Mikhailov case
The Mikhailov Case refers to an espionage scandal surrounding the activities of the Center of Information Security of FSB (18th Center), whose employees were implicated in high treason after participating in a number of high-profile criminal cases. January 31, 2017 was arrested that the head of the 2nd department of the CIS Sergei Mikhailov (FSB)[1] and his deputy Dmitry Dokuchaev[2] In the same case, the head of the department of investigation of computer incidents of Kaspersky Lab Ruslan Stoyanov[3] and Georgy Fomchenkov were arrested.[4] The result of the case was the complete cessation of cooperation between Russia and the US on cybercrime.[5] An unprecedented fact was the accusation of the Russian CIS FSB officers arrested in Russia in cybercrime in the United States.
Confrontation of the CIS FSB of the Russian Federation and Vrublevsky
Persecution of the company management Chronopay
In 2011-2012 CIS FSB filed a case against the owner of Chronopay Pavel Vrublevsky and a number of its employees. They were accused of organizing a DDoS attack on the server of Aeroflot. On July 31, 2013, a conviction was pronounced in the case.[6] In the course of the trial, the operatives and investigative materials on Pavel Vrublevsky's case were posted to the Internet by unknown persons, including those that were not submitted to the court. Vrublevsky declared about exerting pressure from Mikhailov on his business and (secretly) transferring information to Western special services.[7]
Attempts to access the data of authors and commentators roem.ru
In the spring of 2011, Yuri Synodov (editor-in-chief of roem.ru) received an official request from the officers of the CIS FSB, signed by Sergey Y. Mikhailov, the head of the 2nd operational department of the CIB, to provide information about one of the authors of the article on the site. In response, they sent their own request to the prosecutor's office with a request to clarify whether the actions of the CIS officers are legitimate. The prosecutor's office responded that the FSB's actions are legitimate, while Synodov did not provide data to the CIS FSB staff.[8] Sinodov said that previously the CIS FSB staff had asked him to provide information about the authors of some comments on articles on the site.[9][10]
Spy espionage scandal in early 2017
On January 31, 2017, Interfax reported, citing sources, that the head of the 2nd department of the CIS FSB,[1] Sergey Mikhailov, and his deputy senior operative in the planning department of the CIS FSB Dmitry Dokuchaev, arrested in the framework of the case About high treason, cooperated with the US CIA.[2]
Chronology
Aeroflot case
On July 11, 2010, due to the DDoS attack on the servers of the Assist payment system, air ticket reservation on Aeroflot's website was not available for a week.[11]
June 24, 2011 Lefortovo Court of Moscow authorized the arrest of Pavel Vrublevsky.[12] The arrest was carried out at the request of the Investigative Directorate of the FSB with the support of the Center of Information Security of the Federal Security Service of the Russian Federation. Vrublevsky returned with his family to Moscow from the Maldives and was arrested at the Sheremetyevo airport. The FSB accused Vrublevsky of ordering a DDOS attack on the site of the competing payment system "Assist".[13] Then the system of sales of electronic tickets of "Aeroflot" was put out of operation, because of what the airline left from "Assist" to "Alfa-bank". Aeroflot also filed a claim for 194 million rubles. to "VTB-24", which through "Assist" provided Aeroflot with payment processing.[14]
For the next six months, Vrublevsky was in the Lefortovo detention center.[15] After being released from custody, Vrublevsky was preparing to sell ChronoPay, the buyer was supposed to be a large state bank.
Vrublevsky's lawyer argued that the case was completely fabricated, and demanded that the FSB officers be held accountable.[16] The criminal case was sent for further investigation by a curious circumstance - the investigation of the FSB confused (and the Prosecutor General's Office confirmed this in the indictment) the number of the federal law on which Vrublevsky was involved: instead of 26-FZ (articles 272 illegal access and 273 creation and use of viruses) FZ,[17] the law on ratification of the agreement of the Russian Federation and the countries of Asia on creation of the joint drug center. Subsequently, the prosecution in 273 articles was withdrawn by the Tushinsky District Court in view of the expired statute of limitations.[18]
The reasons and motives for the criminal prosecution of Vrublevsky were actively discussed in the press. Thus, the article by Irek Murtazin in Novaya Gazeta[19] argued that despite the fact that Vrublevsky is pursued by the CIS FSB, he may be an agent or partner of the FSB "Office K" for illegally withdrawing money from the country. There are no facts, except for a number of appraisal opinions supporting this opinion, in this article is not given. Employees of Chronopay, owned by Vrublevsky, claimed that his arrest was connected with an attempted raider seizure of the company, but no further public confirmation of this was available.[20]
In May 2013, Pavel Vrublevsky's blog showed evidence that the investigating authorities were engaged in forging documents, including dating of the examinations and their contents, changing the packaging of the confiscated laptop and the contents of the disks examined during the examination, etc. In particular, Vrublevsky pointed out, that, judging by the text of the examination carried out by Group-IB on behalf of the investigation, this examination was based on materials received from Kaspersky Lab ten months after its conduct. The defense claimed that the signatures of the witnesses were forged. Although all out of four of the four witnesses refused to give their signatures for examination, the defense was able to conduct an expert examination on the samples from the agendas. The examination showed that in the criminal case the signatures were made by another person. Vrublevsky himself had the imprudence to call personally one of those witnesses Nikita Evseev. That being a close friend of the investigator Dadinsky wrote a statement to the court that he feared for his life, while not explaining what he was afraid of. To which the court again arrested Vrublevsky June 6, 2013.[21]
On July 31, 2013, a court session was held on the case of a DDoS attack on the Assist system site, during which Pavel Vrublevsky was recognized by the court as an organizer for an attack on Assist "with the aim of destroying it" and sentenced to 2.5 years in a general regime colony. Igor and Dmitri Artimovich, who were also participating in the case as accomplices, were sentenced to 2,5 years of the colony of the general regime, and Maxim Permyakov received two years probatory sentence "for active repentance and assistance to the investigation".[22][23][24]
A few months later, the Moscow City Court mitigated the punishment of Vrublevsky and other defendants for a “colony-settlement” (a much more lesser form of conviction).[25]
The motive for the crime in this case, in fact, was not investigated, as it became clear within the court that the initial version of the investigation of commercial intent in the attack of the payment system Assist in order to eliminate it as a competitor can not be true, since before the attack, the defendants already knew about Aeroflot's soon refusal to use Assist, the defendants themselves did not provide reliable data on the motive, referring to "revenge" and similar reasons.
In conclusion, Pavel Vrublevsky worked as a fireman at a fire station near the colony. On May 27, 2014, Vrublevsky was released on parole ahead of time from the colony.[26]
Spy Scandal of 2017
Investigative actions in the case of the DDoS attack continue in 2016.
In December 2016, officers of the CIS FSB Sergey Mikhailov, Dmitry Dokuchaev, head of the cybercrime investigation department of Kaspersky Lab Ruslan Stoyanov, and Georgy Fomchenkov were arrested for treason. After that, the largest international media published information according to which the case of Aeroflot was again in the news, because based on the new data, the real reason for the prosecution of Vrublevsky was his investigation materials against Mikhailov and the rest of those arrested as long back as in 2010 on the basis of which he privately accused the a group of individuals working for foreign intelligence agencies to promote the myth of Russian cyber crime. Ultimately, this group of people was able to successfully fabricate the case against Vrublevsky himself. In this case, in 2016 was shed light on the early investigation of Vrublevsky and Mikhailov's group was arrested by the Self Security Unit of the FSB of Russia.[27][28][29]
In January 2017, it became known that the head of the site "Humpty Dumpty", journalist Vladimir Anikeev, also known as the "Anonymous International", who hacked the mail of Russian businessmen and high-ranking officials, was detained shortly before the arrest of FSB officers. In January, Rosbalt told about the circumstances of the capture of Anikeev: the FSB detained him in October 2016, and later, according to his testimony, high-ranking FSB officers Dmitry Dokuchayev and his boss Sergey Mikhailov were arrested. They were accused of state treason and cooperation with the CIA.
In February 2017, Reuters reported that the case of a state treason in the FSB was due to Vrublevsky's testimony from 2010.[30]
In March 2017, the US Department of Justice announces the involvement of Sergei Mikhailov and Dmitry Dokuchaev in the hacking of 500 million Yahoo mail accounts.[31]
In the same month, information is published that the accusation in the state treason is directly related to the transfer of data on the activities of Pavel Vrublevsky to foreign special services back in 2010. In response to the arrests of the US, they accused a number of the same FSB officers (Dokuchaev) of cybercrime and announced them on the international wanted list, posting their photos on the FBI website, which resulted in a complete rupture of cooperation between the United States and Russia on cybercrime.
On June 12, 2017, a significant part of the documents on the Mikhailov case was sealed with a "secret" stamp, Rosbalt reported, citing an informed source.[32]
References
- "СМИ рассказали о взломавшем Yahoo по заказу ФСБ "хорошем парне"". RBC. Retrieved 2017-03-16.
- "Арестованных офицеров ФСБ обвинили в сотрудничестве с ЦРУ". Interfax.ru (in Russian). 2017-01-31. Retrieved 2017-01-31.
- «Лаборатория Касперского» подтвердила арест топ-менеджера — Lenta.ru
- СМИ: Четвертый фигурант дела ЦИБ ФСБ — Георгий Фомченков — Grani
- «Лаборатория Касперского» не ощутила влияния ареста сотрудника на репутацию компании — Kommersant
- Владелец Chronopay получил 2,5 года тюрьмы за Ddos-атаку на «Аэрофлот» — Cnews.ru
- Арестован полковник ФСБ Сергей Михайлов, курировавший сферу интернет-безопасности — The Insider
- Грязные руки. Авторская статья на roem.ru. 18/07/2011
- ФСБ inside «А зачем нам давить на социальные сети, когда мы можем в рамках СОРМ снять информацию с серверов без их ведома?» — News2
- Госизмена или госизменения: что известно о сотрудниках ФСБ, обвинённых в хакерстве — TJournal
- Assist поломался из-за DDoS - roem.ru
- Гендиректора Chronopay арестовали по подозрению в организации DDoS-атаки сайта «Аэрофлота» - Gazeta.ru
- За что арестовали Павла Врублевского | Forbes.ru
- Financial Mogul Linked to DDoS Attacks — Krebs on Security
- "Врублевский: после выхода из СИЗО я стал гораздо жестче | Digit". Archived from the original on 2012-06-26. Retrieved 2017-10-31.
- ВЕДОМОСТИ — Дело владельца Chronopay передано в суд
- Прокуратура случайно обвинила Врублевского в контрабанде наркотиков | Roem.ru
- M24.RU — Снята часть обвинений по делу об атаке на сайт «Аэрофлота» — Городской информационный канал — «Москва 24»
- Киберпреступник № 1 Павел Врублевский: Суперагент или жертва ФСБ?
- Сообщение об аресте Врублевского на сайте Business FM
- Расследование: как владелец Chronopay пытался противостоять ФСБ - Cnews
- Павел Врублевский признан виновным по делу о кибератаке на «Аэрофлот» - КоммерсантЪ
- Павел Врублевский признан виновным по делу о кибератаке на сайт «Аэрофлота» - Interfax.ru
- Основатель Chronopay Врублевский осужден на 2,5 года за хакерскую атаку на сайт «Аэрофлота»
- Мосгорсуд смягчил приговор организатору Ddos-атаки на сайт «Аэрофлота» в 2010 году - Tass.ru
- Владельца Сhronopay Павла Врублевского освободили из тюрьмы - TheVillage
- Арестованных офицеров ФСБ обвинили в сотрудничестве с ЦРУ - Interfax.ru
- Хакер ФСБ под колпаком у коллег - Gazeta.ru
- Хакер в погонах: чем прославился третий фигурант дела о госизмене в ФСБ - RBC
- Обвинения в госизмене против российских кибер-экспертов связаны с делом 2010 года — источники - Reuters
- Washington Post: США заподозрили арестованного сотрудника ЦИБ ФСБ Докучаева во взломе Yahoo - Mediazona
- ФСБ засекретила дело «Шалтая-Болтая» — Rosbalt