Did US intelligence have a spy at the heart of Russia's FSB-linked cybersecurity unit?
Treason, plotting, secrets and Anonymous: What's going on inside Russian intelligence?
Something strange is going on at the heart of Russian intelligence.
At least four key government cybersecurity officials have been accused of treason, a leading Russian anti-virus firm has been caught up in the storm, and now, rumours are swirling that at least one of the suspects may have had close links with US intelligence.
In December last year Sergei Mikhailov, deputy chief of the FSB's Center for Information Security (CIS), was detained alongside Dmitry Dokuchaev, who worked in the same department, and Ruslan Stoyanov, a top investigator at Kaspersky Lab. The fourth suspect remains unknown.
The men, according to Russian newspaper Kommersant, were accused of receiving money from foreign organisations. Now, the plot has thickened, but not necessarily become clearer, as Russian media indicate at least one suspect was leaking data to US intelligence.
Independent newspaper Novaya Gazeta, translated and reported by The Moscow Times, said the FSB now believes Mikhailov provided American officials information about a man called Vladimir Fomenko and his Biysk-based server-renting business, Kings Servers.
This business was of interest to the US, as it was previously implicated in the probe analysing alleged cyberattacks against the state board of elections in Arizona and Illinois.
ThreatConnect, a cybersecurity firm, tracked IP addresses used in the attacks to Kings but could not conclusively link them to the so-called 'election hacking'.
As the case continues to unfold, conspiracy theories are mounting. One pro-Kremlin outlet, Tsargrad TV, reported - seemingly without evidence - that Mikhailov may have also been linked to a hacker collective called Anonymous International, which also goes by the name Shaltay-Boltay.
It added the hacking group may have been under the thumb of the US Central Intelligence Agency, (CIA) however, the article (archived here) has since been taken offline. Shaltay-Boltay is well-known in Russia for leaking sensitive data, including personal emails of government officials.
In reality, however, the truth remains elusive. At least four US intelligence officers, speaking to Buzzfeed News, have denied having any insight into the real reason behind the arrests of Mikhailov, Stoyanov and the other two suspects.
"There are a small handful of people who would know if one or both of these men was a US asset or in any way involved in any intelligence operation, and I'm not one of them," one contact said after being granted anonymity.
"Obviously, this could also be an internal struggle within the FSB, in which case we would have little daylight into what was happening," he or she added.
Kaspersky Lab, the workplace of Stoyanov since 2012, has denied any involvement with the case. In a statement issued on 25 January, it said: "This case is not related to Kaspersky Lab. Ruslan Stoyanov is under investigation for a period predating his employment."
According to his own LinkedIn profile, Stoyanov held a key cybersecurity position at Moscow's Ministry of Interior between 2000 and 2006. He is documented as having previously worked alongside the FSB to combat cybercrime gangs in the country.
Andrei Soldatov, an academic focused on studies relating to the Russian security services, told the Associated Press his arrest was an unprecedented move on behalf of the authorities.
He said: "It destroys a system that has been 20 years in the making, the system of relations between intelligence agencies and companies like Kaspersky. Intelligence agencies used to ask for Kaspersky's advice, and this is how informal ties were built.
"This romance is clearly over."
The relationship between Kaspersky Lab and the Russian government appears to be somewhat souring. On 13 January, another report from Kommersant said the director of the FSB's Center for Information Security, Andrei Gerasimov, was being fired from his job.
The newspaper said the reason was due to links between the agency's cooperation with Kaspersky Lab on hacking cases, but did not name any specific inquiries. Gerasimov was a high profile figure, also holding a counterintelligence role at the FSB.
The US Intelligence Community (IC) believes senior officials in Russia sanctioned recent cyberattacks at various political institutions with the aim of helping Donald Trump reach the White House. Russian president, Vladimir Putin, has consistently rejected this claim.
© Copyright IBTimes 2024. All rights reserved.