5 / 18
By ANDREW E. KRAMER3 hrs ago
© Chirikov/EPA/REX/Shutterstock/Rex Images General View of the Headquarters of the Federal Security Service Building in Moscow
MOSCOW — The authorities in Moscow are prosecuting at least one cybersecurity expert for treason, a prominent Russian criminal defense lawyer confirmed on Friday, while a Russian newspaper reported that the case is linked to hacking during the United States presidential election.
While surely touching a nerve in American politics, the developments in Moscow left a still muddled picture of what, exactly, a series of arrests by the security services here signifies.
But the virtually simultaneous appearance of at least four prominent news reports on the hacking and several related arrests, citing numerous anonymous sources, suggests that the normally opaque Russian government intends to reveal more information about the matter, though it is unclear why.
In the waning weeks of the Obama administration, American federal intelligence agencies released a report asserting the Russian government had hacked into the computers of the Democratic National Committee and the chairman of Hillary Clinton’s campaign, John D. Podesta, stealing and releasing to WikiLeaks emails intended to damage Mrs. Clinton and help President Trump win the election.
But the unclassified version of the report offered only thin corroborating information, many independent analysts have said. The treason arrests in Moscow hint at a possible human intelligence source in at least one hacking episode, the intrusion into state electoral boards in Arizona and Illinois.
The confirmation by the Russian lawyer, Ivan Pavlov, in written answers to questions from The New York Times, was the closest so far to a formal acknowledgment that the Russian government has detained suspected spies within the cyberbranch of its Federal Security Service, or F.S.B., the main successor to the K.G.B.
Mr. Pavlov declined to identify his client or elaborate on the reason for the indictment for “betraying the state,” punishable by up to 20 years in a penal colony.
Kommersant, a Russian newspaper, first reported Wednesday on what the Russian news media are calling a purge of the cyberbranch of the F.S.B. that was conducted in early December.
It reported that the Directorate for Internal Security, the agency’s internal affairs bureau, arrested Sergei Mikhailov, a deputy director of the Center for Information Security, the agency’s cybersecurity arm, and Ruslan Stoyanov, a senior researcher at a prominent cybersecurity company, Kaspersky Lab.
Novaya Gazeta, a respected Russian opposition newspaper, reported Friday that the internal investigation led to two other arrests, and that all of the detentions were related to American investigations into Russian hacking during the election.
The newspaper’s report, based on unnamed sources, said the F.S.B. began the internal investigation after news media reports that a United States cybersecurity company, ThreatConnect, had linked the election hacking to a Siberian server company. That company, King Servers, was otherwise used largely for criminal and marginal cyberactivities, such as distributing pornography and counterfeit goods, by the admission of its owner.
The report said the investigation led to Mr. Mikhailov, a senior officer involved in tracking criminal cyberactivity in Russia.
Both Novaya Gazeta, an outlet for the liberal opposition, and Tsargrad, a hard-line nationalist publication, reported that the F.S.B. made a brutal show of his arrest.
Agents arrested Mr. Mikhailov with a theatrical touch, placing a bag over his head in the midst of a congress of senior intelligence agency officers in Moscow and leading him from the room, the two publications reported.
“The arrest was certainly colorful,” Tsargrad’s report said. “Mikhailov was led from the congress of F.S.B. colleagues with a bag on his head.”
Still, the fragmentary information about the arrests seemed, as is so often the case here, little more than shadows cast on a wall of real, unseen events taking place out of public view.
The hints suggested to some analysts that the Russian government may be signaling that it might, however indirectly through a treason trial, reveal details of election hacking, which have the potential of damaging the administration of Mr. Trump.
“They are suggesting it is true, and furthermore, they can prove as much,” Kenneth Geers, a former cyberanalyst with the Department of Defense and an authority on Russian signals intelligence tradecraft, said of the Russians possibly revealing details of their own operation.
“They could increase the pressure on Trump in the United States by suggesting he is an illegitimate president,” Mr. Geers said, by simply verifying parts of what United States intelligence has already asserted that Russia did. “That would seem to put tremendous pressure on the White House.”
Another, somewhat counterintuitive suggestion is that by documenting its role in the electoral hacks, the Kremlin could serve its foreign policy interests by underscoring the extent and power of its reach in the world. The Russian Foreign Ministry has denied any role in the hacking.
ThreatConnect, the cybersecurity company that released the report about King Servers, said its analysis was based on information published by the F.B.I.
The investigation into King Servers began after the hacking of state electoral board computers in Arizona and Illinois from June until August of last year. The F.B.I. published eight internet addresses used in those attacks.
ThreatConnect then identified six of the eight addresses as originating from servers in Dronten, the Netherlands, owned by King Servers and run by Vladimir M. Fomenko, a 26-year-old living in a remote town in Siberia near the border with Mongolia. In an interview in September, Mr. Fomenko denied any role in the electoral hacking, but conceded clients who had rented his servers may have used them for that purpose.
ThreatConnect declined to comment after the arrests in Moscow.
Deepening the sense of intrigue in Moscow, Tsargrad, the nationalist publication, and RBC, a respected business newspaper, identified on Friday a third suspect, Dmitry Dokuchayev. Described as a former hacker going by the pseudonym Forb who was recruited by the F.S.B., Mr. Dokuchayev had agreed to work in the Center for Information Security to avoid arrest for credit card fraud, a rampant crime in Russia.
RBC also reported an alternative theory about the entire counterintelligence investigation, saying it began after a hacking group, Shaltai Boltai, or Humpty Dumpty, stole the emails of a senior Russian official a year ago.
That investigation of email theft led to Mr. Dokuchayev, the former hacker turned F.S.B. employee, the newspaper said, in a version that would seem unrelated to the United States election hacking.
In a 2004 interview with Vedomosti newspaper, apparently before his reported recruitment by the F.S.B., Mr. Dokuchayev openly described himself as a hacker, believing that “information should be free” and calling his “crowning achievement” the hacking of an unspecified United States government website.