Russia accuses cybersecurity experts of treasonous links to CIA

Rumours swirl of connection to revelations about US election hacking, as state media says Sergei Mikhailov and Dmitry Dokuchayev ‘betrayed their oath’

Two of Moscow’s top cybersecurity officials are facing treason charges for cooperating with the CIA, according to a Russian news report.

The accusations add further intrigue to a mysterious scandal that has had the Moscow rumour mill working in overdrive for the past week, and come not long after US intelligence accused Russia of interfering in the US election and hacking the Democratic party’s servers.

Sergei Mikhailov was deputy head of the FSB security agency’s Centre for Information Security. His arrest was reported in a series of leaks over the past week, along with that of his deputy and several civilians, but Tuesday’s news went much further.

“Sergei Mikhailov and his deputy, Dmitry Dokuchayev, are accused of betraying their oath and working with the CIA,” Interfax said, quoting a source familiar with the investigation.

It is unlikely the news agency would have published the story without official sanction, though this does not necessarily mean the information is true.

The story did not make it clear whether the pair were accused of being CIA agents or merely passing on information through intermediaries.

According to earlier reports in the Russian media, Mikhailov was arrested some time ago, in theatrical fashion, during a plenary session of the top FSB leadership: a bag was placed over his head and he was marched out of the room, accused of treason.

His deputy, Dokuchayev, is believed to be a well-known Russian hacker who went by the nickname Forb, and began working for the FSB some years ago to evade jail for his hacking activities.

Together with the two FSB officers, Ruslan Stoyanov, the head of the computer incidents investigations unit at cybersecurity firm Kaspersky Lab, was also arrested several weeks ago.

Kaspersky confirmed last week that Stoyanov had been arrested and was being held in a Moscow prison, though it said the arrest was not linked to his work for the company. Interfax said four people had been arrested and a further eight were potential witnesses in the case.

It is believed that Dokuchayev and Mikhailov face treason charges, which carry a penalty of up to 20 years in prison. The treason charge means any trial will be held in secret.

The arrests and the treason charge, so soon after US intelligence accused Russia of interfering in the US election process and hacking the Democratic party servers, have led to inevitable questions about whether the arrests are linked to the US election story.

Over the weekend the New York Times cited one former and one current US official as saying human intelligence had played a major role in helping US authorities determine that Russia was behind the hacking. The publicly released version of the official report was largely free of real evidence to back up its conclusions, though if Russian sources were involved, it is understandable this would not be made public.

While the information on the arrests has come in difficult-to-decipher chunks, it has been clear that something very strange has been going on inside the FSB. In a city where leaks on such sensitive cases are rare, several Russian outlets have been furnished with varying versions of the story by insider sources, suggesting either a carefully calibrated attempt to get information out, or factions struggling to spin the story in various ways.

The majority of leaks suggest the arrests are linked to Shaltai-Boltai, a group of hackers who had become notorious for leaking the emails of Kremlin officials online. A former journalist, Vladimir Anikeev, believed to be the ringleader of the group, is also among those arrested, according to reports.

In summer 2014 a representative of Shaltai-Boltai met the Guardian in a city outside Russia, on the understanding that neither the location nor the appearance of the man would be described in print.

The interview was set at a little-used boat club on the outskirts of a European capital. The man, who wore a floral shirt, sailed a boat into the middle of the river and spoke only when he had turned on loud music in the cabin to prevent anyone from listening in.

The man, who introduced himself only as Shaltai, said the group was made up of hackers, and possibly disgruntled officials, and had a large archive of unused material it may choose to release in future. He claimed the group possessed everything ranging from records of every meal Vladimir Putin had eaten for the past several years to thousands of emails sent by the president’s inner circle.

As evidence, he produced a laptop and opened what looked at first glance like the full email archive for a leading Kremlin official. He suggested the group would be willing to provide information to clients who could pay.

The alleged role of Mikhailov in the Shaltai-Boltai scheme is murky. Another intelligence source described the alleged scheme to Interfax as follows: “Each of those involved did their own work. Some people developed and carried out cyberattacks, while others worked with foreign intelligence. These things went in parallel, but did not really overlap.”

Some believe Shaltai-Boltai could have been involved in passing information to western intelligence, while others suggest the appearance of the group in the case is a red herring to distract attention from the real election-hacking story.

“To me, these leaks about Shaltai-Boltai suggest a hastily made cover-up,” said Andrei Soldatov, co-author of a recent book on the Russian internet and cybersecurity. “Mikhailov and Stoyanov were real experts in one thing, the Russian digital underground, not the kind of stuff that Shaltai-Boltai leaked. So if there is anything real about the treason charges, the kind of information they could pass on would be about this, perhaps about informal actors in the DNC hacking scheme.”

On Tuesday, Life, an online news portal with close links to the security services, reported that FSB agents had searched Mikhailov’s home and dacha and found more than $12m (£10m) in cash stashed in various hiding places.


Shaun Walker in Moscow

The GuardianTramp

Related Content

Article image
Russia-aligned hackers running anti-Nato fake news campaign – report
‘Ghostwriter’ campaign said to involve replacing true stories with false ones on news sites in Poland and Lithuania

Dan Sabbagh Defence and security editor

30, Jul, 2020 @3:32 PM

Article image
EU to run war games to prepare for Russian and Chinese cyber-attacks
Ministers to be put in fictional scenarios after series of hacking incidents

Daniel Boffey in Helsinki

27, Jun, 2019 @12:48 PM

Article image
Malicious forces creating 'perfect storm' of coronavirus disinformation
Russia and China among state and other actors spreading fake news and disruption, say experts

Peter Beaumont, Julian Borger and Daniel Boffey

24, Apr, 2020 @12:30 PM

Article image
UK accuses Kremlin of ordering series of 'reckless' cyber-attacks
Foreign Office increases pressure on Russia after Skripal poisoning

Patrick Wintour Diplomatic editor

03, Oct, 2018 @11:01 PM

Article image
German spy chief says Russian hackers could disrupt elections
Cyber-attacks aim to delegitimise democratic process and elicit political uncertainty, says Bruno Kahl

Kate Connolly in Berlin

29, Nov, 2016 @3:34 PM

Article image
Dispute along cold war lines led to collapse of UN cyberwarfare talks
Thirteen years of negotiations came to an abrupt end in June, it has emerged, because of a row over the right to self-defence in the face of attacks

Owen Bowcott Legal affairs correspondent

23, Aug, 2017 @5:00 AM

Article image
Russian hackers suspected of Kremlin ties used Windows bug ‘to spy on west’
Cyber-threat intelligence firm iSight says ‘Sandworm Team’ used unknown bugs from 2009 to steal EU and Nato documents

Alec Luhn in Moscow

14, Oct, 2014 @5:41 PM

Article image
Boris Johnson to tell Russia to 'keep nose' out of European elections
British foreign secretary says Moscow must ‘show they can be trusted again’ amid fears it is meddling with democratic processes

Daniel Boffey in Brussels

06, Mar, 2017 @2:47 PM

Article image
Nato must defend western democracy against Russian hacking, say Fallon
UK defence secretary accuses Moscow of ‘weaponising misinformation’ to disable democratic machinery

Ewen MacAskill Defence correspondent

03, Feb, 2017 @8:12 AM

Article image
The Guardian view on cyberwars: enter the trolls | Editorial
Editorial: The great breach in the US government’s database is a classic case of informational smash and grab. But operations to plant misinformation are also worrying for states which care about truth


05, Jun, 2015 @6:11 PM