsters send out their phishing emails.
However, once this information was published in the Washington Post RBN ceased its operation. And “closed” company Mikhailov.
Another informant Sent was a man of Dmitry Alperovich, who left Russia in the mid-2000s and settled in the United States, where he worked as technical Director for CrowdStrike. His name came up in connection with the recent attacks on the servers of the US Democratic party and the kidnapping of confidential documents, among which was allegedly and dossiers on the President of Donald trump. Even in the midst of election campaign in September 2016 it is the first Alperovich said that it is the handiwork of Russian hackers associated with the secret services.Sources of “Novaya Gazeta” confident in assuming that officers of CDC FSB Mikhailov and Dokuchaev had contact not only with Zinc, but with Alperovich.
However, the version about communication of “Anonymous international” and its parent Mikhailov with the Americans is in serious doubt. First of all, assume that Mikhailov had indeed supplied the American “bezopasnik” Crabs secret information. Why, then Crabs when the first problems here is losing your high-ranking source? In his interests, on the contrary, in every possible way to shield Mikhailov to the security officer continued to deliver unique information? Instead of Krebs reveals the secret details of a career, Mikhailov Stoyanov.In addition, any special hints on the relationship of Krebs and Mikhailov in the original article was found. The author of the article in “Novaya Gazeta” begins with thoughts about the fact that now intelligence agencies are trying to “shift the focus: get them to not discuss the “spy” scandal and the “hacker””. However, there is the opposite point of view, that intelligence is advantageous to expose the story of the “Humpty” as a case of international espionage scandal, not as an internal struggle of clans FSB.United States this option is also satisfied, as they can through this make hacker a story about the opening of the computers in the headquarters of the Democrats, and the influence of a mysterious “Russian hackers” on elections in the United States. Already published us intelligence “evidence” of the involvement of the Russians to trump the elections for President of the US does not stand up to scrutiny, but here in Russia hacking scandal erupted, why not use this theme for their own purposes?
But even if this version is confirmed, then you can definitely say that “the work of the CIA” Mikhailov and protection of Russian hackers, making hacking into the email, nothing to do. This is also the source, “Interfax” − “themes of hacking and betrayal are superimposed on each other in the case, but do not intersect”. The whole group, according to him, were connected by the fact that they knew each other and had to do IT-technologies and information security.
“Only in the case arrested four people, and as partners appears to eight people. The prosecution presented only four, the rest can get away with a status of witness,” − said the source Agency.
The story of the “Humpty”, it seems, reached the international level – the home of the only cheating on the other. And recent changes in world politics may play a role. However, it seems that this is only the beginning, ahead of us a lot of interesting details, and arrested the head of CDC FSB Sergey Mikhailov is not the most important link in the chain.