Sergei Mikhailov (FSB)
Sergei Mikhailov (сергей михайлов) was deputy head of the FSB security agency’s Center for Information Security. In February 2019, he was sentenced to 22 years in prison for treason.
Sergei Mikhailov | |
---|---|
сергей михайлов | |
Born | 1974 |
Nationality | Russian |
Citizenship | Russian |
Known for | Deputy head of the FSB security agency’s Center for Information Security[1] |
Conviction(s) | Treason |
Criminal charge | Treason |
Penalty | 22 years in prison |
Early life
Mikhailov was reportedly born and raised in Belarus, and had accepted Russian citizenship sometime during the 1990s.[2]
Career
U.S. recruitment
Sometime in the late 2000s or the early 2010s, Mikhailov was reportedly approached and recruited by U.S. authorities while vacationing in the Mediterranean.[3]
Pavel Vrublevsky
Mikhailov had known Pavel Vrublevsky, the CEO of ChronoPay, since about 2007.[4]
In 2011, and reportedly at times earlier, Mikhailov, in addition to his deputy, Dmitry Dokuchaev, and a Kaspersky Lab employee, Ruslan Stoyanov, had caused classified information about Vrublevsky to be passed along to U.S. intelligence agencies.[5][6] Mikhailov and Stoyanov had reportedly intended to sell ChronoPay's database for $10 million.[7]
Shaltai Boltai
In early 2016, Mikhailov's FSB unit had reportedly begun the process of recruiting Vladimir Anikeyev, the ringleader of Shaltai Boltai.[8][9][10][11]
By around the summer of 2016, Shaltai Boltai had reportedly been taken over by Mikhailov.[12][13][14][15][16]
In October 2016, Mikhailov had reportedly become alarmed when he learned that Anikeyev had been detained by another unit within the FSB.[17]
2016 U.S. election
Around late summer 2016, Mikhailov had reportedly come to the attention of his colleagues in the FSB after U.S. reports had linked Vladimir Fomenko, the owner of King Servers and an alleged business partner of Vrublevsky, to a cyber attack on voter registration systems in Arizona and Illinois.[18][19][20][21][22][23][24][25]
Arrest
In early December 2016, Mikhailov was arrested in Moscow, reportedly due to information that Vrublevsky had provided to Russian authorities earlier in 2010.[26][27][28][29]
Later reports suggested that Mikhailov's arrest had been caused by Vladimir Anikeyev.[30][31]
Mikhailov's arrest was first announced on January 25, 2017.[32][33]
U.S. indictment
Mikhailov is strongly suggested to be "FSB Officer 3" in a March 2017 DOJ indictment.[34][35][36]
Conviction
In February 2019, Mikhailov was sentenced to 22 years in prison for treason. The case reportedly centered around allegations that classified information from the FSB's probe into ChronoPay had been leaked to Kimberly Zenz, a senior threat analyst at Verisign.[37][38][39][40][41]
References
- Walker, Shaun (January 30, 2017). "Russia accuses cybersecurity experts of treasonous links to CIA". The Guardian. Archived from the original on August 14, 2017.
Sergei Mikhailov was deputy head of the FSB security agency’s Centre for Information Security.
- Murtazin, Irek (January 31, 2017). "FSB colonel detained in the Humpty Dumpty case could be a foreign intelligence agent". Novaya Gazeta. Archived from the original on June 26, 2020.
A few years ago, when a major Russian IT company had a "misunderstanding" from the deputy head of the CIB, the security service of the commercial structure began to collect "incriminating evidence" at Mikhailov. As a source working in this company told us, retired senior officers of the SVR, FSB, and the Ministry of Internal Affairs who worked for her approached the work professionally. In particular, they found out that Mikhailov, originally from Belarus, came to Russia in the mid-90s (and then, as you know, the mess in the secret services was terrible), he accepted Russian citizenship.
- "FSB officer suspected of transmitting CIA data was recruited on vacation". Ren TV. January 31, 2017. Archived from the original on June 28, 2020.
According to some reports, foreign intelligence made the first approaches to Mikhailov several years ago, when he was in one of the countries of the Mediterranean.
- Korolev, Igor (July 11, 2013). "FSB revealed secrets of investigation on Aeroflot's Ddos attack". CNews. Archived from the original on December 12, 2017.
Answering the question of the main accused - the owner of the Chronopay payment system Pavel Vrublevsky - Mikhailov confirmed that they had known each other since about 2007. Moreover, the relationship between them was both professional and personal.
- Reuters, Svetlana (December 5, 2017). "How America Learned About Russian Hackers". The Bell. Archived from the original on January 23, 2018.
Formally, the charge against Mikhailov and the rest has nothing to do with the possible leak of data about hackers or last year’s attacks, say three The Bell interlocutors who are close to the investigation. According to them, the persons involved in the case are charged with the fact that at least since 2007 they have provided the American intelligence agencies with operational search documents related to the activities of the businessman, the owner of the Chronopay payment service, Pavel Vrublevsky.
- "State secret revealed for $ 10 million". Interfax. October 5, 2018. Archived from the original on October 5, 2018.
The criminal case against the accused Mikhailov, Dokuchaev, Stoyanov and Fomchenkov was opened by the FSB investigation department on December 6, 2016. At first, counterintelligence officers detained CIB officers at workplaces, and then businessmen. All four were charged with a crime under Article 275 of the Criminal Code, and sent by the Lefortovo District Court to the isolation ward of the same name, in which they are still located. The operation to detain the alleged "moles" was the result of development, which lasted more than a year. According to the investigation, FSB Colonel Sergei Mikhailov in 2011 through civilian intermediaries passed information to the FBI on operational-search activities in the case of the founder and CEO of the Chronopay processing company Pavel Vrublevsky, who is called the number one cybercriminal in the world in the United States. Colonel Mikhailov and his subordinate obtained this data, participating in the operational development of Mr. Vrublevsky, who was suspected of organizing a DDoS attack on the Assist payment system in July 2010, because of which citizens could not purchase Aeroflot electronic tickets for several days. In 2013, the Tushinsky District Court of Moscow, finding Mr. Vrublevsky guilty of an offense under Article 272 of the Criminal Code (illegal access to computer information), sentenced him to two and a half years in prison. According to the investigation, after collecting information about the operational-search activity related to state secrets, Colonel Mikhailov wrote it down on a CD, which he handed over to Major Dokuchaev, and the latter to Ruslan Stoyanov, an employee of Kaspersky Lab. Last in 2011 flew to the international conference on cybersecurity in New Denver (Canada). There, as follows from the materials of the criminal case, Mr. Stoyanov handed over the CD to a certain Kimberly Zenz, an employee of the American company iDefense, which is involved in the protection of information and is affiliated, according to the FSB, with the FBI. According to a similar scheme, according to the investigation, the businessman Georgy Fomchenkov, who went with the CD to the USA, also acted.
- Trifonov, Vladislav (July 18, 2019). "ChronoPay owner denies illegal hosting". Kommersant. Archived from the original on June 23, 2020.
As Kommersant previously reported, the head of the operations department of the Information Security Center (CIB) of the FSB, Sergei Mikhailov, is the main person involved in the most high-profile espionage investigation in recent years. He and the former Interior Ministry operative and the head of the computer incident department of Kaspersky Lab, Ruslan Stoyanov, intended to sell the FBI an operational data base that they had accumulated during their work in the special services for $ 10 million. Its main array is the data obtained during the operational-search activity in the case of Pavel Vrublevsky.
- "Rosbalt announces the arrest of the leader of Humpty Dumpty". Novaya Gazeta. January 28, 2017. Archived from the original on June 20, 2020.
According to Rosbalt, in early 2016, Mikhailov’s unit began to develop Humpty Dumpty. Already in the summer, the agency writes, it calculated the members of the group. Searches were carried out in St. Petersburg. Where exactly they went, the source did not report, but noted that the official reasons for the searches were different. After that, "Humpty Dumpty" got a "curator," according to Rosbalt source. It was Mikhailov who became them.
- Bershidsky, Leonid (January 30, 2017). "How Russian Hackers Became a Kremlin Headache". Bloomberg. Archived from the original on June 14, 2017.
Quoting an unnamed source, Rosbalt claimed that last year, Mikhailov's unit was ordered to "work on" Shaltai Boltai. The FSB team reportedly uncovered the identities of the group's members -- but, instead of arresting and indicting them, Mikhailov's team tried to run the group, apparently for profit or political gain.
- Seddon, Max (February 6, 2017). "Hacker reveals dark arts of Russian blackmail and spies". Financial Times. Archived from the original on February 7, 2017.
Things changed in early 2016, Alexander said, when Mr Anikeev told him the group had acquired unnamed handlers in Russian intelligence who had asked for a publishing veto.
- Harding, Luke (November 16, 2017). Collusion: Secret Meetings, Dirty Money, and How Russia Helped Donald Trump Win. Vintage Books. ISBN 978-0525562511.
According to one version, Mikhailov, the FSB chief, made contact with Shaltai-Boltai in early 2016. He offered the hackers a deal: the group could carry on its activities on the condition the FSB had a right of veto over future publications. A second version said Mikhailov set up the group. A third said he was its kryshna, or roof—the patron or protecting power inside Russin state bureaucracy. [...] In May Anikeev was persuaded to return to Moscow to meet with an FSB official.
- "The FSB has caught the alleged head of "Humpty Dumpty"". Meduza. January 31, 2017. Archived from the original on June 15, 2020.
According to Rosbalt’s sources, the FSB was able to identify several of the group’s members in the summer of 2016. According to the publication, then deputy head of the Federal Security Service Information Security Center (CDC) Sergei Mikhailov met with someone from Shaltai Boltai. After that, Rosbalt claims, hackers came under control of the FSB and published materials as directed by its new supervisors.
- "Hackers get burned in deal with Russian spy agency". Associated Press. February 9, 2017. Archived from the original on June 15, 2017.
Glazastikov said Anikeyev, the hacking group’s leader, had told him the FSB contacted him via proxies to give a message: “Guys, we know all about you. We won’t arrest you, but we would like to know what you are doing.”
- Rosenberg, Steve (February 10, 2017). "Russia's 'Humpty Dumpty' hackers: What were they trying to do?". BBC. Archived from the original on June 15, 2020.
From the beginning, the project was independent. But in the middle of last year Mr Anikeev informed me that a high-level official from the FSB had come to him - a handler or a middle man," Alexander says. "He'd said: 'Guys, we already have information about you and your project. But we want to cooperate. So we will cover you - for your security. We will have the right of veto. Inform us the day before you publish anything. Maybe, we will ask you to publish something.'
- "Yahoo Breach Spotlights Links Between Russian Spies, Hackers". Voice of America. March 16, 2017. Archived from the original on June 15, 2017.
Alexander Glazastikov, a member of a hacking group that blackmailed top Russian officials after stealing personal details, said earlier this year that the group, known as Humpty Dumpty, cooperated with the FSB. In exchange for protection, Humpty Dumpty handed the FSB compromising material from hacked email accounts.
- "Three members of Shaltay-Boltay hacker group wanted". Crime Russia. July 17, 2017. Archived from the original on July 23, 2017.
Representatives of the investigation officially stated that the criminal cases of Shaltay-Boltay and the intelligence officers are not connected in any way, however, according to sources, Mikhailov oversaw the activities of hackers and leaked information to them.
- Zubov, Gennady; Vetrov, Igor (January 31, 2017). "Arrested FSB officers accused of collaborating with the CIA". Novaya Gazeta. Archived from the original on June 20, 2020.
In October 2016, Anikeev-Lewis was detained. This fact, according to the interlocutor, greatly alarmed Mikhailov. The detention was carried out by employees of another FSB unit, and he was not even aware that his agent was in development. “Although Mikhailov was not going to pull Anikeyev out of prison, and even vice versa, he provided his own experience on it."
- Nakashima, Ellen (August 29, 2016). "Russian hackers breached a computer used by county elections officials in Arizona, a state official said". The Washington Post. Archived from the original on August 30, 2016.
Hackers targeted voter registration systems in Illinois and Arizona, and the FBI alerted Arizona officials in June that Russian hackers were behind the assault on the election system in that state.
- Kramer, Andrew (September 27, 2016). "A Voice Cuts Through, and Adds to, the Intrigue of Russia's Cyberattacks". The New York Times. Archived from the original on February 4, 2019.
On Sept. 15, Mr. Fomenko issued a statement saying that he had learned belatedly from news reports of the accusation that the hacking of the Arizona and Illinois voting systems were staged from two of his servers, and that he had shut them down. Mr. Fomenko does not deny that hackers used his servers, but does deny knowing that they did until Sept. 15. He says he does not know who they are, but that they are certainly not the Russian security agencies.
- Murtazin, Irek (January 26, 2017). "The details of the arrest of the head of the 2nd operational department of the Center for Information Security (CIB) of the FSB Sergei Mikhailov". Novaya Gazeta. Archived from the original on January 26, 2017.
Last September, the name of Pavel Vrublevsky surfaced again in the information space when the United States accused the owner of King Servers, Russian Vladimir Fomenko, of a cyber attack on election systems in the US states of Arizona and Illinois, which was allegedly carried out from eight servers, six of which belong to King Servers. Fomenko, in turn, leased these servers from a Dutch company controlled precisely by Vrublevsky. According to our sources, this story did not go unnoticed by the FSB. Back in September, the special services security department of the Russian Federation began an internal audit and in December allegedly came to the conclusion that American intelligence received information about King Servers, Fomenko and Vrublevsky from the head of the 2nd operational department of the FSB Information Security Center (CIB), Sergei Mikhailov. Arrests were immediately made.
- O'Neill, Patrick (January 26, 2017). "Report: Russian arrests allegedly tied to passing hacking information to U.S." CyberScoop. Archived from the original on June 17, 2020.
The independent newspaper Novaya Gazeta (New Gazette) reported that the FSB thinks Mikhailov gave information to Americans about Vladimir Fomenko, who owns a server rental company known as King Servers.
- Rozhdestventsky, Ilya; Dergavich, Vladimir; Istominia, Maria (January 27, 2017). "Hacker in uniform: What became of the third person involved in the case of treason in the FSB". RBC. Archived from the original on December 12, 2017.
The publication noted that Mikhailov came to the attention of colleagues in the special services after the United States accused the owner of King Servers, Vladimir Fomenko, of a cyber attack on election systems in Arizona and Illinois. Sources of the Novaya Gazeta claimed that the American intelligence services received this information precisely from Mikhailov. Fomenko rented servers from the Chronopei Vostok company, controlled by businessman Pavel Vrublevsky, the newspaper wrote.
- Frenkel, Sheera (January 27, 2017). "There's Something Very Weird Happening Inside Russia's Cybersecurity World". CNBC. Archived from the original on January 27, 2017.
While most news reports do not directly tie the arrested men to the DNC hack, the Moscow Times reported that Mikhailov's arrest was due to suspicions that he tipped US officials off to the Russian server rental company "King Servers" which the Arlington-based ThreatConnect cybersecurity company identified last September as a "nexus" used by Russian hackers in attacks against the US.
- "Making Sense of Russia's Cyber Treason Scandal". Stratfor. February 9, 2017. Archived from the original on July 26, 2018.
An ultranationalist news network called Tsargrad TV reported that Mikhailov had tipped U.S. intelligence to the King Servers firm, which the FBI had accused of being the nexus of FSB hacking and intelligence operations in the United States.
- Hall, Kevin; Johnson, Tim (March 23, 2017). "Russian techie says the FBI still hasn't called, and now he's back in the news". McClatchy. Archived from the original on July 26, 2018.
In an email, Vrublevsky denied media reports that he had a business relationship with Fomenko, saying that he knew the Biysk entrepreneur casually and “we resumed talking a few years ago (on) Facebook
- "Manager at Top Russian Cybersecurity Firm Arrested". Voice of America. January 25, 2017. Archived from the original on June 17, 2020.
The company confirmed a report published Wednesday by the newspaper Kommersant that the head of its computer incidents investigation unit, Ruslan Stoyanov, was arrested last month along with a senior official of the Federal Security Service (FSB), Russia's main security agency. The newspaper reported that both men face treason charges.
- Shane, Scott; Sanger, David; Kramer, Andrew (January 27, 2017). "Russians Charged With Treason Worked in Office Linked to Election Hacking". The New York Times. Archived from the original on May 14, 2018.
The arrests, according to reports by the Russian newspaper Kommersant and Novaya Gazeta, among others, were made in early December and amounted to a purge of the cyberwing of the F.S.B., the main Russian intelligence and security agency.
- Nemtsova, Anna (February 1, 2017). "The Downfall of a Top Russian Cyber Spy". The Daily Beast. Archived from the original on July 26, 2018.
For the first time in decades Muscovites in recent days heard that Russia’s most secret law enforcement agency had arrested one of its own top officers, and it happened in the middle of an official meeting. Like a scene out of some Brian de Palma movie, FSB officers grabbed their colleague and put a bag over his head—and afterward made little or no effort to keep what they had done a secret. Sergei Markov, a member of the Public Chamber in the Russian parliament and adviser to the Kremlin, confirmed the incident to The Daily Beast." In early December, FSB Colonel Sergei Mikhailov, who was responsible for cyberwars and cyberattacks… was arrested by the FSB; yes, with a bag over his head," he said
- Stubbs, Jack; Reiter, Svetlana (February 26, 2017). "Treason charges against Russian cyber experts linked to seven-year-old accusations". Reuters. Archived from the original on June 19, 2020.
The source connected to the investigation said the arrests were a result of accusations first made in 2010 by Pavel Vrublevsky, a Russian businessman and founder of ChronoPay, an online payments company. Vrublevsky told Reuters he had also learned that the arrests were a response to his allegations: that Stoyanov and Mikhailov had passed secrets on to American firms. [...] Neither Vrublevsky nor the source connected with the investigation offered an explanation as to why they believe the Russian authorities would resurrect such an old case seven years after the allegations were first made. However, the source said he believed the case may not be the sole reason why Russian authorities had decided to arrest the men now: in his experience, he said, Russian authorities at times use old cases as a way of charging people suspected of later crimes.
- Roth, Andrew (March 16, 2017). "The FBI just indicted a Russian official for hacking. But why did Russia charge him with treason?". The Washington Post. Archived from the original on March 16, 2017.
Later media reports said that the group's leader, Vladimir Anikeyev, had recently been arrested by the FSB and had informed on Mikhailov, Dokuchaev and Stoyanov.
- Alexandrov, German (January 28, 2017). "The leader of Humpty Dumpty was arrested by the FSB". Rosbalt. Archived from the original on January 28, 2017.
The creator of the Humpty Dumpty website, which housed the correspondence of officials, journalist Vladimir Anikeev, better known in certain circles as Lewis, was detained upon arrival from Ukraine, where he is supposed to be hosting the "correspondence" of the presidential aide Vladislav Surkov on the local website. In his testimony, Lewis talked about the officer of the TsIB FSB Mikhailov. [...] "Anikeev immediately began to cooperate with the investigation and give detailed testimonies, which repeatedly mentioned Mikhailov as a person associated with the Humpty Dumpty team," the Rosbalt interlocutor said.
- "Arrested FSB officers accused of collaborating with the CIA". Interfax. January 31, 2017. Archived from the original on February 5, 2017.
On January 25, it became known that the head of one of the units of the FSB information security center (CIB), Sergei Mikhailov, and the head of the Kaspersky Lab’s cybercrime investigation department, Ruslan Stoyanov, were arrested. According to the newspaper Kommersant, they have been in custody since early December 2016.
- Khazov-Cassia, Sergey; Krutov, Mark; Dobrynin, Sergey (February 2, 2017). "Federal Drain Tank". Radio Liberty. Archived from the original on June 26, 2020.
On January 25, again with reference to "sources close to the FSB," the same publication reported the name and surname of the main defendants in the investigation carried out by the FSB’s Internal Security Directorate. They turned out to be the head of the Second Operational Directorate of the CIB, Sergei Mikhailov, and an employee of Kaspersky Lab, Ruslan Stoyanov.
- "U.S. Charges Russian FSB Officers and Their Criminal Conspirators for Hacking Yahoo and Millions of Email Accounts". DOJ. March 15, 2017. Archived from the original on May 20, 2019.
- "USA V. Dokuchaev, Sushchin, Belan, Baratov". March 15, 2017. p. 3.
DOKUCHAEV was an FSB officer assigned to Second Division of FSB Center 18, also known as FSB Center for Information Security. He was an associate of FSB officer IGOR SUSHCHIN; another, supervisory officer known to the Grand Jury ("FSB Officer 3"), who was the senior FSB official assigned to Center 18
- Eckel, Mike (February 27, 2019). "In Moscow Treason Trial, A Major Scandal For Russian Security Agency". RFERL. Archived from the original on June 23, 2020.
Mikhailov is not named, though several details included in the indictment strongly suggest that "FSB Officer 3" is Mikhailov.
- Kravchenko, Stepan (January 26, 2019). "Russia Jails Former Top Cyber-Cop in U.S.-Linked Treason Case". Bloomberg. Archived from the original on June 17, 2020.
Mikhailov, Dokuchaev and Stoyanov were charged with treason after they were accused of “having contacts with” U.S. intelligence, according to Ivan Pavlov, a defense lawyer in the case, who said in 2017 that officials had offered few details and “what we know is only the tip of the iceberg.”
- "Russia Sentences Cyber Experts to Long Jail Terms for Treason". Reuters. February 26, 2019. Archived from the original on June 17, 2020.
A Moscow military court on Tuesday sentenced a former state security officer and a former cyber-security expert at Kaspersky Lab to 22 and 14 years in jail respectively for treason, Russian news agencies reported.
- "Ex-FSB and Kaspersky Lab employees sentenced to 22 and 14 years in prison for treason". Interfax. February 26, 2019. Archived from the original on June 17, 2020.
According to various sources of the agency, the defendants passed confidential information to US intelligence agencies. A source familiar with the situation told Interfax that ex-FSB officers played a double game, masking their contacts with foreigners in pseudo-recruitment activities.
- Vasilyeva, Nataliya (February 27, 2019). "Russia's ex-cybersecurity chief gets 22 sentence in jail". Associated Press. Archived from the original on June 15, 2020.
Russian media reported the case centered on accusations that Mikhailov contacted Stoyanov to pass information from an FSB probe of Russian businessmen Pavel Vrublevsky to an analyst with alleged ties to the FBI. [...] Mikhailov, the deputy head of cyber intelligence at the domestic security agency, received a 22-year prison sentence and was stripped of his military rank and decorations, which included the elite "For Services to the Fatherland." [...] Later news reports said Mikhailov was prosecuted for allegedly passing on details about an unrelated case to an American cybercrime analyst.
- Eddy, Max (August 9, 2019). "Russian Intel Agencies Are a Toxic Stew of Competition and Sabotage". PC Mag. Archived from the original on June 29, 2020.
Zenz should know. She was accused by a Moscow military court of being a US agent in 2010 ("depending on reporting, the FBI or the CIA"). This was all part of a large and confusing case that swept up (among other people) a Russian cybercriminal, Russian intelligence officials, and Kaspersky researcher Ruslan Stoyanov.