Russia Biggest Cybersecurity Firm Head Arrested For Treason

Moderators: DrVolin, Elvis, Jeff

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

Postby seemslikeadream » Sat Sep 01, 2018 9:55 am


But maybe we in the West should stop trying to figure out which Russian security service has been doing what to us. After all, the buck stops in the Kremlin. Putin is a hands-on leader—a KGB veteran himself—who calls the shots on just about everything from assassinations of alleged traitors to revenge against Western politicians he resents, like Hillary Clinton. As the widow of Alexander Litvinenko told me once, “with Putin everything is personal.”

This Russian Spy Agency Is in the Middle of Everything

Only a few years ago, the GRU looked like it might be dissolved. But Putin found new uses for it: covert war in Ukraine and ‘active measures’ that helped Trump get elected.

08.08.18 4:52 AM ET
Russia’s military intelligence agency, known as the GRU, is getting blamed for all sorts of things these days. Robert Mueller indicted 12 GRU officers for hacking into computers of the Clinton campaign and the Democratic National Committee. The GRU allegedly was behind the recent poisonings of four people in Britain, including former GRU officer Sergei Skripal, who survived, and a woman accidentally exposed to the powerful nerve agent used, who died.

The 2014 downing of Malaysia Airlines Flight 17 over Ukraine has been laid at the door of the GRU. And recently there were reports that GRU hackers are directing their efforts at the U.S. power grid. Russian mercenaries serving in Syria and in Africa are largely drawn from GRU ranks. Three Russian journalists investigating their activities were murdered last month.

Igor Korobov, the head of the GRU, was singled out personally for U.S. Treasury sanctions in March, along with his organization, even though he had already been sanctioned by the Obama administration in late 2016 for interference in our elections.

Maybe Trump’s people felt they had to make the point after Korobov was invited, along with chiefs of other Russian secret services, to Washington, D.C., in late January—just weeks before the new sanctions were announced. The visit was supposed to be a secret, but the Russians leaked it. The others in attendance were Sergei Naryshkin, the head of the Foreign Intelligence Service (SVR), and Aleksandr Bortnikov, director of the Federal Security Service (FSB).

“It was necessary to look each other in the eye and talk about issues that threaten us and the Americans.”

— Russian intelligence veteran commenting on secret visit of Russian spy chiefs to Washington.

Steven Hall, a former CIA station chief in Moscow, told Radio Free Europe it is always considered a “big political win” when a Russian spy chief meets one-on-one with his U.S. counterpart, because it puts them on equal footing.

The intelligence chiefs reportedly discussed with the Americans their mutual struggle against global terrorism, but it would be remarkable if the talks were limited to that subject. As a veteran of the FSB explained to a TV audience in Russia, “Many questions cannot be discussed by phone. It was necessary to look each other in the eye and talk about issues that threaten us and the Americans.”

Hall had a different take: “Given the political conditions in the United States now, it’s flabbergasting, to be honest. I can’t imagine who would have signed off on that.”

At home in Russia meanwhile, Korobov is riding high. In 2017, conceivably for his work helping to get Trump elected, Korobov was promoted to colonel-general, and Putin bestowed on him the highest state honor—Hero of the Russian Federation.

It is hard to believe that just a few years ago there was widespread talk in the Russian media about the GRU being on its last legs, perhaps even about to be disbanded. In November 2010, at a celebration of the anniversary of the founding of the GRU in 1918, GRU officers one after another toasted mournfully “to the bright memory” of their agency. The new 70,000-square-meter GRU headquarters, built in 2006 on Khoroshevskoye Shosse, was emptying out, they said.

By one estimate, of the 7,000 GRU officers working in the Soviet era, only 2,000 remained. This included a 40-percent reduction among GRU staff at foreign embassies. The GRU’s famed special combat brigades, the so-called Spetsnaz units, supposedly were going to be transferred to the regular army.

Lt. Gen. Dmitry Gerasimov, who had directed the GRU’s special-purpose brigades, told The New Times: “I am deeply convinced that the GRU special forces are completely devastated. Of the 14 brigades and two GRU training regiments, at best there are not more than four brigades left.” There was also talk of placing GRU signals intelligence systems under the command of the SVR, the foreign intelligence service.

“The chaos in Ukraine was a boon for the GRU.”

— Mark Galeotti, War on the Rocks

There were several reasons for the GRU’s decline. In the 2008 conflict with the Republic of Georgia, it failed to alert the Russian military that Georgia had received anti-aircraft missiles from Ukraine. Moreover, in Moscow’s intramural spy-vs.-spy rivalries, the GRU had its own channel of information on corruption and money-laundering by the Russian elite that represented a threat to the interests of the FSB and SVR.

According to this analysis, there was a shadow intelligence network, consisting of a clan close to Putin from the FSB, the SVR, and the regular police that was running the country. And this group did not like having a competitor agency capable of independent comparative analysis. Significantly, the chiefs of both the FSB and the SVR sit on Putin’s National Security Council, but not the GRU head, who reports only to the armed forces general staff.

Miraculously, however, the GRU bounced back after Igor Sergun became chief of the agency in 2011. According to security expert Mark Galeotti, writing in War on the Rocks, Sergun was “an able, articulate, and effective champion of his agency’s interests… He was particularly good at managing relations with Putin and those to whom the president listens.”

Sergun managed to have several Spetsnaz units transferred back to the GRU. These troops are roughly comparable to U.S. special operations forces. They perform reconnaissance, diversion, and combat operations in various hot spots where there is ethnic strife, such as Chechnya, where they were widely deployed.

Then came the Crimean invasion and the Ukrainian conflict.

As Galeotti pointed out: “The chaos in Ukraine was a boon for the GRU, which was one of the lead agencies both in the seizure of the Crimea in 2014 and the subsequent destabilization of the Donbas [Eastern Ukraine]. If the future means more ‘hybrid war’ operations, more interactions with warlords, gangsters, and insurgents, then this is much more the forte of the GRU than the SVR.”

Some members of GRU units became mercenaries in private military companies like the Wagner Group, under the command of reserve GRU Lt. Col. Dmitry Utkin. In 2014-15 Wagner was one of the main forces in battles fought on the territories of Donetsk and Lugansk in eastern Ukraine. Subsequently Wagner moved to Syria, where it has played a vital role as the Kremlin’s proxy force supporting Syrian government military offensives.

When some of its operatives were involved in an attack on oil installations controlled by U.S. allies on the ground, the Americans counterattacked from the air, allegedly killing several Wagner personnel. In April, a Russian reporter writing about Wagner operations and casualties died under mysterious circumstances, supposedly falling accidentally from the balcony of his fifth floor apartment.

“The order to fire the missile was approved by GRU Gen. Oleg Vladimirovich Ivannikov.”

Wagner also runs significant operations as far afield as the Central African Republic, where it bolsters government forces, negotiates with rebels, and guards valuable diamond, gold, and other mineral deposits—activities being investigated by the Russian journalists murdered there.

These ad hoc GRU operations have had some negative repercussions for Moscow. A joint Australian and Dutch investigation determined that the missile used to down Malaysia Airlines Flight 17 in July 2014 originated from the 53rd Anti-Aircraft Missile brigade, a unit of the Russian army from Kursk in the Russian Federation. The respected Bellingcat group has now found that the order to fire the missile was approved by GRU Gen. Oleg Vladimirovich Ivannikov, who supervised several divisions of fighters in Donetsk, including those of Ukrainian separatists and the Wagner Group.

Korobov got off to a rocky start when he assumed the post of GRU chief in early 2016. For starters, there were questions raised about the sudden death in January that year of his predecessor, Sergun.

Officially, Sergun died of natural causes in Moscow, but there were reports that he perished in Lebanon. The decision to appoint Korobov took an entire month, reportedly because of a conflict within the Kremlin elite over who should get the job from a choice of four candidates. A group that was allied with the FSB and the SVR, led by Sergei Ivanov (then head of the presidential administration and an old KGB colleague of Putin), wanted one of their own to head the GRU, while those representing Minister of Defense Sergei Shoigu were pushing for Korobov.

The army clan, proponents of an aggressive, confrontational approach toward the West in Ukraine and elsewhere, won out, and within several months Ivanov would lose his Kremlin job.

It is said that Korobov, who specialized in strategic military intelligence, is a pragmatist who is not interested in Kremlin politics and just wants to get the job done, whatever that might be. So it must be unsettling for Korobov to be the only high-level Russian official with staff members under indictment in the United States.

In fact, back in 2006, at the opening of the new GRU headquarters, a journalist asked a GRU general whether U.S. elections were a topic that was followed by their intelligence analysts. The general responded, “That is primarily a task for the SVR. We follow [the elections] but to a much lesser extent than the SVR."”

So how to explain that 12 years later the GRU is in the forefront of election meddling in the U.S.?

According to Vadim Birstein, an authority on the Russian security services, “In the past, the ‘active measures’ deployed for decades by the KGB/SVR against the West referred mainly to HUMINT (human intelligence) and disinformation campaigns in the media, rather than cyber warfare operations which are a new level in intelligence wars.”

Although the SVR has cyber weapons—and in fact was reported to be behind the initial 2015 attack on the DNC under the guise of “Cozy Bear”—the GRU, Birstein says, “has more technical resources to conduct operations like those described in the Mueller indictment.”

A persistent question is how Mueller’s team got the information detailed in the indictment. As Alexei Venediktov, editor of Ekho Moskvy (Echo of Moscow) radio, noted: “When you read parts of the indictment you just freak out. Because they [Mueller’s team] know everything—time, place, login, password, career. And this supposedly just by remote methods.” As Venediktov and others say, the FBI must have had insider information.

Where did the leak come from? Putin obviously wants to know. When he spoke at a news conference with Trump in Helsinki on July 16, he suggested that Russia and the U.S. cooperate in the investigation by having members of Mueller’s team come to Russia and take part in questioning the GRU officers. (As The Daily Beast reported, this is not nearly as generous as it sounds. When British investigators looking into the murder of former Russian agent Alexander Litvinenko went to Moscow, they found themselves thwarted and put under surveillance.)

“With Putin everything is personal.”

— Marina Litvinenko, widow of murdered Alexander Litvinenko

Although it is the job of the FSB, as a counterintelligence agency, to find spies and potential traitors within the military, there is some speculation that FSB officers passed information about the GRU’s hacking operations to American intelligence.

Back in December 2016, by which time the GRU had been exposed, some high-level FSB officers in the FSB’s cybersecurity unit were arrested and charged with treason. (One, Sergei Mikhailov, was physically removed from a meeting with a black sack over his head.) The treason case has been kept a closely guarded secret, but Russian insiders suggest that Mikhailov and his colleagues were motivated by the long-standing rivalry between the FSB and the GRU to betray the GRU. According to some sources, money was also a motive.

Of course, the GRU is no stranger to defections and international scandal. The first major spy case to erupt after World War II, igniting the Cold War, occurred in 1945 when a GRU cipher clerk from the Soviet Embassy in Ottawa defected, taking with him reams of secret documents that showed the Soviets had an atomic spy ring in North America.

Then there was the infamous GRU Gen. Oleg Penkovsky, who tipped off Britain that the Soviets had missiles in Cuba—and was executed for treason in 1963. Much later, Sergei Skripal, who for several years cooperated with MI6, provided hundreds of names of his fellow GRU agents before he was caught in 2006 and charged with treason. In 2010 he was handed over to Britain as part of a spy swap, and earlier this year he was poisoned.

British authorities are now saying that the GRU carried out the U.K. murder attempt on Skripal, apparently because Skripal betrayed the agency. Investigators reportedly have evidence that the GRU hacked into the email of Skripal’s daughter, Yulia. But revenge against traitors is traditionally up to the FSB. Recall that the 2006 poisoning of Litvinenko in London, shown by the British High Court Inquiry to be the work of the FSB, was preceded by the July 2006 enactment of a new Russian law that specifically authorized the FSB to carry out assassinations abroad.

But maybe we in the West should stop trying to figure out which Russian security service has been doing what to us. After all, the buck stops in the Kremlin. Putin is a hands-on leader—a KGB veteran himself—who calls the shots on just about everything from assassinations of alleged traitors to revenge against Western politicians he resents, like Hillary Clinton. As the widow of Alexander Litvinenko told me once, “with Putin everything is personal.” ... everything

Businessman Mikhailov demands that Insider remove two articles about his membership in Solntsevskaya gang

9:23 / 25.06.2018
Businessman Mikhailov demands that Insider remove two articles about his membership in Solntsevskaya gang
Sergey Mikhailov
In 2016, Mikhailov took advantage of the right to be forgotten, demanding that Yandex and Google delete the hits on requests "Sergey Mikhailov Mikhas," "Sergey Mikhailov Mikhas Solntsevo," "Sergey Mikhailov Solntsevo" and other similar wording.

Businessman Sergey Mikhailov demanded that Insider to remove articles about his membership in the Solntsevskaya gang, the edition says.

Mikhailov is called a gang member in two articles: "The Spanish investigation: head coach of Lokomotiv Semin and deputy Shamanov have ties with Solntsevskaya gang" and "Gangster Party candidate: Trump’s ties to Russian organized crime." The businessman said that he "did not permit to use his photos."

Insider stressed that Mikhailov's permission to publish his photos is not required since he is a public figure. Also, a photo taken from the materials of Spanish law enforcement agencies "is demonstrated in the context of a journalistic investigation of policy relevance."

"As for the membership of Sergey Mikhailov (Mikhas) in Solntsevskaya gang, the Insider quotes the data of the Spanish investigation, the FBI, and Russian Wikipedia, so the editorial board offered him to address these people," the newspaper writes.

Sergey Mikhailov repeatedly appealed to the courts out of his ties with Solntsevskaya gang. So, in the fall of 2017, the court ordered oppositionist Alexey Navalny to remove the article, in which Mikhailov is called "the leader of the Solntsevskaya gang." Mikhailov's suit against RBC was not granted. The businessman insists that the Solntsevskaya gang does not exist since it is not registered anywhere.

In 2016, Mikhailov took advantage of the right to be forgotten, demanding Yandex and Google delete the hits on requests "Sergey Mikhailov Mikhas," "Sergey Mikhailov Mikhas Solntsevo," "Sergey Mikhailov Solntsevo" and other similar wording. ... n-solntse/
User avatar
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

Postby seemslikeadream » Wed Sep 12, 2018 6:04 pm

Notorious Russian cybercriminal pleads guilty to US charges

By: MICHAEL BALSAMO, Associated Press
Posted: Sep 12, 2018 04:07 PM CDT
Updated: Sep 12, 2018 04:07 PM CDT
WASHINGTON (AP) - A Russian man considered to be one of the world's most notorious hackers pleaded guilty Wednesday to U.S. charges alleging he operated a network of devices used to steal computer credentials, distribute spam emails and install malicious software.

Peter Levashov, 36, pleaded guilty to conspiracy, wire fraud, identity theft and other charges during an appearance in federal court in Hartford, Connecticut.

Investigators linked Levashov, who also went by the names Pyotr Levashov and Peter Severa, to a series of powerful botnets, or networks hijacked computers capable of pumping out billions of spam emails.

Federal officials said Levashov had controlled the botnets - including one that infected at least 50,000 computers - to harvest email address, logins and passwords from infected computers and also distributed malware and other malicious software.

Prosecutors said Levashov had also moderated online forums used to sell and trade stolen identities and credit card numbers.

Levashov was arrested in April 2017 while vacationing in Spain. His arrest was one of a series in the last few years targeting Russian cybercriminals outside their homeland, which has no extradition agreement with the United States.

Russian authorities fought his extradition, but Levashov was transferred to the U.S. in February.

"Today's guilty plea should serve as an unequivocal reminder to all those who use the internet for illicit purposes: The FBI will pursue you regardless of what country you live in and the length of time it might take to secure your eventual arrest," said Brian Turner, the special agent in charge of the FBI's office in New Haven, Connecticut. "As we move forward, no cyber criminal should rest easy." ... 1437618582
User avatar
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

Postby seemslikeadream » Fri Oct 05, 2018 1:20 pm

Mike Eckel

Kommersant: FSB cyberunit chief Mikhailov, arrested in 2016 for treason, in 2011 gave the FBI evidence concerning Pavel Vrublevsky (who was charged with a DDoS attack on Aeroflot's payment system). Mikahilov was paid $10m.

Гостайна раскрылась за $10 млн
Дела обвиняемых в измене офицеров ФСБ дошли до суда

Mike Eckel

Dokchaev and another Russian, Fomchenko-- both of whom face treason charges and both have admitted partial guilt -- could end up testifying against Mikhailov and Stoyanov-- both of whom have denied the charges.

The info was allegedly passed to the FBI from Mikhailov, to his deputy Dmitry Dokuchaev, and then to Kaspersky researcher Ruslan Stoyanov, who passed along to an American cyber-researcher who was based in Moscow ... 3941053441

The info was allegedly passed to the FBI from Mikhailov, to his deputy Dmitry Dokuchaev, and then to Kaspersky researcher Ruslan Stoyanov, who passed along to an American cyber-researcher who was based in Moscow
User avatar
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

Postby seemslikeadream » Fri Oct 12, 2018 8:52 am

Kaspersky Lab treason suspect is hospitalized in critical condition after suffering pulmonary embolism in jail
Dozhd17:05, 11 october 2018
Ruslan Stoyanov, the former Kaspersky Lab expert now on trial for treason, was recently rushed to the hospital in critical condition, after suffering a pulmonary embolism on October 1, his lawyer told the independent television network Dozhd. According to Inga Lebedeva, her client was hospitalized after repeatedly losing consciousness.

The case against Stoyanov is classified, but he is allegedly charged with passing secret intelligence to the FBI about Russian hackers. Days before Lebedeva revealed that Stoyanov has been in the hospital, the newspapers Kommersant and Novaya Gazeta reported that he and three accomplices, led by former FSB Information Security Center agent Sergey Mikhailov, may have been promised $10 million in exchange for data that led to the unmasking of Russian hackers, potentially including the GRU’s “Fancy Bear” operation, which stole internal records from the Democratic National Convention in the United States.

The allegations about a $10-million paycheck have raised some eyebrows. American cyber-crime journalist Brian Krebs, for example, has suggested that the rumor is a fabrication planted by Pavel Vrublevsky, a Russian businessman with notorious ties to hackers, who spent 18 months in prison thanks to investigative work by Mikhailov’s FSB unit.

Stoyanov has been jailed in Moscow since his arrest in December 2016. His lawyer says he’s currently recovering in a private room, guarded by police officers, after spending several days in critical condition. Lebedeva says the hospital conditions are acceptable, but she worries that Stoyanov will be returned to jail prematurely, where medical staff have allegedly neglected his needs, for example by refusing to perform an ultrasound examination, even after he lost consciousness in May.

Lebedeva also complained that prison officials appear to be blocking Stoyanov’s personal mail, holding letters from his friends and family for months at a time. ... sm-in-jail
User avatar
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

Postby seemslikeadream » Fri Feb 22, 2019 8:51 am

Russia Seeks 20 Years for Cyber-Cops in U.S.-Linked Treason Case

Stepan KravchenkoFebruary 22, 2019, 1:50 AM CST

Sberbank PJSC Opens Russia's Biggest Data Processing Center
Photographer: Andrey Rudakov/Bloomberg
Prosecutors in the treason trial of a top former Russian cybersecurity officer who was allegedly compromised by U.S. intelligence are seeking a 20-year prison term.

While few details have emerged about the secret case at Moscow district military court, there have been tantalizing threads potentially linking the central figures to espionage, election hacking and the breach of hundreds of millions of Yahoo! Inc email accounts.

Prosecutors are asking for the maximum sentence when the court delivers its verdict on Feb. 26, according to two people familiar with the case, who asked not be identified because they’re not authorized to discuss it. The accused are Sergei Mikhailov, who worked in the Federal Security Service’s information-security division, and Ruslan Stoyanov, who’s a manager at Kaspersky Lab cybersecurity company.

The court confirmed the hearing is scheduled for Feb. 26. Two other men charged during the investigation, businessman Georgiy Fomchenkov and Dmitry Dokuchaev, a member of Mikhailov’s staff, have pleaded guilty to U.S. ties and will be sentenced later, the people said. Dokuchaev is also accused by U.S. officials of involvement in hacking a half-billion Yahoo email accounts.

‘Having Contacts’

The men were all arrested in late 2016, shortly after Donald Trump became U.S. president-elect. The Kremlin later dismissed suggestions of links between the case and alleged Russian interference in the U.S. elections, which it denies. Mikhailov, Dokuchaev and Stoyanov were charged with treason for allegedly “having contacts with” U.S. intelligence, according to Ivan Pavlov, a defense lawyer in the case, who said in 2017 that officials had provided few details and “what we know is only the tip of the iceberg.”

Stoyanov, a former Interior Ministry cybersecurity officer, worked closely with Mikhailov’s department at the FSB as part of an anti-DDoS project that Kaspersky Lab developed for clients in Russia, according to a person familiar with the company.

“The case against this employee does not involve Kaspersky Lab” and predates his employment at the company, spokeswoman Olga Rodicheva said Thursday by email. “We do not possess details of the investigation,” she said.

Stoyanov accused Russian authorities in a 2017 letter of cooperating with cybercriminals and warned of “a new wave of crimes inside the country” if they didn’t stop.

Data Disc

Mikhailov and the others were indirectly interacting with the FBI, Kommersant reported Wednesday, citing court documents. They shared classified files with a cybersecurity expert, Kimberly Zenz, whom the FSB accused of having ties to the FBI, according to the newspaper. Stoyanov flew to Canada in 2011 at Mikhailov’s request to hand a data disc to Zenz, Kommersant reported.

Mikhailov insists he’s innnocent and reports linking him to a data disc are “complete rubbish,” his lawyer Ruslan Golenkov said by phone Thursday.

“I’m not a government agent and never have been,” Zenz said Thursday in a Facebook message, adding that “there’s no evidence some sort of compact disc was handed over because it never happened.” While she’s known Stoyanov for more than 10 years as an “internationally respected cybercrime investigator who loves his country,” she’s never had contact with the other accused, Zenz said.

“Unfortunately, the court doesn’t know this because it rejected my request to testify,” she said. “The situation is very sad.” ... eason-case
User avatar
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

Postby seemslikeadream » Tue Feb 26, 2019 9:21 pm

Moscow court sentenced an ex-top manager of Kaspersky Lab to 14 years in prison for state treason. He allegedly passed on to the Americans the info about the hacking of the U.S. Democratic Party servers in 2016. If Russia was not behind the hack as the Kremlin says, why treason?

Quote Tweet
Бывшего топ-менеджера «Лаборатории Касперского» приговорили к 14 годам за госизмену. СМИ писали, что он мог передавать США информацию о хакерах, взломавших сервера Демократиче ... 5027772417

Russia’s Kaspersky Lab employee convicted of high treason to appeal sentence

Ruslan Stoyanov was sentenced to 14 years of imprisonment

Ruslan Stoyanov and Sergei Mikhailov, background, in the courtroom
MOSCOW, February 26. /TASS/. Former employee of Russia’s Kaspersky Lab Ruslan Stoyanov, sentenced to 14 years of imprisonment for high treason, plans to appeal his sentence, Stoyanov’s attorney Inga Lebedeva informed TASS.

"We will appeal the sentence. The guys think that they have stepped on some toes during their counter-hacking activity," she said.

It is expected that former head of operational control of the Information Security Center of Russia’s Federal Security Service (FSB) Sergei Mikhailov, sentenced for 22 years behind bars, will also appeal the court’s verdict.

The Moscow District Military Court has sentenced the two men on Tuesday. The court also fined Mikhailov to the tune of 400,000 rubles (about $6,130) and Stoyanov to 150,000 rubles (about $2,300).

The court read out only the substantive provisions, as the criminal case is classified. It was reported earlier that according to the investigators, the two men transferred classified information to the US.

According to the Kommersant newspaper, in 2011, FSB colonel Sergei Mikhailov transferred information concerning the case of the former head of international payment services company Chronopay Pavel Vrublevsky, suspected of staging a DDoS attack on the Assist payment system in July 2010, to the FBI. Mikhailov recorded the data on a compact disc and gave it to Kaspersky Lab employee Stoyanov, who attended the 2011 International Conference on Cyber Security in New Denver, Canada, and handed over the disc to Kimberly Zenz, employee of the US data protection company I-Defence, affiliated with the FBI.

Kremlin Accused Her of Being a U.S. Spy. She Offered to Go to Moscow.

They accused her in a secret trial of being an American agent. So she did the unthinkable, and called their bluff.
Kevin Poulsen
02.22.19 10:36 PM ET

Photo Illustration by Lyne Lucien/The Daily Beast
The top secret treason trial of a cybercrime analyst wrapped up this week after months of testimony behind the closed doors of a Moscow military court, with prosecutors reportedly demanding 20 years in a penal colony for the crime of allegedly snitching on Russian cybercriminals to American investigators. A verdict is expected on February 27.

Ruslan Stoyanov is a one-time cybercop who went on to head the computer incidents investigation team at the cybersecurity firm Kaspersky Lab. He stood trial with Col. Sergei Mikhailov, who was second in command in the cybercrime division of Russia’s federal security service, the FSB, until December 2016, when his fellow agents ended an internal meeting by abruptly shoving a black bag over his head and dragging him off to prison.

The men are accused of passing confidential material from a 2010 cybercrime and spam investigation to an analyst at a U.S. security firm. But the trial ended without the court hearing from a key figure in the prosecution’s theory: the analyst herself, who says the Russian military appears to be on the verge of convicting Stoyanov for treason he didn’t commit.

“I formally requested to testify, and they said no,” said Kimberly Zenz, a veteran cybercrime threat analyst who was caught up in the Russian intrigue while working for Verisign’s iDefense threat intelligence division. “You’d think the opportunity to interrogate a ‘spy’ would be exciting for them, but they don’t even bother to pretend.”

Kimberly Zenz
The treason case has been closely watched, if seldom observed, since the high-profile arrests in the final days of 2016. The entire matter is considered a state secret in Russia, and with few hard details to go on initial speculation linked the arrests to Russia’s election interference campaign.

Over time, a clear and consistent account of the case has emerged from court leaks and people connected to the events. And it turns out the charges have nothing to do with election interference. Instead they’re uniquely a product of Vladimir Putin’s kleptocratic justice system: the defendants are on trial because eight years ago they allegedly shared confidential documents about a convicted Russian cybercriminal with an American colleague.


Stoyanov’s arrest shocked the computer security community. The Kaspersky analyst is well respected internationally, and has no obvious connection to the swamp of corruption and backstabbing synonymous with Russia’s intelligence agencies. But in a country that routinely protects its criminal hackers, and sometimes conscripts them into state service, cross-border cooperation can evidently amount to high treason.

“Things are going very badly,” said Zenz, a longtime friend of Stoyanov. “Ruslan is an honest guy, he’s a good guy. He does not deserve this.”

The treason charges are rooted in allegations first leveled against Stoyanov and other defendants in 2010 by one of the Russian cybercriminals they were tracking: Pavel Vrublevsky, founder of the credit card payment processor ChronoPay.

Vrublevsky is notorious for, among other things, allegedly running a black market pharmaceutical business that hired hackers and spammers to send billions of marketing emails. His misadventures have been chronicled in some detail over the years by independent journalist Brian Krebs, who wrote a book about Vrublevsky called Spam Nation.

In 2013, a Russian court sentenced Vrublevsky to two and a half years in prison for ordering a sustained denial-of-service attack against a competing payment processor, an attack that shut down e-ticket sales for the airline Aeroflot for two weeks. Vrublevsky was granted early release after serving one and a half years.

To this day, Vrublevsky insists on his innocence. He blames his legal woes on the FSB officer who led the case, and says that same officer colluded for years with outside security researchers to smear and scapegoat him. In his account, it’s all part of an American conspiracy to paint Russia as a hotbed of global cybercrime. (Note: Russia is a hotbed of global cybercrime).

Pavel Vrublevsky
Today that conspiracy theory is at the root of the remarkable treason prosecution. In its broad strokes, Vrublevsky believes that defendant Sergey Mikhaylov, while serving as the deputy chief of the FSB’s anti-cybercrime unit, routinely passed confidential information from the FSB’s ChronoPay probe to the corporate cybercrime analyst Kimberly Zenz.

That’s where Ruslan Stoyanov enters the theory. Stoyanov worked in the Ministry of Interior's cybercrime unit from 2000 to 2006, when he left to begin a cybersecurity startup. He no longer had access to government secrets, but he was a mutual friend of both Zenz and Mikhaylov, the FSB colonel. Vrublevsky has a hunch that Stoyanov served as a middleman in the information transfer.

The information passed to Zenz, he said, informed a series of damning iDefense reports that Zenz wrote about the Russian cybercrime landscape in general, and ChronoPay and Vrublevsky in particular.

Acquired by Accenture in 2017, iDefense was an early player in what today is called the “threat intelligence” marketplace. The firm’s business model involved monitoring cybercrime groups and tracking security vulnerabilities, then producing detailed reports for its clients—largely Fortune 500 companies and the finance industry, as well as U.S. government agencies.

Zenz worked as an analyst at iDefense for a decade beginning in 2006, about a year after it was acquired by Verisign. She specialized in Russian hacker groups, and divided her time between her home in Northern Virginia, where iDefense was based, and a rented apartment in Moscow.

Zenz freely admits a longtime friendship with Stoyanov. “If you deal with Russian cybercrime he was the guy,” she said. “Everybody knows Ruslan.” She showed him around when he visited the States for a week, and, yes, she did frequently discuss Russian cybercriminals with him, including Vrublevsky. But he was out of government service and had no access to secret information, she said. In that respect Stoyanov was no different from any other smart, informed computer security analyst, except that he happened to be Russian. “I asked him all about it, but I didn’t ask him for any material, any secrets,” she told the Daily Beast.

She said it’s understandable that Vrublevsky would harbor some resentment for her. She considered him a significant figure in the world of Russian cybercrime, and made no secret of it. “I talked publicly about him in conferences, so he was very aware that I was out there,” she said. “I was publicly trying to get him arrested, so he’s not wrong. That’s what I wanted.”

But she’s dismayed that the case has swept in Stoyanov, who she’s known for over 10 years. On multiple occasions, she said, she tried to lure Stoyanov into taking a job with her at iDefense, and he always rebuffed her. “He turned down multiple opportunities to make much more money as an anti-cybercrime rockstar in the West because he wanted to serve his country,” she said. “And all of that is being used against him and it’s just wrong.”

Even taking Vrublevsky’s allegations as true, they sound less like espionage and more like the kind of cross-border information-sharing routinely practiced among national law enforcement agencies. But Vrublevsky has more. Much more. He feels strongly that Zenz’s iDefense position was just a cover story for her real job as an undercover spy. ”We investigated Kimberly and saw clear signs of CIA affiliation,” he said. That evidence of Zenz’s double life includes her home address in Virginia. “She lived in the same village where CIA is—McLean,” Vrublevsky noted.

Vrublevsky presumably said the same thing during the three hours of testimony he gave recently in the secret treason trial of Mikhaylov and Vrublevsky—he can’t confirm that because the details of his testimony are also considered a Russian state secret.

To that stew of alleged information-sharing and suspicious street addresses, prosecutors have sprinkled new specifics of their own atop Vrublevsky’s original claims, according to press reports and accounts of people involved in the trial. They charge that the defendants didn’t just share information with Zenz and possibly other Americans, but that they passed along government documents, for which they were collectively paid an astounding $10 million.

The key thread, as alleged by prosecutors, conveniently weaves through three of the defendants back in 2010. That’s when Mikhaylov allegedly loaded up a CD with confidential material from the ChronoPay probe, then gave that CD to his subordinate, Dmitry Dokuchaev, who in turn gave it to Ruslan Stoyanov. Stoyanov allegedly brought the disk with him when he attended Microsoft’s invitation-only Digital Crimes Consortium conference in Montreal, Canada, where he supposedly slipped the disk to Zenz.

Zenz calls this claim ludicrous, and late last year she made a bold offer to the panel of military judges overseeing the trial. From her new home in Germany—she took a new job and left Russia in 2016—she wrote a letter asking to testify at the treason trial. In the letter she affirmed that she didn’t receive documents, on CD or in any other fashion, from her friend Stoyanov, nor did she see him pass a disk to anyone else at the Montreal event. “I was literally with him all day at that conference,” she said. “I was with him all day every day and he didn’t give anyone a CD.”

Zenz wrote the court that she wanted to testify at the trial—a gutsy move for an American now regarded a cunning spymaster by the Russian government. “I requested the option to testify at the embassy here because it’s a lot safer and you’re allowed to do that in the court system there,” she said. “But if I had to, I’d go. I had a big fight with my husband over it.”

To her surprise, the military judges ignored the letter, and she says they also rejected a request from Stoyanov’s lawyer to call Zenz as a witness. “Instead, the main witness is a Russian criminal convicted of breaking Russian laws in Russia, and coincidentally the accused happen to be the people who put him in jail for those crimes,” she said.

Zenz thinks the entire case is a manifestation of infighting between different units of the FSB, and between the FSB and the Russian military intelligence unit, the GRU. Stoyanov himself has cast the prosecution as payback, because he’d been stirring up trouble by criticizing the FSB’s practice of granting effective immunity to hackers willing to do some espionage on the side. “The essence of the deal is that the state gets access to the technologies and information of ‘cyberthieves,’ in exchange for allowing them to steal abroad with impunity,” he wrote in a letter from jail made public in 2017.

Ironically, one of Stoyanov’s co-defendants, a black hat hacker turned FSB officer named Dmitry Dokuchaev, has been indicted in the U.S. for doing just that—allegedly letting a well-known hacker go free in exchange for a massive hack into Yahoo that was useful to the FSB’s domestic spying. Dokuchaev and another co-defendant have taken plea deals in the treason case.

Vrublevsky says he finds it “weird” that prosecutors want the 20 year maximum for Stoyanov. “While I am not aware of case details I find it hard to believe that Ruslan indeed was such a self-motivated betrayer,” he said. And he can’t explain why the conspiracy he’s been complaining about since 2010 is suddenly being taken so seriously by the Russian government.

“Nobody knows why they took so long,” Vrublevsky said. “It’s the biggest mystery of them all.” ... ref=scroll


User avatar
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

Postby seemslikeadream » Wed Apr 17, 2019 9:08 am

Raphael Satter

For those in the US just waking up: The White House cybersecurity czar under Obama was targeted last year as part of an elaborate undercover operation aimed at critics of Kaspersky Lab.

Raphael Satter

I know what infosec twitter will be talking about today.

For several months last year, an undercover operative calling himself Lucas Lambert lured cybersecurity experts to fancy hotels in an apparent effort to get dirt on opponents of Kaspersky Lab.

If that name sounds familiar, it should. @citizenlab’s @jsrailton says he has found digital connections between Lucas Lambert and another operative, Michel Lambert, that he and I ambushed in New York in January.
Michel Lambert, in turn, is alleged by a Canadian lawyer to be the same person as Black Cube agent Victor Petrov. Here’s the lawyer’s filing from last month:

xHere’s Black Cube’s response to us when I asked whether they were involved in the operation against Kaspersky critics. ... me=600x314 ... me=600x314

Meanwhile, I asked @kaspersky a series of questions about this operation. Were they involved in any way? Have they ever hired Black Cube?

Their response: No comment.

AP Exclusive: Undercover spy targeted Kaspersky critics

LONDON (AP) — Keir Giles’ first thought was that the man’s cheap-looking suit didn’t seem right for a private equity executive. The man seated in front of him at the London hotel claimed to live in Hong Kong, but didn’t seem overly familiar with the city. Then there was the awkward conversation, which kept returning to one topic in particular: the Russian antivirus firm Kaspersky Lab.

He also asked Giles to repeat himself or speak louder so persistently that Giles said he began wondering “whether I should be speaking into his tie or his briefcase or wherever the microphone was.”

“He was drilling down hard on whether there had been any ulterior motives behind negative media commentary on Kaspersky,” said Giles, a Russia specialist with London’s Chatham House thinktank who often has urged caution about Kaspersky’s alleged Kremlin connections. “The angle he wanted to push was that individuals — like me — who had been quoted in the media had been induced by or motivated to do so by Kaspersky’s competitors.”

The Associated Press has learned that the mysterious man, who said his name was Lucas Lambert, spent several months last year investigating critics of Kaspersky Lab, organizing at least four meetings with cybersecurity experts in London and New York.

Giles said he met with Lambert twice last year, ostensibly to discuss Giles speaking at a cybersecurity conference that Lambert’s company was organizing. But Lambert seemed far more interested in finding out whether anyone had been paid to publicly undermine Kaspersky.

Kaspersky Lab declined to answer questions from the AP about whether it had any involvement with the meetings.

The operation targeting Giles and others came at a sensitive time for the Moscow-based company, which boasts one of the world’s most popular consumer antivirus products and a research unit widely respected for routinely exposing elite hacking groups.

U.S. officials had occasionally expressed wariness about the firm over the years, but criticism of the company intensified in the aftermath of Russian intervention in the 2016 presidential election.

U.S. lawmakers began calling for restrictions on Kaspersky, contending that a Russian firm could not be trusted to keep American networks safe, and the U.S. Department of Homeland Security ordered federal agencies to remove the firm’s antivirus software from their computers. Congress later passed legislation banning the software from government networks.

By the time Giles met with Lambert, Kaspersky was suing the U.S. government over its decision, arguing that it never helped hackers and was being “considered guilty until proven innocent.” U.S. judges have since dismissed the lawsuit.

The AP learned that Lambert also targeted Michael Daniel, who served as former president Barack Obama’s cybersecurity czar, though it is unclear whether he actually managed to meet with Daniel.

In an email exchange with the AP, Lambert insisted that he and his company were genuine, but he did not reply to follow-up questions about the multiple discrepancies in his story or make himself available for an interview. The AP could find no evidence of the existence of the firm Lambert said he worked for, Tokyo- and Hong Kong-based NPH Investments.

Research by Citizen Lab, an internet watchdog group based at the University of Toronto’s Munk School, suggests the Lucas Lambert operation is linked to an almost identical one involving a man calling himself Michel Lambert. Michel’s bungled attempt in a Manhattan restaurant to entrap John Scott-Railton, a senior researcher at the lab, was caught on camera by AP reporters two months ago.

The two Lamberts appear to be different individuals. A few days after the AP published Michel Lambert’s photo, he was outed as former Israeli intelligence officer Aharon Almog-Assouline. In a Canadian court filing , a Toronto attorney said Assouline “bears a striking similarity” to a man he identified as an operative for Black Cube, an Israeli private intelligence firm.

Black Cube has denied any connection to the operation targeting Citizen Lab or to Michel Lambert. Its Israeli law firm, Cassouto & Co., said in a letter that it had absolutely no link to Lucas Lambert either.

“Black Cube denies it ever worked — directly or indirectly — for or on behalf of Kaspersky Lab,” the letter said. “Black Cube also denies any involvement with an undercover operative going by the alias ‘Lucas Lambert.’ Black Cube does not know who ‘Lucas Lambert’ is and never heard this name.”

Giles said that Lucas Lambert first reached out to him in an April 30, 2018, email , saying he wanted to discuss a private investor conference being organized by his company. He said NPH’s clients wanted to know more about the overlap between cybersecurity companies and governments, offering Giles — who regularly gives lectures — $10,000 to deliver a keynote speech.

Giles said he agreed to meet on May 10 to discuss the idea. And while the pair did discuss the potential speaking engagement, Giles said Lambert also quizzed him on his attitude toward Kaspersky.

Giles had given interviews suggesting Kaspersky’s claims to be a neutral player should be taken with a grain of salt, saying it wouldn’t be unusual for the company to cooperate with Russian spies in the same way that U.S. companies have in the past been caught giving discreet assistance to the National Security Agency.

Even if Kaspersky itself resisted such cooperation, Giles said, “individual employees of the company in Russia can be subverted with great ease.”

At their meeting, Giles said, Lambert sounded him out on those criticisms, asking him whether doubts about Kaspersky were being sown by industry rivals jealous of the company’s success. Lambert also asked if Giles and others were being induced by anyone to denigrate the company in the media.

“I told him repeatedly that that was not the reason,” Giles said.

Giles said he exited the meeting with mixed feelings: Lambert’s backstory raised some flags, but he seemed knowledgeable about cybersecurity. So when Lambert asked if Giles could recommend anyone else for the conference, he put him in touch with an American cybersecurity expert he knew.

In an email exchange with his U.S. colleague, Giles said the conference could be an opportunity for them both to earn money and enjoy some dim sum in Hong Kong. But he added an important caveat.

“I have no guarantees this is a legit operation,” Giles wrote, explaining that he could find no one who had heard of NPH Investments.

“I’m proceeding with mild caution,” he said.

An AP search of Japan’s National Tax Agency database found no record of NPH Investments. And while there is a company called NPH Investments Limited based in Hong Kong — the company Lambert claimed to work for when challenged by the AP — corporate records show that it’s registered at a different address than the one displayed on Lambert’s business card and on NPH’s website. The registered owner of NPH Investments Limited did not return a message from the AP.

A receptionist at the Wharf T&T Centre in Hong Kong, the address Lambert claimed to work from, told an AP reporter that the company was not listed in the building’s directory. The management at Tokyo’s Nishi Shinjuku-Takagi Building, where Lambert also claimed to have an office, said they found no trace of the firm.

The website of Lambert’s NPH also is strikingly similar to a number of fake sites recently used to target cybersecurity researchers at Citizen Lab.

Scott-Railton, one of the researchers, said the sites followed the same domain registration pattern, used off-the-shelf designs from an Israeli firm called Wix and were connected to a web of LinkedIn profiles featuring black-and-white or oddly angled photographs of men and women wearing sunglasses.

“Whoever created the NPH Investments identity was drawing from the same playbook,” Scott-Railton said.

Giles said his suspicions about NPH deepened after his second meeting with Lambert on June 6. Lambert asked the same questions all over again, he said, complete with the requests to repeat himself and talk loudly. The only variation was when Lambert falsely claimed that Giles had told him Kaspersky’s critics had been paid to slam the company in the media.

“That removed my remaining doubts that this was to hear — and possibly record — my comments on Kaspersky,” Giles said. “He was plainly hoping for an admission by me that either I or others had been working on behalf of other cybersecurity companies to reduce Kaspersky’s business.”

Meanwhile, the U.S. cybersecurity expert that Giles recommended had also met Lambert, sitting down at the Ritz-Carlton Hotel in New York on May 31. There, and at a second meeting with the expert on July 10, Lambert also touched on criticisms of Kaspersky.

“He brought it up more than once,” the cybersecurity expert said, speaking on condition of anonymity because his employer had asked him not to identify himself publicly. “He asked whether economic competitors were trying to gin up the security threat.”

In his conversations with Giles and the U.S. expert, Lambert appeared particularly eager to meet with Michael Daniel, who was White House cybersecurity coordinator between 2012 and 2017, asking both men for Daniel’s contact details.

Neither was able to provide an introduction, but Lambert claimed to have made contact. In an email obtained by AP, he said he met with Daniel last September and labeled the get-together a success.

But the Cyber Threat Alliance , a mainly American organization that Daniel now leads and is devoted to sharing intelligence about digital threats, said the former White House official had no recollection of any suspicious meetings. The alliance added that Daniel “has assumed he is a potential target for these kinds of operatives since he started in the White House seven years ago.”

A motive for targeting Daniel is unclear.

In April 2017, Kaspersky had expressed an interest in joining Daniel’s Washington-based group, according to a former U.S. intelligence official briefed on the discussions, who spoke on condition of anonymity because he wasn’t authorized to discuss the matter publicly. The former official said the sporadic communications went nowhere, petering out in February 2018, two months before Giles received his first email from Lambert.

The alliance said it did not comment on membership discussions.

A few weeks after he claimed to have met Daniel, Lambert’s operation appears to have wound down. He wrote Giles on Oct. 15 to tell him the conference would have to be postponed indefinitely because a major client had “an unplanned board meeting.”

Giles remembers feeling relieved that the surreal episode was over.

“This was a kind of go-through-the-mirror experience,” he said, warning others in his position to be on their guard. “It’s really important for us to stay on the right side of the looking glass.”
User avatar
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)


Return to General Discussion

Who is online

Users browsing this forum: No registered users and 7 guests