Rumours swirl of connection to revelations about US election hacking, as state media says Sergei Mikhailov and Dmitry Dokuchayev ‘betrayed their oath’
Two of Moscow’s top cybersecurity officials are facing treason charges for cooperating with the CIA, according to a Russian news report.
The accusations add further intrigue to a mysterious scandal that has had the Moscow rumour mill working in overdrive for the past week, and come not long after US intelligence accused Russia of interfering in the US election and hacking the Democratic party’s servers.
Sergei Mikhailov was deputy head of the FSB security agency’s Centre for Information Security. His arrest was reported in a series of leaks over the past week, along with that of his deputy and several civilians, but Tuesday’s news went much further.
“Sergei Mikhailov and his deputy, Dmitry Dokuchayev, are accused of betraying their oath and working with the CIA,” Interfax said, quoting a source familiar with the investigation.
It is unlikely the news agency would have published the story without official sanction, though this does not necessarily mean the information is true.
The story did not make it clear whether the pair were accused of being CIA agents or merely passing on information through intermediaries.
According to earlier reports in the Russian media, Mikhailov was arrested some time ago, in theatrical fashion, during a plenary session of the top FSB leadership: a bag was placed over his head and he was marched out of the room, accused of treason.
His deputy, Dokuchayev, is believed to be a well-known Russian hacker who went by the nickname Forb, and began working for the FSB some years ago to evade jail for his hacking activities.
Together with the two FSB officers, Ruslan Stoyanov, the head of the computer incidents investigations unit at cybersecurity firm Kaspersky Lab, was also arrested several weeks ago.
Kaspersky confirmed last week that Stoyanov had been arrested and was being held in a Moscow prison, though it said the arrest was not linked to his work for the company. Interfax said four people had been arrested and a further eight were potential witnesses in the case.
It is believed that Dokuchayev and Mikhailov face treason charges, which carry a penalty of up to 20 years in prison. The treason charge means any trial will be held in secret.
The arrests and the treason charge, so soon after US intelligence accused Russia of interfering in the US election process and hacking the Democratic party servers, have led to inevitable questions about whether the arrests are linked to the US election story.
Over the weekend the New York Times cited one former and one current US official as saying human intelligence had played a major role in helping US authorities determine that Russia was behind the hacking. The publicly released version of the official report was largely free of real evidence to back up its conclusions, though if Russian sources were involved, it is understandable this would not be made public.
While the information on the arrests has come in difficult-to-decipher chunks, it has been clear that something very strange has been going on inside the FSB. In a city where leaks on such sensitive cases are rare, several Russian outlets have been furnished with varying versions of the story by insider sources, suggesting either a carefully calibrated attempt to get information out, or factions struggling to spin the story in various ways.
The majority of leaks suggest the arrests are linked to Shaltai-Boltai, a group of hackers who had become notorious for leaking the emails of Kremlin officials online. A former journalist, Vladimir Anikeev, believed to be the ringleader of the group, is also among those arrested, according to reports.
In summer 2014 a representative of Shaltai-Boltai met the Guardian in a city outside Russia, on the understanding that neither the location nor the appearance of the man would be described in print.
The interview was set at a little-used boat club on the outskirts of a European capital. The man, who wore a floral shirt, sailed a boat into the middle of the river and spoke only when he had turned on loud music in the cabin to prevent anyone from listening in.
The man, who introduced himself only as Shaltai, said the group was made up of hackers, and possibly disgruntled officials, and had a large archive of unused material it may choose to release in future. He claimed the group possessed everything ranging from records of every meal Vladimir Putin had eaten for the past several years to thousands of emails sent by the president’s inner circle.
As evidence, he produced a laptop and opened what looked at first glance like the full email archive for a leading Kremlin official. He suggested the group would be willing to provide information to clients who could pay.
The alleged role of Mikhailov in the Shaltai-Boltai scheme is murky. Another intelligence source described the alleged scheme to Interfax as follows: “Each of those involved did their own work. Some people developed and carried out cyberattacks, while others worked with foreign intelligence. These things went in parallel, but did not really overlap.”
Some believe Shaltai-Boltai could have been involved in passing information to western intelligence, while others suggest the appearance of the group in the case is a red herring to distract attention from the real election-hacking story.
“To me, these leaks about Shaltai-Boltai suggest a hastily made cover-up,” said Andrei Soldatov, co-author of a recent book on the Russian internet and cybersecurity. “Mikhailov and Stoyanov were real experts in one thing, the Russian digital underground, not the kind of stuff that Shaltai-Boltai leaked. So if there is anything real about the treason charges, the kind of information they could pass on would be about this, perhaps about informal actors in the DNC hacking scheme.”
On Tuesday, Life, an online news portal with close links to the security services, reported that FSB agents had searched Mikhailov’s home and dacha and found more than $12m (£10m) in cash stashed in various hiding places.
Find out how to protect yourself and business from cyber security attacks at: http://cyber.aspida.org