news

‘The Defense Ministry hacks servers blatantly and clumsily’ An investigative report by The Bell shows how an institutional rivalry in Russian policing may tie Moscow to the cyber-attack on the U.S. Democratic Party

16:21, 5 december 2017

An employee at Secureworks, which investigated the Fancy Bear cyber-attack on the Democratic Party. October 4, 2017

Marina Hutchinson / AP / Scanpix / LETA

According to a new investigative report by Svetlana Reiter, published by The Bell, an unnamed source claims that former Russian Federal Security Service colonel Sergey Mikhailov, who’s now on trial in Russia for treason, may have provided U.S. officials with information about the hacker attacks on the Democratic Party. Meduza summarizes Reiter’s article.

Sergey Mikhailov was arrested a year ago today, on December 5, 2016, but almost nothing is known about the charges against him, though we do know that the treason case names four defendants from the Federal Security Service (FSB). Ivan Pavlov, a lawyer for one of these suspects, says he believes the case was classified so the defendants “wouldn’t be able to say anything more.” Three sources familiar with the suspects told The Bell that the case was launched because Mikhailov and his accomplices helped American intelligence agencies identify the hackers who stole data from the Democratic Party. The Bell was unable, however, to verify this information independently.

According to the U.S. intelligence community, the Russian Defense Ministry’s Main Intelligence Directorate (GRU) is responsible for the hacker attacks on the Democratic Party. Sources told The Bell that the institutional competition for budget resources has driven both the GRU and FSB to launch cyber-attacks. Researchers from the company Crowdstrike indirectly confirmed this rivalry in a 2016 report on the hacker groups “Cozy Bear” and “Fancy Bear.” In January 2017, the newspaper Novaya Gazeta reported that Mikhailov and the others were arrested on charges related to the hacking of the Democratic Party.

The Bell’s sources say the formal charges against Mikhailov and the other defendants do not address the cyber-attack on the Democratic Party, and deal instead with intelligence he allegedly sold to American officials in 2007 about Pavel Vrublevsky, the owner of Chronopay, a transaction security company.

In retaliation, Vrublevsky apparently informed the FSB that Mikhailov was collecting data about the hacker attacks and passing it to the Americans. In August, the independent television station Dozhd reported that Mikhailov could have supplied the FBI with information that led to the July 2014 arrest of Russian hacker Roman Seleznev in the Maldives. Ivan Pavlov, who represents one of the defendants in Mikhailov’s treason case, categorically denies these allegations. In March 2017, the FBI charged Dmitry Dokuchaev, one of Mikhailov’s subordinates in the FSB’s cyber-investigative department, with hacking and stealing 500 million Yahoo user accounts.

A source who knows Mikhailov says his main motivation for helping the Americans was his commitment to fighting crime. It’s possible, however, that Mikhailov was also receiving money from the U.S. government, though his lawyers deny this. Multiple sources also told The Bell that Mikhailov held a position at the media holding company RBC from 1999 to 2009, where he apparently earned “an unusual supplement” to his salary as an FSB officer. The Bell was unable to find out how much money RBC may have paid him.

Russian text by Mikhail Zelenskiy, translation by Kevin Rothrock