Russia Biggest Cybersecurity Firm Head Arrested For Treason

Moderators: DrVolin, Elvis, Jeff

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

Postby seemslikeadream » Tue Jul 11, 2017 10:38 am


Trump administration considering government-wide ban on popular Russian software

WATCHOfficials fear Russia could try to target US through Kaspersky Lab software

The Trump administration is on the verge of deciding whether to block all federal agencies from using products developed by a popular Russian cyber-security firm, which is under increasing scrutiny for alleged ties to Russian intelligence services, government sources familiar with the matter told ABC News.

A final decision could be made in the coming days over whether to strip the Moscow-based firm, Kaspersky Lab, from the General Services Administration's (GSA) list of outside vendors whose products are approved for use by government agencies, the sources said.

"That's a big move and is going to have some legal implications," one senior U.S. intelligence official told ABC News.

Removing Kaspersky Lab from the list -- known as the "GSA Schedule" -- would likely only impact future contracts, ABC News was told.

If the Trump administration does move to block government agencies from using the company's products, it would mark the most significant and far-reaching response yet to concerns among current U.S. officials that Russian intelligence services could try to exploit Kaspersky Lab's anti-virus software to steal and manipulate users' files, read private emails or attack critical infrastructure in the United States.

Classified Senate briefing expands to include Russian cyber firm under FBI scrutiny
Senate effort to ban Russian software on US military systems would have far-reaching impact, sources say
For weeks, the White House, Department of Homeland Security, GSA and other federal agencies have been conducting an "interagency review" of the matter, sources said.

The company has repeatedly insisted it poses no threat to U.S. customers and would never allow itself to be used as a tool of the Russian government.

Kaspersky Lab's CEO, Eugene Kaspersky, recently said any concerns about his company are based in "ungrounded speculation and all sorts of other made-up things," adding that he and his company "have no ties to any government, and we have never helped, nor will help, any government in the world with their cyber-espionage efforts."

Nevertheless, the FBI has been pressing ahead with a long-running counterintelligence probe of the company, and in June FBI agents interviewed about a dozen U.S.-based Kaspersky Lab employees at their homes, ABC News was told.

In addition, as ABC News reported in May, the Department of Homeland Security in February issued a secret report on the matter to other government agencies. And three months ago, the Senate Intelligence Committee sent a secret memorandum to Director of National Intelligence Dan Coats and Attorney General Jeff Sessions demanding that the Trump administration address "this important national security issue."

Despite all the private expressions of concern, the issue was first brought into public view by key members of the Senate Intelligence Committee, who began asking questions about Kaspersky Lab during recent hearings covering global threats to U.S. national security.

Lawmakers and other U.S. officials point to Kaspersky Lab executives with previous ties to Russian intelligence and military agencies as reason for concern.

Three weeks ago, Sen. Jeanne Shaheen, D-N.H., took legislative steps to ban the U.S. military from using Kaspersky Lab products.

There is "a consensus in Congress and among administration officials that Kaspersky Lab cannot be trusted to protect critical infrastructure," Jeanne Shaheen, a New Hampshire Democrat and key member of the Senate Armed Services Committee, said in a statement after introducing an amendment to a Pentagon spending bill.

Eugene Kaspersky called Shaheen’s move "an extreme new measure."

"Kaspersky Lab is facing one of the most serious challenges to its business yet, given that members of the U.S. government wrongly believe the company or I or both are somehow tied to the Russian government," he recently wrote on his blog. "Basically, it seems that because I'm a self-made entrepreneur who, due to my age and nationality, inevitably was educated during the Soviet era in Russia, they mistakenly conclude my company and I must be bosom buddies with the Russian intelligence agencies. ... Yes it is that absurdly ridiculous."

U.S. officials have yet to publicly present any evidence indicating concerning links between Kaspersky Lab employees and elements of the Russian government.

But one senior U.S. intelligence official said the fact that the U.S. government is considering the drastic step of removing Kaspersky Lab from the GSA's list of approved vendors shows that such concerns are "non-trivial."

A company lands on the list after hammering out deals with the GSA, which uses "the government's buying power to negotiate discounted pricing," according to the GSA.

Hundreds of "federal customers," and in some cases state and local governments, can then purchase the company's products without having to each negotiate their own prices, the GSA said in a 2015 brochure about its operations.

"The buying process is simplified because GSA has completed the bulk of the procurement process on behalf of government buyers," the brochure noted.

As of a few years ago, the information technology portion of the GSA Schedule accounted for more than $14 billion of the federal budget, the brochure said.

An ABC News investigation earlier this year found that -- largely through outside vendors -- Kaspersky Lab software has been procured by many federal agencies, including the U.S. Bureau of Prisons and some segments of the Defense Department.

Kaspersky Lab products are also used in countless American homes, and in state and local agencies across the country.

"[W]e've offered the U.S. government any assistance it might need to help clarify the ongoing confusion regarding the falsely perceived threat they wrongly believe our products and technologies pose," Eugene Kaspersky wrote on his blog. "We're even willing to meet with any of them and give them our source code to thoroughly review it, as we’ve got nothing to hide. We want the government, our users and the public to fully understand that having Russian roots does not make us guilty." ... d=48559277

Kaspersky Lab Has Been Working With Russian Intelligence
Emails show the software-security maker developed products for the FSB and accompanied agents on raids.
By Jordan Robertson and Michael Riley
July 11, 2017, 4:00 AM CDT
Russian cybersecurity company Kaspersky Lab boasts 400 million users worldwide. As many as 200 million may not know it. The huge reach of Kaspersky’s technology is partly the result of licensing agreements that allow customers to quietly embed the software in everything from firewalls to sensitive telecommunications equipment—none of which carry the Kaspersky name.

That success is starting to worry U.S. national security officials concerned about the company’s links to the Russian government. In early May six U.S. intelligence and law enforcement agency chiefs were asked in an open Senate hearing whether they’d let their networks use Kaspersky software, often found on Best Buy shelves. The answer was a unanimous and resounding no. The question, from Florida Republican Marco Rubio, came out of nowhere, often a sign a senator is trying to indirectly draw attention to something learned in classified briefings.
Eugene Kaspersky took to Reddit to respond. Claims about Kaspersky Lab’s ties to the Kremlin are “unfounded conspiracy theories” and “total BS,” the company’s boisterous, barrel-chested chief executive officer wrote. While the U.S. government hasn’t disclosed any evidence of the ties, internal company emails obtained by Bloomberg Businessweek show that Kaspersky Lab has maintained a much closer working relationship with Russia’s main intelligence agency, the FSB, than it has publicly admitted. It has developed security technology at the spy agency’s behest and worked on joint projects the CEO knew would be embarrassing if made public.

Most major cybersecurity companies maintain close ties to home governments, but the emails are at odds with Kaspersky Lab’s carefully controlled image of being free from Moscow’s influence. Kaspersky’s work with Russian intelligence could scare off business in Western Europe and the U.S., where Russian cyber operations have grown increasingly aggressive, including attempts to influence elections. Western Europe and the U.S. accounted for $374 million of the company’s $633 million in sales in 2016, according to researcher International Data Corp.
“When statements are taken out of context, anything can be manipulated to serve an agenda,” the company said in a statement. “Kaspersky Lab has always acknowledged that it provides appropriate products and services to governments around the world to protect those organizations from cyberthreats, but it does not have any unethical ties or affiliations with any government, including Russia.”
Antivirus companies are especially delicate because the products they make have access to every file on the computers they protect. The software also regularly communicates with the maker to receive updates, which security experts say could theoretically provide access to sensitive users such as government agencies, banks, and internet companies. Adding to the U.S. government’s jitters, Kaspersky recently has developed products designed to help run critical infrastructure such as power grids.
The previously unreported emails, from October 2009, are from a thread between Eugene Kaspersky and senior staff. In Russian, Kaspersky outlines a project undertaken in secret a year earlier “per a big request on the Lubyanka side,” a reference to the FSB offices. Kaspersky Lab confirmed the emails are authentic.

Kaspersky Lab CEO Eugene Kaspersky speaks at a plenary meeting titled “Cybersecurity in the Face of New Challenges and Threats,” part of the Finopolis 2016 forum of innovative financial technologies, in Kazan, Russia.PHOTOGRAPHER: GETTY IMAGES
The software that the CEO was referring to had the stated purpose of protecting clients, including the Russian government, from distributed denial-of-service (DDoS) attacks, but its scope went further. Kaspersky Lab would also cooperate with internet hosting companies to locate bad actors and block their attacks, while assisting with “active countermeasures,” a capability so sensitive that Kaspersky advised his staff to keep it secret.
“The project includes both technology to protect against attacks (filters) as well as interaction with the hosters (‘spreading’ of sacrifice) and active countermeasures (about which, we keep quiet) and so on,” Kaspersky wrote in one of the emails.
“Active countermeasures” is a term of art among security professionals, often referring to hacking the hackers, or shutting down their computers with malware or other tricks. In this case, Kaspersky may have been referring to something even more rare in the security world. A person familiar with the company’s anti-DDoS system says it’s made up of two parts. The first consists of traditional defensive techniques, including rerouting malicious traffic to servers that can harmlessly absorb it. The second part is more unusual: Kaspersky provides the FSB with real-time intelligence on the hackers’ location and sends experts to accompany the FSB and Russian police when they conduct raids. That’s what Kaspersky was referring to in the emails, says the person familiar with the system. They weren’t just hacking the hackers; they were banging down the doors.
The project lead was Kaspersky Lab’s chief legal officer, Igor Chekunov, a former policeman and KGB officer. Chekunov is the point man for technical support to the FSB and other Russian agencies, say three people familiar with his role, and that includes gathering identifying data from customers’ computers. One Kaspersky Lab employee who used to ride along with Russian agents on raids was Ruslan Stoyanov, whose technology underpinned the company’s anti-DDoS efforts, says the person familiar with the program. Stoyanov previously worked in the Interior Ministry’s cybercrime unit. In December he and a senior FSB cyber investigator were arrested on treason charges, adding a bizarre twist to the company’s relationship to the government. Kaspersky Lab has said the case involved allegations of wrongdoing before Stoyanov worked for the company. Stoyanov couldn’t be reached for comment.
In the emails, Kaspersky said the aim of the project for the FSB was to turn the anti-DDoS technology into a mass-market product for businesses. “In the future the project may become one of the items on the list of services that we provide to corporate customers,” he wrote. Kaspersky now sells its DDoS protection service to large companies, installing sensors directly inside customers’ networks. The company’s website contains a large red notice that it’s not available in the U.S. or Canada.
The U.S. government hasn’t identified any evidence connecting Kaspersky Lab to Russia’s spy agencies, even as it continues to turn up the heat. In June, FBI agents visited a number of the company’s U.S. employees at their homes, asking to whom they reported and how much guidance they received from Kaspersky’s Moscow headquarters. And a bill was introduced in Congress that would ban the U.S. military from using any Kaspersky products, with one senator calling ties between the company and the Kremlin “very alarming.” Russia’s communications minister promptly threatened sanctions if the measure passed.
Indeed, many in Russia see the anti-Kaspersky campaign as politics with a dash of protectionism. “This is quite useless to find any real evidence, any real cases where Kaspersky Lab would violate their privacy policies and transfer some data from U.S. customers, from U.S. enterprise clients, to Russian intelligence or FSB,” says Oleg Demidov, a consultant for researcher PIR Center in Moscow who studies Russian cyberattacks. “There are no such cases. At least, they are not publicly discussed.”
There’s another possibility, given Kaspersky Lab’s success at embedding its products in sensitive locations. Last year, Eugene Kaspersky announced the launch of the company’s secure operating system, KasperskyOS, designed to run systems that control electrical grids, factories, pipelines, and other critical infrastructure. The U.S. Defense Intelligence Agency reportedly circulated a warning that the product could let Russian government hackers disable those systems, a claim Kaspersky denied.
Fourteen years in development, Kaspersky Lab’s secure OS is designed to be easily adaptable for the internet of things, everything from web-connected cameras to cars. That could be a great business model for the Russian company. U.S. national security officials seem determined to make sure it isn’t. —With Carol Matlack
BOTTOM LINE - Kaspersky Lab’s ties to the Russian government may threaten its business in the U.S. and Western Europe, which account for almost 60 percent of its sales. ... telligence
User avatar
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

Postby seemslikeadream » Sat Jul 29, 2017 3:35 pm

House panel asks agencies for docs from Russian cyber firm
BY MORGAN CHALFANT - 07/28/17 04:46 PM EDT 22

A House panel has asked nearly two dozen government agencies for documents on Russian-origin cybersecurity firm Kaspersky Lab.

The House Science, Space and Technology Committee made the request to 22 different government agencies in letters that were released by the committee on Friday.

House Science Chairman Lamar Smith (R-Texas) wrote in the letters, sent Thursday, of concern that the cybersecurity firm’s products could be used to conduct "espionage" or “nefarious activities against the United States.”

Kaspersky Lab, which has headquarters in Moscow but operates around the world, including in the United States, has fallen under increased scrutiny over alleged ties to Russian intelligence.

While the U.S. government has produced no public evidence showing the company to be somehow compromised by the Russian government, intelligence officials have nevertheless expressed concerns over its products.
The issue was pushed to the forefront during a Senate Intelligence Committee hearing in May, when six top U.S. intelligence officials testified that they would not be comfortable with Kaspersky Lab software on their computers.

The committee has requested documents and communications about Kaspersky products dating back to the start of 2013. The letters also ask for lists of systems that use Kaspersky products or services and government contractors or subcontractors that use them.

Smith wrote in the letters that “the committee is concerned that Kaspersky Lab is susceptible to manipulation by the Russian government, and that its products could be used as a tool for espionage, sabotage, or other nefarious activities against the United States.”

The letters were sent to the departments of Commerce, Homeland Security, Energy and State, as well as the Pentagon and the individual service branches, in addition to several other agencies. Smith is requesting the information by Aug. 11.

Smith couched the request as “part of an ongoing review of the federal government’s cybersecurity policies and standards.”

The company has long described the suspicions of ties to the Russian government as baseless. Kaspersky’s anti-virus software is widely lauded in cybersecurity circles, and the company boasts 400 million users worldwide.

“Kaspersky Lab has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts,” the company said in an emailed statement to The Hill on Friday.

“The company has a 20 year history in the IT security industry of always abiding by the highest ethical business practices and trustworthy development of technologies, and Kaspersky Lab believes it is completely unacceptable that the company is being unjustly accused without any hard evidence to back up these false allegations,” Kaspersky said.

The issue has been amplified by the U.S. intelligence community’s conclusion that Russia sought to interfere in the 2016 presidential election using cyberattacks and disinformation. In June, Senate lawmakers with oversight of the Defense Department inserted language into a fiscal 2018 defense policy bill that would bar the Pentagon from using Kaspersky software.

This month, the General Services Administration removed Kaspersky-manufactured products from a list of outside products approved for use by government agencies.

The developments have frustrated the company’s founder, Eugene Kaspersky. “With the U.S. and Russia at odds, somehow, my company, its innovative and proven products as well as our amazing employees are repeatedly being defamed,” he wrote in a June blog post.

The company’s North America division is separate from the headquarters in Russia. ... -documents
User avatar
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

Postby Elvis » Sat Jul 29, 2017 7:37 pm

^^^ I notice Kaspersky seems to have been dropped from the NPR donor list. :lol2:
"Frankly, I don't think it's a good idea but the sums proposed are enormous."
User avatar
Posts: 6274
Joined: Fri Apr 11, 2008 7:24 pm
Blog: View Blog (0)

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

Postby seemslikeadream » Sun Aug 20, 2017 2:30 pm

Did a Mole-Who-Must-Not-Be-Named Leak Plot to Elect Trump?

MOSCOW—For the first time in his two decades defending people accused of treason, Ivan Pavlov has come across a case he says he truly has trouble getting his head around. Everything about it is a guessing game for the defense lawyer, including the charges against his client, whose name he is not allowed to mention in public.
Speaking at his office in St. Petersburg, under a photograph of President Barack Obama shaking his hand, Pavlov, 46, explained to The Daily Beast that the arrest in Russia last December of accused cyber spies is heavy with high-profile politics.

“This is a dangerous case for everybody, including the FSB investigators, attorneys and journalists,” said Pavlov.

To get a sense of just how fraught it may be, let us go back to January. By then, allegations by the American intelligence community about Russian meddling in the American elections had been building for several months. President Obama had warned Putin, eyeball to eyeball, to stop. Two reports had been issued publicly by the U.S. intelligence services in October and in December, but in guarded and less than explicit language as America’s spooks tried to protect the methods and especially the sources that had led them to their conclusions.
As candidate and as president-elect, Donald Trump had received several classified briefings in August, November and afterward but, in public at least, Trump rejected the conclusion that Russia had interfered in the election he won, calling it fake news and the work of disgruntled losers.
Then on January 6, two weeks before Trump’s inauguration, the American intelligence community issued a much more explicit declassified report based on a much more detailed classified one pulled together from the coordinated reporting and analysis of the FBI, CIA, and NSA.
The key conclusions fingered Russian President Vladimir Putin directly, and because there’s been so much obfuscation by the White House, not to mention the Kremlin, they are worth repeating at some length:
“We assess Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the U.S. presidential election. Russia’s goals were to undermine public faith in the U.S. democratic process, denigrate Secretary [Hillary] Clinton, and harm her electability and potential presidency. We further assess Putin and the Russian Government developed a clear preference for President-elect Trump. We have high confidence in these judgments ...

“Moscow’s influence campaign followed a Russian messaging strategy that blends covert intelligence operations—such as cyber activity—with overt efforts by Russian Government agencies, state-funded media, third-party intermediaries, and paid social media users or ‘trolls.’...”
On the specific issues of hacking, as opposed to the broader effort to influence the elections, in late December 2016 the U.S. Federal Bureau of Investigation together with the Department of Homeland Security distributed a report (PDF) that described the core Russian operation known by various aliases including the fanciful names “Cozy Bear” and “Fancy Bear.” The report updated in February also noted that one technical tool, a malware program used in the attack, had been created originally by a Ukrainian programmer—potentially a very important point as the plot thickened.
The assessment overall was as damning as such documents can be, and in it the U.S. intelligence community had claimed to know the decision making at the very highest level of the Russian government: Putin himself.
The Russian government denied all the allegations and has never acknowledged officially or unofficially that it was involved in this alleged multifaceted campaign about which the FBI and CIA seem to have no doubt.
But in the meantime any intelligence officer reading a document liked the January 6 assessment would surmise that it implicated one or more moles inside the upper levels of the Russian government.

Then, at the end of January, the news broke: Russia’s most secret law enforcement agency had arrested one of its own top officers, and that had happened in the middle of an official meeting. Like a scene out of some Brian de Palma movie, FSB officers grabbed their colleague and put a bag over his head—and afterward they made no effort to keep what they had done a secret.
Two top Federal Security Service officials, Sergei Mikhailov (who’d had the bag over his head) and Dmitry Dokuchayev, both from the FSB cyber intelligence department, were accused officially of state treason for passing confidential information to the CIA, according to the Interfax news agency.
But what sort of information? There was certainly no mention in the Kremlin leaks that these two might have exposed Putin’s direct order to undermine the American elections. Far from it. The crimes described by the news reports in Moscow related to hacking operations with no apparent ties to Trump or U.S. politics.
Also arrested was Ruslan Stoyanov, the head of the cybercrime investigation team at Kaspersky Lab, Russia’s major cybersecurity and anti-virus provider.
And then there was Pavlov’s unnamed client: the Fourth Man.

Now, months have passed, and the office of the U.S. Director of National intelligence, responding to a query for this story, declined to comment in any fashion about the December arrests in Russia or the status of the those who were jailed. Obviously if any of those arrested were indeed working with U.S. intelligence, the American government would not want to confirm that.
After the initial burst of publicity the FSB continues to stay quiet about the details of Pavlov’s client’s charges, and the other three as well, creating a thick curtain of secrecy around the crime. Even for the agency that is the successor of the infamous KGB, that is an unusually long silence.
Pavlov had to sign a gag order before he was allowed to represent his client. Now he and his colleagues, an association of lawyers called Team 29, refer to the Fourth Man simply as “Him.” But Pavlov hints at a world of cyberespionage even murkier and more dangerous than that of spy and counterspy.
“I can tell you something about this case: I believe that the FSB keeps Russia’s top cybersecurity experts under arrest so nobody can interview them, use them—or harm them,” said Pavlov. “It looks like authorities plan to keep the investigation low key at least until after the [Russian] presidential elections next year.”
“If he were not locked in prison, my client could have been murdered by now,” Pavlov said, without elaboration.

The secrecy annoys Team 29, which Pavlov founded in 2015 as an informal association of lawyers and journalists fighting against the Russian government’s increasing reluctance to release information amid fears of traitors and spies.
The name “29” comes from the number of an article in Russia’s constitution that says: “Everyone shall have the right to freely look for, receive, transmit, produce and distribute information by any legal way.”
The lawyers teamed up soon after the FSB ordered the deportation of Pavlov’s ex-wife, American citizen Jennifer Gaspar, “as a threat to national security.”
The reason is a secret.
“My wife worked for the Hermitage museum; I am convinced that the FSB deported her to hurt me, their opponent,” Pavlov said.

He explained to The Daily Beast why his mission in Russia is so important: “If before Russia’s conflict with Ukraine there were a couple of treason cases a year, now we count up to 15 state treason cases a year,” Pavlov said. “Our job is to educate people about their rights, so not all talented and skillful Russians flee the country.”
For six months, Team 29 has been visiting the Fourth Man at Lefortovo prison, trying to guess from such materials as have been revealed to them how much material remains hidden.
Was their client accused of selling secrets to the CIA or to FBI? Was he a spy helping to hack emails of the Democratic National Committee? That’s a secret.
Meanwhile one of the arrested FSB officers, Dokuchayev, has been indicted in the United States for economic espionage and a massive hacking of Yahoo accounts.
In Russia, many wonder how it is possible that Russia’s leading officials responsible for cybersecurity could have been passing state secrets abroad. The Daily Beast asked Dmitry Artimovich, considered one of the “hacker elite” in Russia and an expert at ChronoPay, a Russian company specialized for online payments. There are not many experts as knowledgeable as Artimovich when it comes to spam, spearphishing, botnets, and other kinds of cyber attacks.

The Daily Beast asked what people like Pavlov’s secret client might have been up to?
Their motivation might have been career growth, the suspects must have shared too much information about Russian hackers with American special services under Obama’s administration, creating an impression that Russia’s hackers are the most dangerous in the world, Artimovich suggested.
Artimovich had his own reasons not to like the kontora, or “the office,” the nickname for the FSB. In 2013, the security service’s cyber department investigated Artimovich for executing a distributed denial of service attack meant to shut down the website of Aeroflot, Russia's major national airline. The programmer was sentenced to two years and six months in a corrective labor colony, and it was a harrowing experience.
“A guy in my cell tried to recruit me for the FSB,” says Artimovich. “He threatened me that otherwise I would not come out of prison, if I do not work with them.” But Artimovich says he turned down the offer.
Now, Artimovich offers alternative explanations regarding the arrests last December. He does not believe the order for the attack on the American democratic institutions was coming from the Kremlin and suggests that is a “myth created by the American special services.”

At a technical level, Artimovich says he is skeptical about the malware described in the U.S. reports. “The virus collecting passwords from only one system cannot be described as a cyber-weapon," he says.
After Trump won the elections, Russian hackers who used to travel freely around Europe before started to be grabbed by law enforcement. One example is Pyotr Levashov, who was arrested on a U.S. warrant four months ago in Spain. They were picked up one after another.
Artimovich suggests that Mikhailov and his associates provided data to the U.S. on Russian hackers at a time when there was cooperation with Washington, and that now looked “unpatriotic.”
“In 2010 our company ChronoPay informed the FSB leadership that Mikhailov was passing personal information about Russian citizens to the U.S. agencies, [so] the FSB leadership must have been aware of what Mikhailov’s department was doing, but they did nothing to stop them,” says Artimovich.
“Since the arrests, the entire FSB management has been distant from their case,” says Artimovich.

Sergei Markov, a member of the Russian Public Chamber thinks that Mikhailov and other suspects were responsible for cyber attacks in the cyber war with the U.S.
“One thing is clear: that the roots of their treason, of their espionage, stretch far beyond Russia’s border,” Markos told The Daily Beast. “This case has a high political price, I do not think we should share any details with Trump’s critics before the [U.S.] elections for Congress [in November 2018],” Markov explained.
Team 29’s strategy is to turn the most absurd cases into a joke, since “the only thing the state system cannot stand is when you laugh at them,” says Pavlov.
Last year the attorney started a campaign in support of his client Oksana Sevastidi, a 46-year-old mother of seven. In March 2016 Sevastidi had been sentenced for high treason by a secret court in Krasnodar for sending two text messages back in 2008 about Russian movements in the direction of Georgia’s breakaway region of Abkhazia.
“It is absurd for a nuclear power to sentence a market vendor for seven years for state treason,” Pavlov told The Daily Beast.

In March, President Putin pardoned Sevastidi.
But by then there was a long line of convicts charged with treason and extremism asking Team 29 to help them.
Recently Pavlov came to Moscow to meet two more women whose freedom he had won. Annik Kesyan and Marina Dzhadzhgava had served several years for treason for sending messages about Russian army movement in 2008. President Putin pardoned Kesyan and Dzhadzhgava, after Team 29 attracted public attention to their cases.
But Pavlov’s cybersecurity treason case is stuck.
The Kremlin has kept denying any intrusion in the U.S. elections and blamed the reports about Russian hackers on Russophobia. Trump in the immediate wake of the January 6 report conceded grudgingly that Russia had interfered in the U.S. elections, but has since gone back to his allegations of “fake news.”

The level of bitterness about this among veterans of counterintelligence like former Director of National Intelligence James Clapper is palpable. Speaking of Trump at the Aspen Security Forum last month, Clapper said, “I sometimes wonder whether … what he's about is making Russia great again.”
President Putin, for his part, has said he believes that U.S. president Donald Trump agreed with Russia’s denial, which would reinforce the idea that Trump is rejecting the conclusions made by U.S. intelligence agencies and choosing to believe Moscow instead.
Irina Borogan, a Russian independent expert on cybersecurity and cyber wars, told The Daily Beast that it is impossible at a technical level to have any exact attribution about the attacks being ordered by the Kremlin.
“The technical expertise identifies general pieces of coding, the methods of the attack, of botnet, hacker groups,” Borogan said. In this particular case, she said, it might be clear that “the attack was ordered by the Russian Federation, but they did not sign: ‘Moscow, the Kremlin.”
That’s another reason that the positive identification by the U.S. intelligence of Putin as the person who directed the interference in the U.S. elections would seem to be related to human intelligence gathering rather than technical means. But it is also possible that in this dark and dirty game, the four arrested in December were mere scapegoats.

Like many other people in Russia, Borogan, the author of The Red Web about Russia’s attack on internet freedoms, cannot wait to hear what sort of state secrets Pavlov’s client allegedly passed abroad. “We see a uniquely dumb secrecy, which gives us a sense that the suspects are actually not guilty of treason,” Borogan told The Daily Beast.
Spencer Ackerman and Christopher Dickey also contributed to this article. ... via=mobile
User avatar
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

Postby seemslikeadream » Sun Sep 03, 2017 8:25 pm

US Senate looking to mandate government-wide ban on Russian firm's software

Officials fear Russia could try to target US through Kaspersky Lab software

The Senate is looking to mandate a full, government-wide ban on the use of all products made by one of the world's most respected cybersecurity firms, Moscow-based Kaspersky Lab, according to congressional sources.

The move would be the U.S. government's most drastic response yet to growing concerns that Kremlin-backed hackers could try to exploit the firm’s anti-virus software to steal and manipulate users’ files, read private emails or attack critical infrastructure in the U.S.

The proposed ban, which Senate aides say is expected to pass as an amendment to a defense policy bill widely considered to be must-pass legislation, defines the prohibition in specific terms, stating, “No department, agency, organization, or other element of the United States Government may use, whether directly or through work with or on behalf of another organization or element of the United States Government, any hardware, software, or services developed or produced, in whole or in part by Kaspersky Lab.”

This action comes amid growing scrutiny of the Russia-based company, which U.S. officials worry has ties to Russian intelligence and military agencies. The U.S. government, however, has not publicly offered any information to support that case, and the company has strenuously denied the accusation.

For 1st time, US intelligence officials publicly express concern over Russian cyber firm
Still, the amendment’s sponsor, Sen. Jeanne Shaheen, D-N.H., tells ABC News, “The strong ties between Kaspersky Lab and the Kremlin are very alarming and well-documented. While much of this information is classified, there is ample publicly available information to justify Congress passing my amendment to ban the use of Kaspersky across the federal government.”

The senator, a senior member of the Armed Services Committee, added, “Using Kaspersky software on federal computers is a national security vulnerability and invites further Russian cyber intrusion.”

Nearly a decade ago, the FBI launched a counterintelligence investigation looking into the nature of Kaspersky Lab’s relationship to the Russian government, and last year FBI officials communicated potential concerns about Kaspersky Lab to a select group of private-sector leaders, ABC News reported in May.

In February, the Department of Homeland Security issued a secret report on the matter to other government agencies, ABC News was told.

The concerns came to light the following month in a public hearing, as all five heads of the U.S. intelligence community declared that they would not use Kaspersky antivirus technology, with Adm. Mike Rogers, director of the National Security Agency, telling the Senate Intelligence Committee he was “personally aware and involved” in “national security issues” associated with Kaspersky Lab.

In late June, FBI agents interviewed several employees of the firm as part of its investigation, a source familiar with the matter told ABC News.

One cybersecurity expert, Nicholas Weaver, described the concern in a Lawfare blog post, saying, “Antivirus software ... generally runs with elevated privileges, effectively ‘God mode.’ This means that if an attacker is able to take control of antivirus software, they gain control over the victim’s computer.”

Kaspersky Lab has repeatedly insisted it poses no threat to U.S. customers and would never be -- or allow itself to become -- a tool of the Russian government.

"As a private company, Kaspersky Lab has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts,” the firm said in a statement to ABC News. "The company has a 20-year history in the IT security industry of always abiding by the highest ethical business practices, and Kaspersky Lab believes it is completely unacceptable that the company is being unjustly accused without any hard evidence to back up these false allegations."

Products from Kaspersky Lab are widely used in homes and businesses throughout the U.S. But ABC News found, largely through outside vendors, that Kaspersky Lab software has also been procured by such federal agencies as the U.S. Bureau of Prisons, the Consumer Product Safety Commission and even some segments of the Defense Department.

The company has been removed from two General Services Administration’s lists of approved technology vendors, a move aimed at severely limiting the ability of Kaspersky Lab to sell its products to the federal government. A Shaheen spokesman called the GSA move “an important development” but said, “It doesn’t get at current software usage, subcontracts etc.” The senator’s amendment “is about purging Kaspersky from federal government usage which delisting doesn’t begin to do,” the spokesman added.

Debate on the defense policy bill, to which the Kaspersky ban is expected to be attached, is scheduled to begin just after Labor Day as the Senate returns from a month-long recess, according to a senior Senate Republican leadership aide.

The House-passed version of the defense policy bill does not contain an explicit ban on Kaspersky Lab products. House members did, however, vote to prohibit the Defense Department from procuring or obtaining technologies used in “nuclear command, control, and communications systems” made by any “entity that the Secretary of Defense reasonably believes to be an entity owned or controlled by, or otherwise connected to, the government” of the Russian Federation.

The final Senate-passed legislation would need House approval. ... d=49561147
User avatar
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

Postby seemslikeadream » Tue Oct 03, 2017 6:33 pm

Spanish court grants U.S. extradition for Russian hacking suspect
Reuters Staff

MADRID (Reuters) - Spain’s High Court said on Tuesday it had granted a U.S. request to extradite Russian citizen Peter Levashov, who is accused of U.S. hacking offences including operating a network of infected computers used by cyber criminals.

Levashov, 36, was arrested while on holiday in Barcelona in April.

U.S. prosecutors have accused him of running the Kelihos botnet, a network of more than 100,000 infected devices used by cyber criminals to distribute viruses, ransomware, phishing emails and other spam attacks.

U.S. prosecutors are seeking a 52-year jail sentence against Levashov, who denies the charges against him.


The Spanish court said Levashov had three days to lodge an appeal against the extradition decision.

Levashov, who is fighting extradition, told the Madrid court last week that he had worked for President Vladimir Putin’s United Russia party for the last 10 years, Russia’s RIA news agency reported.

He told the court that investigators in the United States would torture him for information about his political work if he was sent there to face the charges.

“If I go to the U.S., I will die in a year. They want to get information of a military nature and about the United Russia party,” RIA quoted him as saying. “I will be tortured, within a year I will be killed, or I will kill myself.”

The Spanish court ruling said that Levashov’s lawyers had also alleged a political motivation behind the U.S. request for his extradition and that the real reason behind it may be that he was a programmer who might have “hacked the U.S. elections”.

U.S. intelligence agencies have concluded that the Kremlin orchestrated a wide-ranging influence operation that included email hacking and online propaganda to discredit Democratic presidential candidate Hillary Clinton and help Donald Trump, a Republican, win the White House last November. The Kremlin denies the allegations.

The Spanish court dismissed all the arguments put forward by Levashov and his lawyers against extradition.

“Nothing has been proven with respect to the allegations about political motivation and neither ... has the potential infringement of the accused’s right to life or of his physical integrity,” the court ruling sad.

In an eight-count indictment handed down by a federal grand jury in Connecticut in April, Levashov was charged with causing intentional damage to a protected computer and wire fraud.

Russia has lodged its own request for Levashov’s extradition from Spain, RIA reported. ... C81BK?il=0

Head of company Sergei Mikhailov becomes accused in Cherkizovo criminal case

Sergei Mikhailov

21.09.2017 Cherkizovo Group prosecuted for siphoning off $5m to offshore companies

17.09.2017 $2.6mn embezzlements detected in company belonging to Prosecutor General Chaika's son

14.09.2017 FSB conducts searches at contractor for construction of St.Petersburg’s Lakhta Center

11.09.2017 "Flew to Moscow to get the money." CEO of Rosneft subsidiary detained taking $17.000

Related news:
Cherkizovo Group prosecuted for siphoning off $5m to offshore companies

Kommersant became aware of so far the only person involved in the criminal case, initiated against agricultural holding Cherkizovo. He turned out to be the general director of Cherkizovo group Sergei Mikhailov. He does not admit his guilt, explaining the tax dodging by "technical disagreements". He has already been charged, now he is under a written undertaking not to leave the place.

Mikhailov argues that "technical disagreements" arose between the fiscal bodies and the leadership of Cherkizovo, as the practice concerning applying tax rates when paying dividends has altered. And no one has warned the company about these changes. According to him, the company paid taxes and penalties immediately upon learning about the new taxation requirements.

On the eve the Ministry of Internal Affairs (MIA) reported that Cherkizovo agriholding had not paid 288.3 million rubles ($4.9 m) to the budget. The company employed an illegal scheme of understating the tax rate from 15% to 5% when paying dividends to a Cypriot shareholder, which is a technical transit company. Kommersant learned that it was PAO Cherkizovo Group (controlled by Igor Babayev's family).

Senior lawyer of BGP Litigation Anastasiya Evtushenko explained that it was possible to pay 5% only if the Cyprus company was the beneficial owner, however when it came to a transit company, the reduced rate was impossible.

The investigation against the management of the enterprise has been carried out since July 17, 2017 - then the Main Investigative Directorate of the Investigative Committee for Moscow instituted criminal proceedings under part 2 of Art. 199.1 of the Criminal Code – A Tax Agent's Failure to Discharge His/Her duties. A source of Kommersant said that the investigation had enough evidence to consider the scheme as a planned one, and not a "technical error".

Yesterday the office of the company and the houses of Cherkizovo leaders were searched. As a result, the police seized items and documents indicative of illegal activities.

Previously, a subsidiary company of the agricultural holding was accused of swindling and preparation for a crime. The management of the meat processing enterprise submitted a false declaration to the tax authority, according to which they were to get compensation worth 16 million rubles ($277.4 thousand) of VAT. ... ent=safari
User avatar
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

Postby seemslikeadream » Thu Oct 05, 2017 6:51 pm

WSJ: Russian Hackers Stole Material On NSA’s Offensive, Defensive Tactics

By ESME CRIBB Published OCTOBER 5, 2017 2:12 PM
Russian hackers stole information about how the National Security Agency gains access to foreign computer networks and protects those in the United States by exploiting an NSA contractor’s use of a popular antivirus program, the Wall Street Journal reported on Thursday.

The Wall Street Journal reported, citing unnamed sources with knowledge of the matter, that hackers working for the Russian government stole the highly classified material in 2015 after an NSA contractor transferred it to his home computer. According to the report, that stolen material included the computer code the NSA uses to penetrate foreign computer networks.

According to the Wall Street Journal, Russian hackers identified the classified material by exploiting antivirus software the NSA contractor used made by Kaspersky Lab, a Russian cybersecurity company whose links to the Russian government have come under scrutiny.

The theft was not discovered until early in 2016, according to the report, and has still not been disclosed. It was not clear whether the NSA contractor was terminated or facing repercussions for removing classified information without permission, a violation of agency policy for which he could potentially face criminal charges.

According to the Wall Street Journal, members of Congress were informed about the serious breach, which was “given a classified code name and set off alarms among top national security officials.”

Kaspersky Lab told the Wall Street Journal that it “has not been provided any information or evidence substantiating this alleged incident” and said it “must assume that this is another example of a false accusation.”

“Whether the information is credible or not, NSA’s policy is never to comment on affiliate or personnel matters,” an NSA spokesman told the Wall Street Journal. ... persky-lab

Russian hackers used Kaspersky software to find vulnerable NSA docs, says report

A Wall Street Journal article casts doubt on the cybersecurity firm
by Russell Brandom@russellbrandom Oct 5, 2017, 3:33pm EDT

In 2015, Russian agents stole highly classified NSA materials from a contractor, according to a new report in The Wall Street Journal. It’s a major breach of internal security, made possible after the contractor transferred the materials to his home computer in violation of known security procedures.

Even more alarming is how the foreign agents became aware of that violation. According to the report, the hackers seem to have identified the files — which contained “details of how the U.S. penetrates foreign computer networks and defends against cyberattacks” — after an antivirus scan by Kaspersky antivirus software, which somehow alerted hackers to the sensitive files.

It’s an embarrassing breach for the NSA, which has struggled with contractor security since the Snowden leaks. NSA contractor Harold Martin was charged with taking home classified documents in 2016, although the Journal makes it clear that the Martin case is unrelated to the latest news. This summer, the Justice Department charged NSA contractor Reality Winner with leaking classified documents concerning Russian election interference.

It’s unclear whether this latest compromise is related to the Shadow Brokers campaign, an ongoing leak of NSA hacking tools that many have linked to the Russian government. The Shadow Brokers first appeared in August 2016; according to the Journal, the NSA only became aware of the compromise that spring.

While Kaspersky’s software was allegedly central to the breach, it’s unclear whether the company was aware of the attack. Antivirus programs routinely send back telematics data to central servers, which in Kaspersky’s case, may well have been located in Russia. Those transmissions are encrypted using SSL, but if Russian agents were able to break that encryption, they would have been able to detect the scan without alerting either Kaspersky or the contractor himself.

There’s reason to think a skilled hacker might be able to get around that encryption. As one person pointed out on Twitter, Google researchers discovered an SSL interception vulnerability in Kaspersky’s antivirus software in November 2016, a year after the events described by the Journal. Tavis Ormandy, the researcher who discovered the bug, was surprised the company hadn’t investigated the errors resulting from the bug, writing, “It seems incredible that Kaspersky haven't noticed.”

The result is a major breach of trust for a company that has already been the subject of significant scrutiny. The company was barred from selling to the US government this summer, reportedly over concerns about Russian government influence. More recently, the FBI has urged private sector companies to discontinue use of Kaspersky products. Despite widespread pressure from the government, today’s Journal story is the first indication of the Russian government using Kaspersky to attack offshore targets.

In a tweet in advance of publication, Kaspersky dismissed the report as rumor. “New conspiracy theory,” the founder wrote, “note we make no apologies for being aggressive in the battle against cyberthreats.” ... ent-breach


seemslikeadream » Thu Oct 20, 2016 4:02 pm wrote:
Government alleges former NSA contractor stole ‘astonishing quantity’ of classified material over 20 years

The National Security Administration, at Fort Meade, Md. (Patrick Semansky/Associated Press)
By Ellen Nakashima October 20 at 2:56 PM
Federal prosecutors in Baltimore on Thursday said they will charge a former National Security Agency contractor with violating the Espionage Act, alleging that he made off with “an astonishing quantity” of classified digital and other data over 20 years in what is thought to be the largest theft of classified government material ever.

In a 12-page memo, U.S. Attorney Rod Rosenstein and two other prosecutors laid out a much more far-reaching case against Harold T. Martin III than was previously outlined. They say he took at least 50 terabytes of data and “six full banker’s boxes worth of documents,” with many lying open in his home office or kept on his car’s back seat and in the trunk. Other material was stored in a shed on his property.

One terabyte is the equivalent of 500 hours worth of movies.

Martin, who will appear at a detention hearing in U.S. District Court in Baltimore on Friday, also took personal information about government employees as well dozens of computers, thumb drives and other digital storage devices, the government memo said.

The government has not alleged that Martin passed any material to a foreign government, but contends that if he is released on bail he could do so.

Though he lacks a valid U.S. passport, they said he could still flee to a foreign government that might wish to help him. Prosecutors said he has communicated with unnamed persons in Russian, and in June downloaded information on Russian and other languages.

The prosecutors also said Martin had an “arsenal” of weapons in his home and car, including an assault-rifle-style tactical weapon and a pistol-grip shotgun with a flash suppressor.

In a complaint unsealed earlier this month, the government charged him with felony theft of government property and the unauthorized removal and retention of classified materials, a misdemeanor. Conviction under the Espionage Act could send Martin to prison for up to 10 years on each count.

[NSA contractor thought to have taken classified material the old-fashioned way]

Prosecutors will argue Friday that Martin, 51, of Glen Burnie, Md., presents “a high risk of flight, a risk to the nation and to the physical safety of others,” and that he should not be released from jail.

“The case against the defendant thus far is overwhelming, and the investigation is ongoing,” said Rosenstein, assistant U.S. attorney Zachary Myers and trial attorney David Aaron. “The defendant knows, and, if no longer detained, may have access to, a substantial amount of highly classified information, which he has flagrantly mishandled and could easily disseminate to others.”

Continued detention without bail is necessary, prosecutors said, because of “the grave and severe danger that pretrial release of the defendant would pose to the national security of the United States.”

Martin’s attorneys argued in a memo filed Thursday that their client is not a flight risk and should be released under court-approved conditions pending trial. “The government concocts fantastical scenarios in which Mr. Martin — who, by the government’s own admission, does not possess a valid passport — would attempt to flee the country,” wrote public defenders James Wyda and Deborah L. Boardman.

[Read Harold Martin’s arguments to be released from detention]

Martin’s wife and home are in Maryland, they said. He has served in the U.S. Navy. “There is no evidence he intended to betray his country,” they said. “The government simply does not meet its burden of showing that no conditions of release would reasonably assure Mr. Martin’s future appearance in court.”

The government also alleged that Martin took a top-secret document detailing “specific operational plans against a known enemy of the United States.” Prosecutors did not name the enemy. The document, prosecutors said, contained a warning, in capital letters, that said: “This conop [concept of operations] contains information concerning extremely sensitive U.S. planning and operations that will be discussed and disseminated only on an absolute need to know basis.”

Martin was not involved in the operation, the government said, and had no need to have the document or know its specifics.

[Read the government argument to keep former NSA contractor Harold Martin in jail ]

Another document found in his car contained handwritten notes describing NSA’s classified computer systems and detailed descriptions of classified technical operations, the prosecutors said.

In an interview before his arrest, Martin denied having taken classified material, and only admitted to it when confronted with specific documents, prosecutors said. He had access to classified data beginning in 1996, when he was with the U.S. Navy Reserve, and that access continued through his employment with seven private government contractors.

The government alleged that Martin was able to defeat “myriad, expensive controls placed” on classified information.

They said the devices seized show he made extensive use of sophisticated encryption. He also used a sophisticated software tool that runs without being installed on a computer and provides anonymous Internet access, “leaving no digital footprint on the machine,” they said.

In August, a cache of highly sensitive NSA hacking tools mysteriously appeared online. Although investigators have not found conclusive evidence that he was responsible for that, he is the prime suspect, said U.S. officials, who spoke on the condition of anonymity because the investigation is ongoing.

That is the event that set off the search that turned up Martin, the officials said.

In July, according to the prosecutors’ memo, he watched a video about how law enforcement authorities catch computer users who wish to remain anonymous on the Internet. “He has a demonstrated ability to conceal his online communications and his access to the Internet,” the prosecutors said.

To support their argument that Martin poses a danger to the community, they noted that in late July, he went to Connecticut to buy a “Detective Special” police-package Chevrolet Caprice. While searching his house, the FBI also recovered 10 firearms, only two of which were registered, the government said. Prosecutors said a loaded handgun was found in a case on the floorboard of the Caprice, in violation of Maryland law.

Martin’s wife, Deborah Vinson, was “very upset” to learn about her husband’s arsenal, prosecutors said, and asked the FBI to take custody of the firearms because she was afraid that he would kill himself if he “thought it was all over.”

If Martin had taken the classified material “for his own edification, as he has claimed, there would be no reason to keep some of it in his car, and arm himself as though he were trafficking in dangerous contraband” prosecutors said. ... story.html

User avatar
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

Postby seemslikeadream » Sat Oct 07, 2017 9:50 pm

Was Facebook pushing Kaspersky’s hacked Russian malware software on its users during the election?
Bill Palmer
Updated: 9:20 pm EDT Sat Oct 7, 2017
Home » News

This week it was revealed that the Russians took advantage of Kaspersky Lab anti-malware software on an NSA contractor’s home computer in order to hack into sensitive data (New York Times). This has been just the latest blow to the reputation of Kaspersky Lab, which is headquartered in Moscow and is now suspected of having played a key role in the hacking of the 2016 election. In an exchange with Kaspersky Labs, a rep has informed Palmer Report that it is partnered with Facebook to actively push its software on Facebook users.

Palmer Report contacted Kaspersky Lab by sending a message to its official verified Facebook page (link), inquiring as to the company’s affiliation with Facebook. Here is the verbatim response we received, which was sent back to us by an unnamed company rep and is in slightly broken English: “Hi. Facebook pages has 4 Anti-Malware scan. If the website finds any vulnerability in user’s browser it automatically offer to scan his browser with one of 4 antimalware vendors apps. I’m not sure which are 3 other vendors, but KL is also in the list. If Facebook offers to scan it seems Facebook’s engine found a vulnerability in your browser.”

Our communication with Kaspersky’s official Facebook page:
Kaspersky’s response to our query:

This serves to reignite an earlier debate about whether Facebook was actively pushing the compromised Kaspersky software on its users during the 2016 election. Seven days after Donald Trump officially announced he was entering the election, a note appeared on Facebook which purported to be coming from “Facebook Security” (link).The note announced a partnership between Facebook and Kaspersky Lab, in which Facebook would auto-detect malware on a user’s computer and then require the user to download Kaspersky anti-malware software. That same day, Kaspersky posted a press release on its own official website (link), announcing the supposed partnership.
At least two respected news outlets, AdWeek (link) and Beta News (link), interpreted the above note as having been an official Facebook communication. Facebook users have long debated as to whether the note was truly from Facebook itself, or was part of a scam which was merely set up on a Facebook page. Numerous users have reported over the past two years that their Facebook accounts have indeed been taken over by a notification forcing them to download the Kaspersky software. From these reports, it’s never been entirely clear if Facebook itself was pushing the Kaspersky software, or if this was some sort of phishing scam being run on Facebook without Facebook’s knowledge.

We’ve attempted to track down the Facebook Threat Infrastructure software engineer, Trevor Pottinger, who is credited with having written the supposedly official Facebook announcement about the Kaspersky software. He has a LinkedIn page claiming that he is indeed a Facebook engineer (link). However, aside from news reports that are sourced directly back to the note in question, we can find no evidence to confirm or refute that he does indeed represent Facebook and that the note was legitimate.

We’re continuing to attempt to determine whether or not Facebook itself is officially involved in the effort to push Kaspersky Lab software on Facebook users. But Kaspersky itself has been purporting to be partnered with Facebook to deliver its software to users since shortly after Donald Trump entered the race, up through the present day. Either Facebook is participating in a highly suspicious partnership with a compromised Russian software company, or Facebook and its users are unwittingly being victimized by that company. Either way, in light of current events, this demands further investigation. ... sian/5363/

User avatar
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

Postby seemslikeadream » Tue Oct 10, 2017 7:13 pm

How Israel Caught Russian Hackers Scouring the World for U.S. Secrets

Kaspersky Lab’s products require access to everything stored on a computer in order to scour it for viruses or other dangers. Credit Sergei Ilnitsky/European Pressphoto Agency
It was a case of spies watching spies watching spies: Israeli intelligence officers looked on in real time as Russian government hackers searched computers around the world for the code names of American intelligence programs.

What gave the Russian hacking, detected more than two years ago, such global reach was its improvised search tool — antivirus software made by a Russian company, Kaspersky Lab, that is used by 400 million people worldwide, including by officials at some two dozen American government agencies.

The Israeli officials who had hacked into Kaspersky’s own network alerted the United States to the broad Russian intrusion, which has not been previously reported, leading to a decision just last month to order Kaspersky software removed from government computers.

The Russian operation, described by multiple people who have been briefed on the matter, is known to have stolen classified documents from a National Security Agency employee who had improperly stored them on his home computer, on which Kaspersky’s antivirus software was installed. What additional American secrets the Russian hackers may have gleaned from multiple agencies, by turning the Kaspersky software into a sort of Google search for sensitive information, is not yet publicly known.

The current and former government officials who described the episode spoke about it on condition of anonymity because of classification rules.

Like most security software, Kaspersky Lab’s products require access to everything stored on a computer in order to scour it for viruses or other dangers. Its popular antivirus software scans for signatures of malicious software, or malware, then removes or neuters it before sending a report back to Kaspersky. That procedure, routine for such software, provided a perfect tool for Russian intelligence to exploit to survey the contents of computers and retrieve whatever they found of interest.

The National Security Agency and the White House declined to comment for this article. The Israeli Embassy declined to comment, and the Russian Embassy did not respond to requests for comment.

The Wall Street Journal reported last week that Russian hackers had stolen classified N.S.A. materials from a contractor using the Kaspersky software on his home computer. But the role of Israeli intelligence in uncovering that breach and the Russian hackers’ use of Kaspersky software in the broader search for American secrets have not previously been disclosed.

Kaspersky Lab denied any knowledge of, or involvement in, the Russian hacking. “Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage efforts,” the company said in a statement Tuesday afternoon. Kaspersky Lab also said it “respectfully requests any relevant, verifiable information that would enable the company to begin an investigation at the earliest opportunity.”

The Kaspersky-related breach is only the latest bad news for the security of American intelligence secrets. It does not appear to be related to a devastating leak of N.S.A. hacking tools last year to a group, still unidentified, calling itself the Shadow Brokers, which has placed many of them online. Nor is it evidently connected to a parallel leak of hacking data from the C.I.A. to WikiLeaks, which has posted classified C.I.A. documents regularly under the name Vault7.

For years, there has been speculation that Kaspersky’s popular antivirus software might provide a backdoor for Russian intelligence. More than 60 percent, or $374 million, of the company’s $633 million in annual sales come from customers in the United States and Western Europe. Among them have been nearly two dozen American government agencies — including the State Department, the Department of Defense, Department of Energy, Justice Department, Treasury Department and the Army, Navy and Air Force.

The N.S.A. bans its analysts from using Kaspersky antivirus at the agency, in large part because the agency has exploited antivirus software for its own foreign hacking operations and knows the same technique is used by its adversaries.

“Antivirus is the ultimate backdoor,” Blake Darché, a former N.S.A. operator and co-founder of Area 1 Security. “It provides consistent, reliable and remote access that can be used for any purpose, from launching a destructive attack to conducting espionage on thousands or even millions of users.”

On Sept. 13, the Department of Homeland Security ordered all federal executive branch agencies to stop using Kaspersky products, giving agencies 90 days to remove the software. Acting Department of Homeland Security Secretary Elaine C. Duke cited the “information security risks” presented by Kaspersky and said the company’s antivirus and other software “provide broad access to files” and “can be exploited by malicious cyber actors to compromise” federal computer systems.

That directive, which some officials thought was long overdue, was based, in large part, on intelligence gleaned from Israel’s 2014 intrusion into Kaspersky’s corporate systems. It followed months of discussions among intelligence officials, which included a study of how Kaspersky’s software works and the company’s suspected ties with the Kremlin.

“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky,” D.H.S. said in its statement, “could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.”

Kaspersky Lab did not discover the Israeli intrusion into its systems until mid-2015, when a Kaspersky engineer testing a new detection tool noticed unusual activity in the company’s network. The company investigated and detailed its findings in June 2015 in a public report.

The report did not name Israel as the intruder but noted that the breach bore striking similarities to a previous attack, known as “Duqu,” which researchers had attributed to the same nation states responsible for the infamous Stuxnet cyberweapon. Stuxnet was a joint American-Israeli operation that successfully infiltrated Iran’s Natanz nuclear facility, and used malicious code to destroy a fifth of Iran’s uranium centrifuges in 2010.

Kaspersky reported that its attackers had used the same algorithm and some of the same code as Duqu, but noted that in many ways it was even more sophisticated. So the company researchers named the new attack Duqu 2.0, noting that other victims of the attack were prime Israeli targets.

Among the targets Kaspersky uncovered were hotels and conference venues used for closed-door meetings by members of the United Nations Security Council to negotiate the terms of the Iran nuclear deal — negotiations from which Israel was excluded. Several targets were in the United States, which suggested that the operation was Israel’s alone, not a joint American-Israeli operation like Stuxnet.

Kaspersky’s researchers noted that attackers had managed to burrow deep into the company’s computers and evade detection for months. Investigators later discovered that the Israeli hackers had implanted multiple back doors into Kaspersky’s systems, employing sophisticated tools to steal passwords, take screenshots, and vacuum up emails and documents.

In its June 2015 report, Kaspersky noted that its attackers seemed primarily interested in the company’s work on nation-state attacks, particularly Kaspersky’s work on the “Equation Group” — its private industry term for the N.S.A. — and the “Regin” campaign, another industry term for a hacking unit inside the United Kingdom’s intelligence agency, the Government Communications Headquarters, or GCHQ.

Israeli intelligence officers informed the N.S.A. that in the course of their Kaspersky hack, they uncovered evidence that Russian government hackers were using Kaspersky’s access to aggressively scan for American government classified programs, and pulling any findings back to Russian intelligence systems. They provided their N.S.A. counterparts with solid evidence of the Kremlin campaign in the form of screenshots and other documentation, according to the people briefed on the events.

It is not clear whether, or to what degree, Eugene V. Kaspersky, the founder of Kaspersky Lab, and other company employees have been complicit in the hacking using their products. Technical experts say that at least in theory, Russian intelligence hackers could have exploited Kaspersky’s worldwide deployment of software and sensors without the company’s cooperation or knowledge. Another possibility is that Russian intelligence officers might have infiltrated the company without the knowledge of its executives.

But experts on Russia say that under President Vladimir V. Putin, a former K.G.B. officer, businesses asked for assistance by Russian spy agencies may feel they have no choice but to give it. To refuse might well invite hostile action from the government against the business or its leaders. Mr. Kaspersky, who attended an intelligence institute and served in Russia’s Ministry of Defense, would have few illusions about the cost of refusing a Kremlin request.

Steven L. Hall, a former chief of Russian operations at the C.I.A., said his former agency never used Kaspersky software, but other federal agencies did. By 2013, he said, Kaspersky officials were “trying to do damage control and convince the U.S. government that it was just another security company.”

He didn’t buy it, Mr. Hall said. “I had the gravest concerns about Kaspersky, and anyone who worked on Russia or in counterintelligence shared those concerns,” he said. ... .html?_r=1
User avatar
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

Postby seemslikeadream » Wed Oct 18, 2017 1:41 pm

Dodging Russian Spies, Customers Are Ripping Out Kaspersky

Inadvertently or not, Kaspersky has betrayed customer trust.

10.18.17 9:15 AM ET
The promise was clear: give our software all sorts of access to your computer, and we’ll make sure it isn’t infected with a bevy of viruses, worms, or other dodgy programs.
But one aspect of Russian-born cybersecurity company Kaspersky’s anti-virus product is threatening the sacred trust of its hundreds of millions of users around the world: the Kremlin’s intelligence apparatus can, if they feel like it, grab a copy of customer’s own files by leveraging Kaspersky’s software installed on computers across the world, according to reporting from The Wall Street Journal.

Now, multiple U.S. security consultants and other industry sources tell The Daily Beast customers are dropping their use of Kaspersky software all together, particularly in the financial sector, likely concerned that Russian spies can rummage through their files. Some security companies are being told to only provide U.S. products.
And former Kaspersky employees describe the firm as reeling, with department closures and anticipation that researchers will jump ship soon.
“We are under great pressure to only use American products no matter the technical or performance consequences,” said a source in a cybersecurity firm which uses Kaspersky’s anti-virus engine in its own services. The Daily Beast granted anonymity to some of the industry sources to discuss internal deliberations, as well as the former Kaspersky employees to talk candidly about recent events.
Last week The Wall Street Journal reported that Kaspersky’s software was tweaked to not only hunt out for malware, as a piece of anti-virus is expected to, but also documents marked as “top secret”—a change that U.S officials believe only could have been made with Kaspersky’s knowledge. Kaspersky’s software helped steal sensitive files from an employee of the NSA’s elite hacking unit Tailored Access Operations (TAO)—the unnamed worker took classified information home to his Kaspersky-loaded personal computer.
Eugene Kaspersky, the founder of the company, has denied any knowledge of this function of Kaspersky’s software. Last Tuesday, he announced in a tweet an internal investigation into the issue. A former Kaspersky employee said the company’s researchers "are not involved or privy to any political shenanigans and they're the public faces.”

Revenge Hacking Is Hitting the Big Time
Even if the company’s chief executive or its employees were unaware of the Russian government’s newly reported spying capability, some customers will think that Kaspersky, by allowing its product to act as an espionage tool, has betrayed customer trust—the very point of the software is to keep hackers out, not provide them a way in.
Blake Darché, a former NSA operator and co-founder of cybersecurity firm Area 1 Security, told The Daily Beast that consumers, including one of his own family members, are removing Kaspersky from their computers.
To be clear, many of Kaspersky’s customers—ordinary users who just want to protect themselves and their bank accounts from cybercriminals—are likely not under direct threat from this Kremlin-spying. Kaspersky’s anti-virus is generally seen in the information security industry as a robust product. But for some users, including those in the U.S., it will pose a serious issue.
“Essentially they are treating KAV [Kaspersky Anti-Virus] as malware,” Dave Aitel, a former NSA analyst and now CEO of security firm Immunity Inc., said of high security New York financials.
A consultant working with financial organizations said they know of one enterprise which is exploring how it can remove Kaspersky’s software.

The U.S. and Western Europe accounted for a weighty $374 million of Kaspersky’s $633 million sales in 2016, says market intelligence firm International Data Corp. Kaspersky has some 270,000 corporate clients, according to the company’s own figures.
The past few months have clearly had an impact on Kaspersky’s U.S. operations. In a May 11 Senate Intelligence Committee hearing, the heads of the FBI, CIA and the Director of National Intelligence all said they did not trust Kaspersky’s software. In September, the Department of Homeland Security banned Kaspersky software from U.S. government networks, giving agencies 90 days to start removing the anti-virus from their machines, and retailer giant Best Buy said it would remove Kaspersky software from its shelves, before Staples followed last week.
No one was present at the Virginia offices of Kaspersky’s U.S. subsidiary, KGSS, when a Reuters reporter visited them in July of this year. At the time, a Kaspersky spokesperson told Reuters that most of the employees work from home.
But according to one of the former Kaspersky employees, KGSS was closed at least two months ago.
“KGSS was setup to handle [government] sales. That was the obvious first casualty,” the source said, and added that most top managers in the U.S. are gone. Last Wednesday, CyberScoop reported that Jennifer Wood, the head of Kaspersky’s corporate communications in North America, left the company.
In a statement, a Kaspersky spokesperson said, “Given that U.S. government sales have not been a significant part of the company’s activity in North America, Kaspersky Lab is exploring opportunities to better optimize the Washington D.C. office responsible for threat intelligence offerings to U.S. government entities,” the company wrote. Reuters previously reported Kaspersky planned to open offices in Chicago, Los Angeles and Toronto in 2018. The spokesperson did not reply when The Daily Beast asked whether this is still the case.
Beyond losing customers, all of this scrutiny and media attention is also allegedly impacting Kaspersky’s researchers themselves.
"It's bad. GReAT guys in turmoil," the first former Kaspersky employee said, referring to the company’s Global Research & Analysis Team, which focuses on tracking high-level hacking campaigns.
“American guys are struggling most,” they said. The FBI questioned U.S. based Kaspersky staffers earlier this year. “I can’t discuss out of respect for them, but there will be significant departures,” the source added, without specifying which country these employees might be from.
A second former employee told The Daily Beast, “I think some researchers might leave as a result of the media saga, of course.” The source thought that other researchers will join the company, however, and didn’t think Kaspersky will disappear altogether.
“The world needs uncompromising APT research,” the former employee said, referring to so-called Advanced Persistent Threats, an industry euphemism for state-sponsored hackers.
Any major shifts within Kaspersky could have a knock-on effect onto other areas, and the customers who decide to stay put.
“Lots of big [organizations] pay money for that visibility that only Kaspersky has,” the first former employee added. “It that goes away, [there] will be a big dark spot. And it will go away when guys pack and leave.”
It’s unclear what impact the revelations will have on Kaspersky’s business outside of the U.S., though, as other countries say they have seen no indications that Russian spies are exploiting Kaspersky’s software.
“There are no plans to warn against the use of Kaspersky products since the BSI has no evidence for misconduct by the company or weaknesses in its software," a representative from Germany’s federal cyber agency told Reuters.
When The Daily Beast asked Eugene Kaspersky for comment directly, he pointed to a recent article covering Kaspersky’s prospects for the future, which reads "Eugene Kaspersky doesn't seem like the type of guy who would sabotage his own beloved company, which he tirelessly promotes."
The piece also says that Kaspersky “may face some dark days ahead.” ... -kaspersky
User avatar
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

Postby seemslikeadream » Wed Nov 22, 2017 10:18 pm

flynn was warned immediately about Kaspersky under his leadership....fired from DIA first place Flynn turned to get a job Kaspersky

Kaspersky Lab hired Gen. Yellowkerk Flynn as a paid consultant in 2015, just months before Gen. Yellowkerk went on to become a foreign policy adviser for the Donald Trump campaign. Gen. Yellowkerk is known to have had dinner with Russian President Vladimir Putin shortly after he worked for Kaspersky, and shortly before he went to work for Trump.

Jason Leopold‏Verified account
Nov 21
Jason Leopold Retweeted Jason Leopold
So Michael Flynn's tenure at DIA is now part of an active law enforcement investigation.

Jason Leopold‏Verified account
Nov 21

This is effed up.

3 YRS AGO (!!), I filed a FOIA request w/DIA for docs on Michael Flynn's job performance, his resignation, etc.


DIA says these records on Flynn can't be released b/c it would interfere w/law enforcement proceedings


Jason Leopold‏Verified account
Nov 21
Also effed up

DOJ affirms FBI decision to issue me a GLOMAR re: my #FOIA request for records between the bureau and the private sector related to Kaspersky Labs

Jason Leopold Retweeted

Emma Best‏
Nov 21
Unsurprising but still very significant: DIA has told @JasonLeopold in a #FOIA request that some of their records on Michael #Flynn (requested 3 years ago!) must be withheld because of the ongoing law enforcement investigation.

Pentagon flagged Kaspersky as potential threat in 2004

Morgan Chalfant11/20/17 10:54 AM EST
The Pentagon’s military intelligence arm flagged software produced by Moscow-based firm Kaspersky Lab as a potential threat in 2004, according to recent correspondence with Congress.

The House Science, Space and Technology Committee uncovered the detail in the course of its oversight investigation into potential risks to government information systems posed by Kaspersky, a multinational cybersecurity company that has come under scrutiny over fears that its software could be compromised by the Russian government.

The Department of Homeland Security issued a government-wide ban on Kaspersky products in September over potential threats to national security.

However, the Defense Intelligence Agency (DIA) had flagged Kaspersky as a potential threat in 2004, according to a memo that Science, Space and Technology Committee Chairman Lamar Smith (R-Texas) sent to other committee members late last week.

The memo references an email from the Pentagon’s legislative affairs staff on Nov. 15 confirming that the DIA “began producing threat reporting referencing Kaspersky Lab as a threat actor as early as 2004.”

The correspondence also confirmed that the Pentagon issued a department-wide threat assessment on Kaspersky in 2012 as part of its efforts to manage risks to the supply chain.

The email came after the committee’s second hearing in a series focused on Kaspersky last Tuesday, which featured testimony from the Pentagon’s deputy chief information officer for cybersecurity.

That official, Essye Miller, told committee members last week that the Pentagon had stopped using Kaspersky a few years ago as a result of available intelligence information, though she could not pinpoint the exact year the decision was made.

Kaspersky has long fought allegations of ties to the Russian government, saying such claims are unfounded. The company produces anti-virus software and threat research, serving about 400 million users globally.

Recent reports have claimed that Russian spies exploited Kaspersky software in order to steal U.S. intelligence secrets.

In issuing the ban in September, Homeland Security cited “the risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems.” ... or-in-2004
User avatar
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

Postby seemslikeadream » Thu Dec 07, 2017 10:07 am

Russian Media Outlet Links Treason Case Against Top Cyber-Crime Fighters to American Election Hacking

Dec 5, 2017

A wanted poster for Dmitry Dokuchaev sits on display during news conference at the Department of Justice in Washington / Andrew Harrer / Bloomberg

Russian interference in the U.S. presidential elections is at the heart of a secretive treason case against a former FSB official and three of his alleged accomplices arrested last year, a Russian news startup reports.

Sergei Mikhailov, the FSB’s former head of cyber investigations, was detained on Dec. 5, 2016, together with three alleged accomplices — his colleague Dmitry Dokuchayev, former Kaspersky Lab employee Ruslan Stoyanov, and internet entrepreneur Georgy Fomchenkov.

The four men have been held in Moscow’s high-security Lefortovo Prison on charges of committing treason. The mysterious case has been hidden from public view after being labeled a “state secret.”

“The four men have been hidden away from everyone, to make sure they don’t give away any sensitive information,” the Bell outlet cited Ivan Pavlov, a lawyer for one of the defendants, as saying.

In an extensive investigation published on the one-year anniversary of the group's arrest, the Bell outlet cited two unidentified sources who said the move to arrest the men was ordered by the Russian military intelligence, the General Staff of the Armed Forces (GRU), in an internal power struggle over state funding.

An earlier report by Crowdstrike, a cybersecurity firm hired by the Democratic National Committee (DNC) to look into alleged Russian election meddling, said Hillary Clinton’s campaign and the DNC had been targeted by Russian hackers on two separate occasions.

The first attack, allegedly carried out by the FSB, went unnoticed until a second was carried out by the GRU — with the two agencies seemingly working independently of each other.

The United States in December introduced sanctions against both the FSB and GRU for interference in the U.S. elections. But personal sanctions were only leveled against GRU head Igor Korobov and three of his deputies.

It was Mikhailov and his team who provided U.S. intelligence officials with information about the GRU’s attack, the Bell’s sources said.

The New York Times in January had already connected the arrest of Mikhailov and his team to the DNC hack, citing unidentified sources, but this is the first time Russian sources have linked the former FSB official with leaking information about the hack.

According to the Bell’s sources, the men are not officially being tried on charges of leaking information on the GRU’s alleged DNC hack. Russia has consistently denied all accusations of election meddling, so trying the men for passing on information on election meddling— even behind closed doors — would be a tacit admission of guilt, says the Bell.

Instead, the Bell’s sources say, they are being prosecuted for leaking information to the United States on the Russian founder of the Chronopay payment system, Pavel Vrublevsky, in a case that goes back to 2011. ... king-59810

An American Cover Story for Russia's Undercover Hackers

Feb 1, 2017 — 23:42 — Update: Feb. 14 2017

An unprecedented spy saga plays out at the heart of Russia's intelligence community.

Olya Khaletskaya

Even for a spy thriller, the plot is borderline fantastical.

Two top FSB cyber crime fighters hunt down a group of hackers behind the personal data leaks of some of the Kremlin’s most powerful and mighty.

Rather than arrest them, they take over the organization and put it to their own use. Several months on, the chief cyber detective is outed by his own colleagues at an FSB meeting and escorted out of the room with a bag over his head.

Since the nationalist Tsargrad outlet first broke the story on Jan. 25, more murky details have emerged every day.

Citing anonymous leaks from within the security apparatus, the Russian press reports the officials and two others have been accused of colluding with American intelligence services to expose Russian hacking there. The trail leads from Lubyanka to Bangkok and the United States, and stars characters with names like the Mad Hatter and Humpty Dumpty.

Real information is scant, but one thing is sure: the four accused are being held at Moscow’s notorious Lefortovo prison. Both FSB officials refused to talk to Kogershin Sagiyeva, a member of the independent prison watchdog ONK. But she got a glimpse of them.

“I was amazed by how young they looked,” she told The Moscow Times, “not what you'd expect from high-ranking law enforcement officials.”

Whether or not the men are double agents or victims of an internal power struggle, a purge is under-way and it is expanding like an oil spill.

The Art of Black PR

The story begins in 1990s St. Petersburg, where Vladimir Anikeyev started his career in journalism, according to the Rosbalt news agency. A mediocre writer, Anikeyev nonetheless excelled at “getting the required information.”

Soon, Anikeyev shifted to doing “black PR.” He cozied up to secretaries and insiders to collect incriminating evidence on officials and businessmen, known in Russia as kompromat. He would then either extort money from his victims or sell the information to rivals or media outlets, the report claims.

Joining forces with a number of hackers, he used phishing emails and set up fake Wi-Fi networks at venues he knew were popular with high-placed Kremlin officials, such as the GUM department store on Red Square. After gaining access to the victims’ gadgets, the stolen content was stored on servers in Estonia, Thailand and Ukraine.

Anikeyev and his team took up aliases inspired by British author Lewis Carroll’s Through the Looking Glass. Anikeyev became Lewis, his right hand was Alice and the group’s press representatives went by Shaltai and Boltai (Russian for Humpty and Dumpty).

“That world of inside-out logic best describes Russian politics,” Shaltai told the news website during an encrypted chat interview several years ago, explaining their name choice.

The group organized anonymous bitcoin cyptocurrency auctions on their own website, offering leaked content to the highest bidder. One source who claimed to have participated in the auctions told The Moscow Times that an average lot would sell for up to $30,000. Some hacks, however, attracted bids as high as $200,000, the source added.

The founder of the illusive Shaltai Boltai hacker group has been uncovered as Vladimir Anikeyev, a native Dagestani and expert in "black PR."
The founder of the illusive Shaltai Boltai hacker group has been uncovered as Vladimir Anikeyev, a native Dagestani and expert in "black PR." Vladimir Anikeyev / Facebook

FSB Ties

Shaltai Boltai, as the group became known, first made itself known to the general public in 2013, when it published an online transcript of President Vladimir Putin’s traditional New Year’s Eve speech, hours before it hit the airwaves.

In 2014, the group hacked Prime Minister Dmitry Medvedev’s Twitter account and sent out tweets announcing his resignation “out of shame for this government’s actions” and criticizing the annexation of Crimea. The group also published the private email correspondence of a number of other high officials and businessmen.

According to Rosbalt, the head of the FSB’s cyber crime investigation unit (TsIB), Sergei Mikhailov, and his deputy, Dmitry Dokuchayev, uncovered Shaltai Boltai’s real identities in 2016. Instead of dissolving the group, however, they took control.

But some argue the nature of the information being leaked proved the group had ties to the FSB from the outset.

A Moscow Times source who claims to have been blackmailed by Shaltai Boltai, insists the information that Shaltai gathered on him “could have been obtained only by surveillance and operative action, not just hacking.” This would mean that Mikhailov could have been involved in Shaltai’s activities from its founding, the source said.

In any case, in autumn 2016, the group got hold of thousands of messages from the official email account of Vladislav Surkov, the coordinator of Russia’s Ukraine policy, and shared it with Ukrainian news websites.

By targeting Surkov, the group might have gone a step too far. In October, Anikeyev was detained after crossing the border into Russia. The arrest was the culmination of an operation that took at least a few months and involved several exchanges with the group, according to a source close to the top-level state authorities. It was not the FSB that arrested Mikhailov, as claimed by most Russian media, but the Federal Security Guard service (FSO), he says.

Within Russia’s security apparatus, the FSO is the FSB’s main competitor. If the sting operation was under FSO control, it would suggest the detentions were part of an internal power struggle between security bodies.

Following his arrest, Anikeyev allegedly started cooperating with the authorities and revealed the supposed involvement of the FSB’s own cyber crime chief, Mikhailov, Russian media reports.

A part of the declassified version Intelligence Community Assessment on Russia's efforts to interfere with the U.S. political process.
A part of the declassified version Intelligence Community Assessment on Russia's efforts to interfere with the U.S. political process. Jon Elswick / AP

A Cover-Up

Mikhailov and deputy Dokuchayev were detained in several months later, in December, and charged with treason. It is unclear, however, what the men stand accused of.

On Jan. 31, the Interfax news agency connected the treason charges to American accusations of Russian hacking ahead of the U.S. presidential elections. It is as close to an official statement as can be expected in Russia.

American intelligence agencies have expressed “high confidence” that the cyber attacks emanated from Moscow. Some now think Mikhailov and his deputy might have funnelled confidential information to the U.S. on Russian hacks of the Arizona and Illinois voter registration databases. To Steven L. Hall, a former CIA head of Russian operations, the connection between the Russian hacking scandal and the recent arrests seems “reasonable.”

“Certainly U.S. intelligence would have loved to talk to Mikhailov,” Hall told The Moscow Times. “But how that could have happened is a complicated question.”

However, according to two Moscow Times sources, the treason charges and the men's supposed link to America are likely a cover story. Politically, the loss of Shaltai Boltai is a big blow to the FSB’s reputation. The U.S. connection makes it easier to explain to an external audience what is, in fact, an internal power struggle, they said.

Rabbit Hole

The scandal shows no sign of ending. So far, according to several media reports, six people have been detained, including the FSB officials, Anikeyev and Ruslan Stoyanov, the head of investigations at Russia’s prominent Kaspersky Lab cybersecurity company.

Meanwhile, at the Lefortovo prison, only Stoyanov agreed to talk with prison monitor Sagiyeva, and only to confirm the date of his detention. Sagiyeva also twice tried to visit Anikeyev, but was told both times he was away at a meeting with investigators.

“Something’s going on,” she told The Moscow Times. “I doubt he is even there.”

As in Shaltai Boltai’s description of Russian politics, nothing in this case is what it seems. ... -spy-57013

Tech firm in Trump dossier was target of antipiracy advocates

NOVEMBER 15, 2017 12:12 PM

UPDATED NOVEMBER 17, 2017 07:43 AM

WASHINGTON The dossier that has fueled investigations into Russian connections to Donald Trump’s team got a lot right. Indeed, congressional probes and the first guilty plea in Special Counsel Robert Mueller’s investigation have shown the document’s suggestions that the Kremlin sought for years to cultivate Trump, that it cozied up to key Trump campaign officials, that it worked to sow division in the U.S. electorate and that the campaign had contacts with Wikileaks have all been on target.

Yet among the 35-page dossier’s claims stands one – on the very last page – that is still vexing investigators. It’s the accusation that a company called XBT and its U.S. subsidiary Webzilla hacked the emails of Democratic Party leaders.

“[O]ver the period March-September 2016 a company called XBT/Webzilla and its affiliates had been using botnets and porn traffic to transmit viruses, plant bugs, steal data and conduct ‘altering operations’” against them, according to the dossier, which was prepared by a former British spy who specialized in Russia.

XBT and web-hosting company Webzilla, while not well known to the American public, have long been the targets of lawyers who fight Internet piracy. They have claimed, in several lawsuits and submissions to regulators, that Webzilla looks the other way while its customers flagrantly steal copyrighted materials.

Never miss a local story.
Sign up today for unlimited digital access to our website, apps, the digital newspaper and more.

None of the lawsuits involve the very specific actions described in the dossier, which was published by Buzzfeed on Jan. 10; XBT has brought defamation suits against the online news site and the document’s author, Christopher Steele, a former MI6 agent.

McClatchy consulted a wide range of experts and reviewed more than 1,000 pages of court documents, U.S. Copyright Office filings and corporate registry documents in Cyprus, Singapore, Florida and the United Kingdom to learn more about XBT. That review yields a profile of a company and, specifically, two corporate employees whose legal entanglements underscore just how difficult it will be for investigators to dismiss the dossier’s claims.

Indeed, Webzilla employees were linked through litigation and regulatory filings to two companies accused of large-scale copyright violations involving Hollywood movies and subscription pornography. Pirated pornography is often baited with malware that can affect users’ computers in various ways.

“It’s not shocking that Webzilla was listed as a hub for questionable activity. Webzilla is on my radar weekly due to its client base facilitating online piracy on a massive scale,” said Jason Tucker, president of Battleship Stance, a company that manages and investigates copyright infringement for film studios.

Unraveling a Mystery

XBT is based in Luxembourg but run out of Cyprus, and has seven subsidiaries, including Webzilla.

Among the allegations against Webzilla: The International Intellectual Property Association, in a Feb. 9 letter this year to the Office of the U.S. Trade Representative, complained that Webzilla, as an Internet Service Provider, “serviced and administered” in Cyprus a company called That’s a file-sharing website that the trade association said draws more requests to remove specific website addresses from search engines than any other in the world. Gurvits insisted that XBT and its subsidiaries had no control of nor access to the website or its data.

Similarly, in joint comments to the U.S. Copyright Office in 2015, 18 music-industry associations complained that Webzilla and an unrelated company routinely fail to take down copyrighted content “despite receiving thousands of notices of infringement.”

XBT counters these complaints are misguided, saying Webzilla hosts websites much like AT&T offers customers its telephone network but has no control over the content of calls.

“The short answer to it is we have no duty to know,” Valentin Gurvits, XBT’s attorney, with the Boston Legal Group, said in an interview. He added that “100 percent, across the board, I have successfully defended Webzilla against these allegations.”

XBT and its main shareholder have repeatedly offered to open logbooks and take questions from the FBI or U.S. law enforcement but nobody has taken them up on the offer, Gurvits said Thursday. He also branded as frivolous the past lawsuits against XBT and Webzilla.

Still, Webzilla has been involved, even if indirectly, with the kinds of alleged bad actors whose companies could easily carry out the activities the dossier claims.

For example, one Webzilla employee, Constantin Luchian, is linked through legal documents to, which bills itself as a free data-hosting service. Freakshare allows users to upload any amount of data; a download link can then be shared with anyone anywhere.

German newspapers cite allegations from prosecutors that is actually one of several related companies that together make up a global criminal enterprise run by two brothers, naturalized German citizens Kastriot and Kreshnik Selimi.

The two had been sought since 2014 by German authorities for allegedly operating piracy portals where users could watch copyrighted movies for free. Kreshnik was arrested in Kosovo in July, a German newspaper reported on Sept. 11; the Germany Embassy in Washington declined to comment on the case.

Luchian, a Moldova-born naturalized U.S. citizen and an officer in Webzilla’s Florida operations, figures in because he was designated to receive notices demanding that remove copyrighted material from its site. Luchian performs that service for a number of similar firms, which he offers through a business he runs called InCorporate Now. As a result, his name has surfaced in numerous piracy complaints.

Making matters even murkier, the filing designating Luchian to receive notices of copyright violations for was made by yet another company, Vollend Plus LP — a firm with a Scottish address that was registered as trading in batteries and battery parts. Vollend’s paperwork also listed two general partners, both offshore companies in the Seychelles, a known tax haven in the Indian Ocean that requires few details about corporate ownership.

“Vollend Plus is a small Webzilla hosting client but otherwise has no relationship to XBT,” said Gurvits, who actually filed the paperwork for Vollend Plus with the U.S. Copyright Office but said he’s done no other business with it.

Luchian is identified in several other lawsuits alleging theft by companies whose copyrighted materials were hosted by Webzilla or for whom Luchian was identified as the person receiving takedown requests.

“Luchian is a smart guy and he sees an opportunity to provide services,” said Gurvits, who filed the paperwork for and represents Webzilla in its lawsuit against Buzzfeed. He noted that knowledge of Russian is an asset as a registered agent for these companies.

This screenshot shows Constantin Luchian on the website of his Florida-based corporate services company InCorporate Now. It receives takedown notices for numerous Internet sites when they receive complaints of copyright violations.
Several of XBT’s holdings list an address in Fort Lauderdale at a 24-story corporate office tower. The listed phone numbers are actually for the office-leasing firm Regus. A woman answering the phone said Webzilla doesn’t actually have a suite there. It has a “virtual office,” essentially a mail drop.

XBT’s main shareholder, Aleksej Gubarev, has dual citizenship in Russia and Lithuania, his attorney says. Gubarev has said he resides in Cyprus.

XBT is privately held, meaning it reports very little public information about its owners or its earnings. Gubarev is the controlling shareholder in XBT, said Gurvits, and other employees are minority shareholders.

But corporate registry documents in Cyprus, translated from Greek, paint a more complex structure. They show that over the past seven years XBT’s shareholders have included one entity that appears to have no Internet presence at all, and four that are registered in Singapore or Cyprus. One of the four lists Gubarev as its owner. The others disclose little information about their true owners or directors.

The dossier claims that Gubarev was “recruited under duress” by Russian intelligence officials in the hack of Democratic Party leaders — a charge he vehemently denied in a Jan. 11 interview with McClatchy; Gubarev later filed his suit against BuzzFeed.

Connecting Dots

Cyber experts who analyzed the hack of the Democratic National Committee believe it was the result of a large-scale phishing operation conducted by a group linked to Russian intelligence and a past hack on the Joint Chiefs of Staff.

Phishing involves fake emails sent to email accounts in a bid to have users change their passwords; Russian spy agencies capture them to access private computer networks.

One reason XBT and Gubarev may have drawn suspicion is that their success in the open United States and European markets led to an expansion into Russia last year.

The XBT subsidiary opened its Russian operation initially with 500 servers in Moscow, where the Internet is tightly controlled by the Kremlin’s intelligence and military services. Since 2016, Russia has required that Internet providers there store data on servers there, giving Russia both a grip on information and the ability to thwart investigations elsewhere.

“Within Russia, there are increasingly stringent laws governing connecting to the Internet,” said Kenneth Geers, a former NATO cyber expert and fellow at the policy think thank the Atlantic Council. “That’s indicative of a higher level of information control that stems from tighter political control.

An exhaustive review of U.S. court documents by McClatchy found no evidence that XBT or its affiliates were ever accused of spreading viruses or employing robot-like computer commands called bots .

But the piracy lawsuits involving personnel from XBT’s U.S. operations underscore how Webzilla as a hosting company could be used to that end.

A high-profile case in 2013 brought by Disney Enterprises and four movie studios for the Internet theft of copyrighted content ended in a settlement, with the defendant, file-uploading site Hotfile, ceasing its operations.

Luchian and another Webzilla employee —Konstantin Bolotin, a Kazakh immigrant and former Webzilla executive who lives in Hollywood, Fla. — figured in the case because of their email exchanges and business relations with Hotfile’s alleged owner Anton Titov. As recently as this March, Luchian was still the agent in Florida for another Titov firm, Lemuria Communications Inc.

This screenshot shows Constantin Luchin as the registered agent to receive takedown notices for Hotfile, a company that ceased operating in a settlement with the motion-picture industry over Internet piracy.
Gurvits insisted that Webzilla’s relationship with Hotfile was limited. “Webzilla did NOT rent servers to Hotfile or give access [to the servers] – only floor space, electricity and Internet connectivity,” he said in an email.

Bolotin and Luchian provided sworn depositions in January 2016 in another case, this one brought by the foreign owner of the Metart Network. Metart operates self-described high-end, members-only erotic adult entertainment websites.

The defendant was Sun Social Media, which, Bolotin said in his deposition, he’d launched after leaving Webzilla. Luchian handled accounting for the new outfit, an adult-themed video-hosting company. Hosted by Webzilla, Sun Social had been sued for alleged theft of Metart’s copyrighted pornographic material.

Sun Social Media didn’t have any employees in Florida, Bolotin testified, just paid programmers in Russia and Ukraine to build and maintain a video-hosting platform for subscription porn at his proprietary websites.

But Bolotin and Luchian had curiously faulty memories in their depositions, each unable to remember under oath the year they graduated high school or college. At the time of deposition in 2016 they were respectively aged 29 and 30.

A Star is Porn

The dossier’s most specific allegation against XBT is that porn was a vehicle through which the viruses and bots were used in the hacking of Democratic Party leaders.

A search of domain names shows many porn sites are hosted by Webzilla. Some of the domain names on its servers in Holland include the cringe-worthy, and

The website is among the domains hosted by Webzilla in Fort Lauderdale. It self describes as “an amazing arousing journey in the land of Endless Lust.”

Porn accounts for about 6 percent XBT’s business, Gurvits said, citing an audit by KPMG. But the count is of subscriber-based porn sites that are hosted by Webzilla —not the much larger universe of pornography moving across file-sharing websites.

Internet porn is generally legal and profitable, and isn’t necessarily a risk to infect computers, cautioned Stephen Cobb, a senior security researcher with ESET North America in San Diego.

“If you are a legitimate supplier of pornography you do not want to mess up your customer’s computers,” he said, distinguishing between sites that sell subscriptions and those that offer porn for free. “People who spend time on the Internet trying to find free porn or trying to watch porn without paying tend to encounter a lot of malicious code.”

And that’s where the file-sharing sites like and, hosted by Webzilla, come into the picture.

The cyber security firm RiskIQ, in a late 2015 report called Digital Bait, estimated that one in three websites that contain pirated content contained malware. That’s software designed to maliciously seek unauthorized computer access to collect private data and/or inflict deliberate harm.

There’s no evidence that XBT and Webzilla actively sought to spread viruses and other malware. But it’s also clear that it has been accused of allowing the kind of pirated porn that is often baited with malware.

“It’s very common for nation states to use that kind of attack,” said a cyber expert with direct knowledge of the hack on Democratic Party leaders.

While claiming to have no knowledge of any Webzilla or XBT role in the attack, the expert said the hack had all the hallmarks of a state actor that hijacked an unsuspecting website to launch an attack. That suggests that clients of Webzilla could have been used without them or host Webzilla being aware of it.

“It’s always some mom-and-pop company some place. Nobody (in intelligence) does it on their own (system),” said the expert, who demanded anonymity given the sensitivity of the matter and ongoing investigations.

Lawsuit Jousting

If the early proceedings are any indication, the XBT lawsuit against BuzzFeed could be a bruising one. The court has ordered each side to hand over confidential data. BuzzFeed has had to give up readership and click data, while XBT must share tax and financial data and, more importantly, details about the internal policing of its hosting operations. No firm trial date has been set yet, and there is still the chance of settlement.

The dossier was in the hands of McClatchy and numerous other news outlets well before it was published by BuzzFeed. And even before then its impact had been felt.

The day after Christmas last year, just weeks before the dossier exploded on the international stage, Gen. Oleg Erovinkin, a former KGB general, was found dead in the back of his car in Moscow.

It wasn’t until a full month later that the world learned this however, when news of his mysterious death became public in news reports from Europe and England on Jan. 27. The reports linked his death to the dossier, which contained certain information that seemed could have only come from him.

Erovinkin was a top aide to Igor Sechin, head of the state energy company Rosneft and widely viewed as the second most powerful man in Russia after Vladimir Putin. Erovinkin was said to have been a go-between for both men

And a day before reports surfaced of Erovinkin’s death, Russian media reported that the top Russian cyber spy, Sergei Mikhailov, was dragged out of an intelligence meeting with a bag over his head and led away in humiliating fashion.

Mikhailov and two others were charged with treason, which led to speculation that they shared information with Steele or a spy agency that gave it to Steele.

Steele has not spoken publicly about the dossier, and did not respond to requests to comment for this story. It may never be known why Steele included the XBT/Webzilla allegations, and proving or disproving them will be extraordinarily difficult, as even those who have complained about the companies acknowledge.

“I have read the dossier. I am familiar with several of the players, as we have spent time investigating them over the years. Mr. Gubarev has taken great care in structuring his enterprises,” said Tucker of Battleship Stance, which also offers content-protection services. “I am not convinced that anyone will find a smoking gun or clear paper trail. It will be near impossible to prove what Mr. Gubarev knew or did not know to the satisfaction of a U.S. court.”

-- Ben Wieder in Washington contributed.

Read more here: ... rylink=cpy

Why is Russia letting this information out now they've been in jail for a year now
User avatar
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

Postby seemslikeadream » Tue Dec 12, 2017 10:58 am

Jailed Russian hacker: I hacked Democrats 'under the command' of Russian intelligence agents

Natasha Bertrand
Russia's President Vladimir Putin and Prime Minister Dmitry Medvedev visit the Resurrection New Jerusalem Monastery at Istra, outside Moscow, Russia November 15, 2017. Sputnik/Alexei Nikolsky/Kremlin via REUTERS Russia's President Vladimir Putin and Prime Minister Dmitry Medvedev visit the Resurrection New Jerusalem Monastery at Istra Thomson Reuters

A Russian hacker told a Moscow court in August that he was ordered to hack the Democratic National Committee by Russian intelligence agents at the FSB.
The hacker was arrested in mid-2016 on charges relating to his work with a notorious hacking collective.
Kozlovsky's work with the FSB could undermine the Kremlin's repeated claims that it had nothing to do with DNC hacks in late 2015.
A Russian hacker believed to be a member of a hacking collective called Lurk said in court over the summer that he was ordered by Russia's security services, known as the FSB, to hack the Democratic National Committee.

The hacker, Konstantin Kozlovsky, told a Moscow court in August of this year that his nine-member hacking group — which has been accused of stealing over $17 million from Russia's largest financial institutions since 2013 — has been cooperating with the FSB for several years, according to the independent Russian news outlet The Bell. Part of that cooperation included hacking the DNC, he said.

Kozlovsky said during a hearing on August 15 that he "performed various tasks under the supervision of FSB officers," including a DNC hack and cyberattacks on "very serious military enterprises of the United States and other organizations."

Minutes from the hearing, as well as an audio recording, were posted on Kozlovsky's Facebook page. The Bell said it confirmed their authenticity with two sources, including a person who was present at the hearing. Kozlovsky also posted a letter that he wrote on November 1, 2016. The letter outlined what he said was his work for the FSB, which he said had spanned nearly a decade and, most recently, involved attacking the DNC servers.

Kozlovsky identified his FSB handler as Dmitry Dokuchaev, a cybersecurity expert who worked as a hacker under the alias "Forb" before joining the FSB. Dokuchaev has been linked to a group of hackers known as Shaltai Boltai, or Humpty Dumpty, that has published emails from Prime Minister Dmitry Medvedev and other Kremlin officials.

The cybersecurity firm CrowdStrike publicly concluded in June 2016 that hackers associated with the FSB breached the DNC in late 2015. WikiLeaks published internal committee emails during the Democratic National Committee in July 2016.

He 'did everything they said'

Kozlovsky also named Ruslan Stoyanov, a key cybercrime investigator at the Russian cybersecurity firm Kaspersky who was arrested last December along with Dokuchaev and Sergei Mikhailov, the deputy head of the information security department of the FSB.

Mikhailov has been accused of giving US intelligence officials information about a server-rental company, King Servers, through which Russian hackers have been known to attack the US, Russian newspaper Novaya Gazeta reported last December. The Bell reported earlier this month that he could soon be charged with treason.

Dokuchayev and Stoyanov have been in pretrial detention since last December on treason charges, according to independent Russian news outlet Meduza.

Stoyanav was the one who initially helped put Kozlovsky in jail, said Russian investigative journalist and security services expert Andrei Soldatov, author of The Red Web: The Struggle Between Russia's Digital Dictators and the New Online Revolutionaries.

Soldatov said on Monday that Kozlovsky's story could be "interesting." But he cautioned that in the four months he has been in touch with Kozlovsky, the hacker has "failed" to provide any concrete evidence that he had hacked the DNC at the FSB's instruction.

If confirmed, Kozlovsky's work with the FSB could undermine the Kremlin's repeated claims that it had nothing to do with DNC hacks during the 2016 campaign. And it would fit a consistent pattern in which Russian intelligence officials recruit skilled hackers to engage in cybercrime.

Hiring elite criminal hackers, or cultivating them from a young age, has allowed Russian intelligence agencies like the FSB and the GRU (Russia's military intelligence arm) both to improve their foreign espionage capabilities and keep potentially rogue hackers under government control.

The New York Times' Andrew Kramer reported on this phenomenon last December, writing that "for more than three years, rather than rely on military officers working out of isolated bunkers, Russian government recruiters have scouted a wide range of programmers, placing prominent ads on social media sites, offering jobs to college students and professional coders, and even speaking openly about looking in Russia’s criminal underworld for potential talent."

"If you graduated from college, if you are a technical specialist, if you are ready to use your knowledge, we give you an opportunity," one of these ads read, according to the Times.

Kozlovsky, for his part, wrote in his November 1 letter that he began cooperating with the FSB in 2008, when he was just 16 years old. He said he was recruited by Dokuchaev and "did everything they said." ... ce-2017-12
User avatar
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

Postby seemslikeadream » Wed Dec 20, 2017 5:45 pm

A New Russian Ploy: Competing Extradition Requests


Lawyers for an accused Russian hacker, Pyotr Y. Levashov, leaving court after his extradition hearing in Madrid in July. Luca Piergiovanni/European Pressphoto Agency
MOSCOW — The Russian spam kingpin had long been in the cross hairs of the F.B.I., and agents finally got their shot when the man scheduled a vacation in Spain. At the agency’s request, Spanish security officers in April arrested the man, Pyotr Y. Levashov, who is accused of stuffing untold millions of inboxes with ads for pornography, pills and penny stocks.

But then the Russian authorities sprang a trap of their own, filing an extradition request with the Spanish authorities for a crime they said Mr. Levashov had committed in Russia years ago. Currently, he is languishing in a Spanish jail, but soon the authorities will have to decide which extradition request to honor: the United States’ or Russia’s.

This was by no means the first time that Russia had filed a competing extradition request. Far-fetched as it may seem, the Russians’ tactic has in several instances prevented Russians suspected of being computer criminals from being deported to the United States while detained in Europe.

The tactic has raised suspicions that the Russian authorities are more interested in derailing American investigations and possibly protecting criminals they find useful than they are in fighting cybercrime.

“People always ask me about this,” Timofey S. Musatov, a Moscow lawyer whose Russian client is the subject of competing extradition requests. “It’s the most common question.”

In Mr. Levashov’s case, Russian prosecutors sought his extradition after his detention in Spain when they discovered in August that he had hacked the computers of a hospital in St. Petersburg, Russia, in 2014.

Pyotr Y. Levashov during an extradition hearing at the National Court in Madrid in July. Pool photo by Luca Piergiovanni
Three similar cases are pending in courts in Greece, Spain and the Czech Republic. In two of the three, either the defendants’ lawyers or relatives have said that their cases have some bearing on the investigation into Russian meddling in the 2016 election in the United States. While that may be true, they have not provided any proof.

Their theory is that with the politically charged atmosphere in the United States over the election meddling, the accused could not possibly get a fair trial there, so they should be returned to Russia.

In accordance with extradition treaties in all three countries, Russian lawyers say, the decision about where to send the accused resides with a government minister. That opens the prospect of the United States’ being powerless to stop the return to Russia of a suspect who may be able to offer valuable information on Russian meddling in the election.

The Greek police detained Mr. Musatov’s client, Aleksandr V. Vinnik, on an American warrant that accuses him of running a Moscow-based Bitcoin exchange, BTC-e, that laundered as much as $4 billion in illegal funds. Russian prosecutors filed an extradition request on a fraud charge.

The Russian case, Mr. Musatov said, surfaced soon after Mr. Vinnik’s detention in Athens, possibly because the Russian police had read about his client in news reports and decided to investigate him.

“I’m a procedural lawyer who works with documents and law,” he said. “I don’t work in the category of conspiracy theories.” Mr. Vinnik has no known links to election hacking, he said.

Aleksandr V. Vinnik, left, an accused Russian cybercriminal, was escorted by police officers at the courthouse in Thessaloniki, Greece, in October. Giannis Papanikos/Associated Press
Another of Mr. Musatov’s clients, Dmitry O. Zubakha, who at the request of the United States was detained in Cyprus in 2012 on suspicion of hacking Amazon, was successfully extradited to Russia.

“This norm is in effect everywhere,” said Vladimir V. Makeyev, a lawyer for another Russian cybercrime suspect, Yevgeny A. Nikulin, who was detained in Prague while on vacation with his girlfriend.

The United States accuses Mr. Nikulin of hacking the computers of LinkedIn, Dropbox and Formspring. Russia filed an extradition request after a computer intrusion and online theft that occurred in 2010 but came to light only after his detention in the Czech Republic.

Mr. Makeyev argues that the United States is seeking Mr. Nikulin’s cooperation in the election-hacking investigation and that an F.B.I. agent from the San Francisco field office, Jeffrey Miller, traveled to Prague to offer asylum in exchange for testimony. The F.B.I. has said the agent was there only to read Mr. Nikulin his rights, and it remains unclear how he may have been connected to election hacking.

Why Russians suspected of hacking travel to countries that may detain them on United States extradition warrants is something of a mystery. “Once the money starts coming in, they enjoy a good lifestyle,” said John Reid, a senior researcher with Spamhaus, a spam tracking group based in London.

Perhaps impunity at home creates a false sense of security. “We’ll see pictures of them sitting around with gold and fancy Western cars and guns. That kind of gives a profile” of high-rolling Russian hackers, he said.

A prison officer outside a courtroom at the start of the trial of an accused Russian hacker, Yevgeny A. Nikulin, in Prague in November.

Martin Divisek/European Pressphoto Agency
One theory for the travel, he said, is the “girlfriend effect”: “You are a little hacking nerd and now you have a good-looking girlfriend, and it gets cold in Russia, and she says, ‘It’s cold; I hate it here,’ and it wears him down, so he goes somewhere sunny, and that’s it.”

Mr. Levashov, too, has claimed a political motivation for his arrest in Barcelona last spring, though a federal indictment unsealed in Connecticut charges him only with eight counts of computer-related crime and fraud. Mr. Levashov’s wife, Maria, said in an interview that the Spanish police had told her the arrest was “related to the election.”

The American indictment asserts that Mr. Levashov, using the nickname Peter Severa, or Peter of the North, ran a spam operation powered by a sophisticated, evolving family of computer viruses called Waledac, and later Kelihos. Mr. Levashov’s nickname may be derived from his northern hometown, St. Petersburg, or the name of a porn movie star, referring to the pornography promoted by spam email.

Mr. Levashov told a Spanish court that the case should be viewed politically because he had worked for United Russia, a political party that backs President Vladimir V. Putin, and he is an army officer with access to Russian classified information.

“I collected different information about opposition parties and delivered it to the necessary people at the necessary time,” Mr. Levashov told the court, referring to Russian opposition parties, according to the Russian Information Agency.

In an online chat room for hackers years earlier, using the nickname Peter Severa, Mr. Levashov had gone further, suggesting that he had enlisted in a broad recruitment effort by the Russian government, begun about four years ago, to engage students, computer professionals and criminals in government hacking teams, sometimes called science squadrons.

“Good day,” he wrote. “My name is Peter Severa. Many people know me for my service distributing email.” But “everything is in flux, everything changes, and the time has come for me to change the direction of my work.”

He said he had a new role: The Federal Security Service, known as the F.S.B., had appointed him to lead a group of hackers who would work for the security service, which he called a “special battalion for information security.” ... ashov.html
User avatar
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

Postby seemslikeadream » Thu Dec 28, 2017 3:22 pm

Caroline O.
11h11 hours ago

So this story is enticing but there are a lot of reasons to be skeptical about it. For one thing, it would not be the first time an imprisoned Russian hacker falsely claimed credit for the DNC cyberattack.

Jailed Russian says he hacked DNC on Kremlin’s orders and can prove it

By Kevin G. Hall khall@mcclatchydc.comWASHINGTON

December 27, 2017 05:45 PM

A jailed Russian who says he hacked into the Democratic National Committee computers on the Kremlin’s orders to steal emails released during the 2016 U.S. presidential election campaign now claims he left behind a data signature to prove his assertion.

In an interview with Russia’s RAIN television channel made public Wednesday, Konstantin Kozlovsky provided further details about what he said was a hacking operation led by the Russian intelligence agency known by its initials FSB. Among them, Kozlovsky said he worked with the FSB to develop computer viruses that were first tested on large, unsuspecting Russian companies, such as the oil giant Rosneft, later turning them loose on multinational corporations.

Kozlovsky first came to public attention in early December when word spread about his confession last Aug. 15 in a Russian courtroom that he was the person who hacked into DNC computers on behalf of Russian intelligence. The Russian was jailed earlier this year, alleged to have been part of a hacking group there that stole more than $50 million from Russian bank accounts through what’s called the Lurk computer virus.

The alleged hacker posted to his Facebook page in December a transcript and an audio recording of his confession during a pre-trial court hearing. He also confessed online to having hacked investigators looking into the crash of Malaysia Airlines Flight 17, brought down in July 2014 by a missile near the disputed Ukrainian border with Russia.

In written answers from jail made public Wednesday by RAIN TV, a Moscow-based independent TV station that has repeatedly run afoul of the Kremlin, Kozlovsky said he feared his minders might turn on him and planted a “poison pill” during the DNC hack. He placed a string of numbers that are his Russian passport number and the number of his visa to visit the Caribbean island of St. Martin in a hidden .dat file, which is a generic data file.

That allegation is difficult to prove, partly because of the limited universe of people who have seen the details of the hack. The DNC initially did not share information with the FBI, instead hiring a tech firm called CrowdStrike, run by a former FBI cyber leader. That company has said it discovered the Russian hand in the hacking, but had no immediate comment on the claim by Kozlovsky that he planted an identifier.

The newest allegations are potentially significant. If the FSB did in fact direct Kozlovsky, then it debunks Russian President Vladimir Putin’s assertion that his government had nothing to do with hacking that all major U.S. intelligence agencies put at his feet. It also calls into question the view of a hack that was conducted as a closely held, organized FSB campaign directed from central offices. Kozlovsky says he worked largely from home, with limited knowledge of others and that the political hack was just part of larger relationship with the FSB’s top cyber officials on viruses directed at other countries and the private sector.

“Based on my experience and understanding of professional intelligence operations, the blending of criminal activity with sanctioned intelligence operations is an old page out of the Russian intelligence-services playbook,” said Leo Taddeo, chief information security officer for Cyxtera Technologies and a former head of cyber operations in the FBI’s New York office. “What the defendant (in Russia) is describing would not be inconsistent with past Russian intelligence operations.”

Kozlovsky’s claims include an assertion that for the past seven years he was under the control of Major Gen. Dmitry Dokuchayev, who he said gave him orders to breach the DNC servers to interfere in the U.S. election process. A federal court in San Francisco in February issued an arrest warrant for Dokuchayev for his alleged role in a hack of Yahoo accounts. A month later the FBI put the former hacker-turned-spy on a Wanted poster for his alleged role in directing hackers. He was arrested in Russia in late 2016 on treason charges in a high-profile incident that included the arrest of another FSB cyber leader.

The jailed Kozlovsky told RAIN TV that he had a relationship with Dokuchayev that preceeded the latter’s rise to a prominent post in the FSB. ... 57354.html

Caroline O.
11h11 hours ago

Without getting too far into the weeds: This looks like a really convoluted scheme that could allow the Kremlin to claim the DNC hack was carried out by rogue actors, and/or to turn it around on America. I'll explain why, but it's a dizzying story.

-The jailed hacker's name is Konstantin Kozlovsky
-Kozlovsky says he worked under the direction of his FSB handler (Dmitry Dokuchaev), who worked under the direction of a sr FSB officer (Sergei Mikhailov)
-Dokuchaev & Mikhailov are facing charges of treason right now


Dokuchaev & Mikhailov are charged w/ providing info to US intelligence agencies. So, it could be said that they were 'working for the Americans.'

So if Kozlovsky hacked the DNC under their orders, it could be said that he was working for the Americans

-The jailed hacker's name is Konstantin Kozlovsky
-Kozlovsky says he worked under the direction of his FSB handler (Dmitry Dokuchaev), who worked under the direction of a sr FSB officer (Sergei Mikhailov)
-Dokuchaev & Mikhailov are facing charges of treason right now

At the very least, it could be said that Dokuchaev & Mikhailov had 'gone rogue' and were no longer carrying out the wishes of the FSB. So if Kozlovsky carried out the hack under their orders, it could be said that he was working for rogue agents, not under FSB orders.

There are also other reasons that this story doesn't sit right (timing; relationship btw Dokuchaev & Kozlovsky has been called into question; the fact that Kozlovsky is posting details about his work for the FSB on Facebook from a Russian prison. And he's still alive).

I could be wrong. However, I'm pretty confident in saying that we're not getting anything close to the full story here. Way too convenient.

Plus, a convoluted plot like this is exactly the kind of plot that Putin would carry out.

Caroline O.

11h11 hours ago
So this story is enticing but there are a lot of reasons to be skeptical about it. For one thing, it would not be the first time an imprisoned Russian hacker falsely claimed credit for the DNC cyberattack.

Caroline O.

11h11 hours ago
Without getting too far into the weeds: This looks like a really convoluted scheme that could allow the Kremlin to claim the DNC hack was carried out by rogue actors, and/or to turn it around on America. I'll explain why, but it's a dizzying story.


Caroline O.

11h11 hours ago
-The jailed hacker's name is Konstantin Kozlovsky
-Kozlovsky says he worked under the direction of his FSB handler (Dmitry Dokuchaev), who worked under the direction of a sr FSB officer (Sergei Mikhailov)
-Dokuchaev & Mikhailov are facing charges of treason right now


Caroline O.

11h11 hours ago
Caroline O. Retweeted Caroline O.
Dokuchaev & Mikhailov are charged w/ providing info to US intelligence agencies. So, it could be said that they were 'working for the Americans.'

So if Kozlovsky hacked the DNC under their orders, it could be said that he was working for the Americans

4/Caroline O. added,
Caroline O.

-The jailed hacker's name is Konstantin Kozlovsky
-Kozlovsky says he worked under the direction of his FSB handler (Dmitry Dokuchaev), who worked under the direction of a sr FSB officer (Sergei Mikhailov)
-Dokuchaev & Mikhailov are facing charges of treason right now

At the very least, it could be said that Dokuchaev & Mikhailov had 'gone rogue' and were no longer carrying out the wishes of the FSB. So if Kozlovsky carried out the hack under their orders, it could be said that he was working for rogue agents, not under FSB orders.

There are also other reasons that this story doesn't sit right (timing; relationship btw Dokuchaev & Kozlovsky has been called into question; the fact that Kozlovsky is posting details about his work for the FSB on Facebook from a Russian prison. And he's still alive).

I could be wrong. However, I'm pretty confident in saying that we're not getting anything close to the full story here. Way too convenient.

Plus, a convoluted plot like this is exactly the kind of plot that Putin would carry out.

Caroline O.‏
Follow Follow @RVAwonk
Another reason to raise an eyebrow at Kozlovsky's claim re. hacking the DNC: He also claimed to have created an "astoundingly powerful hacking tool" that appears to not actually exist.


Another Russian Hacker Claims He's The One Who Hacked The DNC

Konstantin Kozlovskiy's purported confession in a Russian court has triggered skepticism among experts.

December 14, 2017, at 5:32 p.m.

Facebook Screenshot
A Russian hacker issued a stunning confession in a Moscow courtroom earlier this year claiming that he hacked the Democratic National Committee on orders from the FSB, according to a courtroom recording that's been posted on Facebook. But as cybersecurity experts try to parse the supposed confession — and why it's only coming to light now — some are casting doubt on the hacker’s assertion.

The hacker's name is Konstantin Kozlovskiy. He is on trial alongside 50 other people for allegedly creating a virus called “Lurk” that targeted banking systems and allegedly stole 1.7 billion rubles (USD $28.7 million) from Russian banks. The hackers were caught in May 2016 after a joint investigation by the cybersecurity firm Kaspersky Lab, Russia’s Ministry of Internal Affairs, and the Federal Security Bureau or FSB, one of the successor agencies to the Soviet-era KGB intelligence service. Kozlovskiy is considered one of the leaders of the hacking group and faces 12 to 20 years in prison if found guilty of cybercrime and organizing a criminal group.

News reports at the time made no suggestion that Kozlovskiy worked for the FSB. Kozlovskiy exercised his right against self-incrimination and did not testify in the case, though he told the court that he was aware the authorities had been monitoring his actions for some time. The operation itself was massive. Authorities arrested people from 15 different regions of the country in an investigation that began in 2012, four years before the 50 arrests were made.

Kozlovskiy came back into the spotlight with a report by the Bell, an independent Russian media organization run by a former editor-in-chief of Forbes Russia. The report cited a previously unnoticed Facebook page seemingly belonging to Kozlovskiy that included legitimate-looking official documents, a handwritten letter, and a post addressed directly to Special Counsel Robert Mueller, the former FBI director who is now investigating Russian meddling in last year’s US presidential election.

In the court recording posted on the page, purportedly from an Aug. 15 hearing, Kozlovskiy claims that he hacked into the DNC servers at the direction of the FSB. “If I’m guilty of anything, I’m guilty of working for this government," he said.

The Bell quoted two sources as confirming the authenticity of the Facebook page and the documents posted there, though BuzzFeed News couldn’t independently verify that the page belongs to Kozlovskiy. Kozlovskiy’s wife, Anya, told BuzzFeed News only that the page is run by a “trusted person.” Kozlovskiy’s lawyer declined to comment.

But other Russian sources have pointed out oddities about the page and the confession. In a report for the independent news outlet Novaya Gazeta, special correspondent Irek Murtazin wondered how Kozlovskiy’s Facebook page could have gone unnoticed by reporters for months. Murtazin said he routinely monitors social media for the hashtags and topics that appear on the page, but he didn’t see any of the posts.

It’s not clear how the posts could have remained hidden from the public. There’s no indication they were backdated, but most have the custom audience setting turned on. Facebook doesn’t specify which demographics are excluded from seeing a post with a custom audience setting, but that could be one possible explanation for their going unnoticed.

Kozlovskiy also confessed to hacking Democratic emails in a handwritten letter posted on the page and dated Nov. 1, 2016. The letter was translated into English in a subsequent post. “I have successfully completed the task to hack the Democratic National Committee and personal correspondence of Hilary [sic] Clinton,” the translation says. “I gave the result to Ilia, Federal Security Service of Russian Federation officer (approximately 850Gb of archived video of the process).”

It’s not clear which DNC hack Kozlovskiy was referring to. The cybersecurity firm CrowdStrike, which the Democratic Party hired to investigate the intrusions, found that DNC servers were hacked by two separate Russian entities, the first some time prior to September 2015 and then again in April 2016. Kozlovskiy was taken into custody on May 18, 2016, which means it's possible that he could have been involved with either. But his reference to hacking Clinton’s correspondence adds to the mystery: Clinton’s email is not known to have been hacked, though some of her messages were captured when presumed Russian hackers pirated the email of her campaign chairman, John Podesta.

Murtazin also questioned how the documents ended up on Facebook at a time when Kozlovskiy was in FSB custody on the hacking charges. In an interview, Murtazin told BuzzFeed News that he believes there could be ulterior motives to Kozlovskiy’s confession, including a possibility he’s working with the FSB.

In the letter, Kozlovskiy also details how he came to work for the FSB, saying the FSB threatened to prosecute him in 2008 for hacking unless he agreed to work for it—a common Russian government recruiting technique.

Kozlovskiy identifies his FSB handler as Maj. Dmitry Dokuchaev and says Dokuchaev ordered him to hack American and EU officials, government and military organizations, financial institutions, sports organizations, major media outlets, and their social media accounts. In it, he also claims responsibility for hacking the Twitter account of Russia’s RIA news agency in 2013 and falsely announcing Gorbachev’s death. Russian authorities arrested Dokuchaev last December and charged him with treason.

In subsequent posts, Kozlovskiy also implicated Ruslan Stoyanov, formerly a top investigator at Russia's Kaspersky Lab. A post on the Facebook page says Kozlovskiy hacked computer servers in Germany, France, and Great Britain on FSB's orders. Like Dokuchaev, Stoyanov was also arrested on treason charges.

“The investigation is for a period predating his employment at Kaspersky Lab and we do not possess details of the investigation,” a Kaspersky Lab spokesperson told BuzzFeed News.

FSB Col. Sergey Mikhailov and tech entrepreneur Georgy Fomchenkov were also part of those arrests, which were marked as secret by the court.

The Bell previously reported the men are suspected of leaking information to the US about the hacking attacks. As the former head of FSB’s Information Security Center, it's Mikhailov who's suspected of being in charge.

That gives rise to another theory about the Facebook page: that it’s part of a complicated FSB plot to bolster the idea that the DNC hacks were really the work of Mikhailov acting on instructions from the United States. In his Novaya Gazeta article, Murtazin writes that Kozlovskiy’s “confession” could be an FSB “operational game.”

Novaya Gazeta suggests the hacker who said he hacked the DNC for the FSB could be leaking as part of an FSB plot to…

03:16 PM - 12 Dec 2017
The credibility of the confession is also called into question by a post Kozlovskiy addressed to Mueller. In it, the hacker claims the FSB has created an astoundingly powerful hacking tool, one that makes it possible to distort what users see on their screens, no matter which device — phone, laptop, desktop, or tablet — a person might be using.

“It just doesn’t make technical sense,” said Ben Read, the manager of cyberespionage analysis at the cybersecurity firm FireEye. “You have some people using Internet Explorer, some people using Chrome. It would need a lot of capabilities to do this across all of the websites you use. Are you using Tweetdeck? Are you on Facebook, Google News? There are so many avenues that it becomes prohibitive to do at the scale being described.”

Read also said it’s impossible to believe that such malware would have escaped the notice of cyber sleuths in the highly competitive cybersecurity industry.

Several defendants had made claims that they were mixed up in the DNC hack. Take alleged spam lord Pyotr Levashov.…

11:33 PM - 11 Dec 2017
Kozlovskiy’s claim of involvement with the DNC hack isn’t the first “confession” by a Russian hacker. An AP reporter in Moscow, Raphael Satter, noted in a Twitter thread that several other defendants have claimed a role in the attacks.
User avatar
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)


Return to General Discussion

Who is online

Users browsing this forum: No registered users and 14 guests