What country should know its hero? Who was ‘turned in’ by FSB colonel Sergei Mikhailov, central character of most high-profile spying scandal of recent years?

The businessman believes that Mikhailov has created a myth about ‘malicious programmers’ to advance his career and make some money on it by contacting the American secret services

Businessman Pavel Vrublevsky, whose testimonies made it possible to convict Sergei Mikhailov, colonel of the Federal Security Service (FSB) of the Russian Federation, for high treason, has brought new allegations against him. The personal revenge motive in these statements is so obvious that the old question arises again: what crimes had really committed the famous fighter against cybercrime sentenced to 22 years behind bars? Had he indeed leaked information about the attacks of Russian hackers on servers of the Democratic Party of the United States? Or did he supervise a group of hackers whose actions have affected not foreign – but domestic politicians?

Former FSB colonel Sergei Mikhailov, convicted last month to 22 years behind bars for espionage in favor of American secret services, may be charged with more crimes. Key prosecution witness – Pavel Vrublevsky, owner of ChronoPay IT company, – submitted a letterto Yuri Chaika, Prosecutor General of the Russian Federation. Vrublevsky claims that, a few years ago, Mikhailov has saved from punishment programmer Igor Artimovich convicted in the framework of the criminal case against Vrublevsky. 

Igor Artimovich, his brother Dmitry Artimovich, and Pavel Vrublevsky were the main suspects in a criminal case pertaining to the cyberattack on the Aeroflot server. The investigation established that, in July 2010, Vrublevsky has hired, via Maksim Permyakov, a security officer of ChronoPay, brothers Artimovich. In exchange for $22 thousand, the programmers had to block the air carrier’s web site maintained by rival Assist company. Brothers Artimovich have carried out a massive attack on the Assist Payment System. As a result, Aeroflot was unable to sell electronic tickets for a week and sustained million-ruble losses.

Pavel Vrublevsky, owner of ChronoPay IT 

A criminal case was instituted in 2011. Shortly after that, FSB operatives arrested one of the perpetrators of the attack – Igor Artimovich. The programmer admitted his guilt and testified against his brother and Vrublevsky – the mastermind behind this cybercrime.  

Vrublevsky describes the subsequent events as follows: "They got busted while I was abroad. If I had felt any guilt, I wouldn't return from Maldives where I was vacationing with family. After being locked up in Lefortovo Pretrial Detention Center, I played a ‘dirty trick' by submitting a ‘voluntary surrender' stating that I had committed a DDoS attack at an unknown time against some unknown victims. This is how I have effectively tied the hands of the investigators to make sure that they don't charge me with anything else. They had no idea what to do with me. During the six months of my incarceration in Lefortovo, they have carried out only four investigative actions with me. There were no face-to-face interrogations with brothers Artimovich – whom I had never seen in my life. The only person who has testified against me was Permyakov, an employee of my company. By some coincidence, he turned out to be a former officer of the FSB Center for Information Security". 

Two years later, all the three suspects were found guilty under part 2 of Article 272 of the Criminal Code of the Russian Federation (illegal access to computer information). Charges laid under Article 273 of the Criminal Code of the Russian Federation (creation, use, and dissemination of harmful computer programs) were dropped due to the limitation period expiration. The Tushinsky District Court of Moscow has sentenced brothers Artimovich and Vrublevsky to 2.5 years in a general regime penal colony. Dmitry Artimovich had vehemently denied any guilt, while Vrublevsky and Igor Artimovich have recanted in court their confessions made in the course of the investigation.

Igor Artimovich

Pavel Zaitsev, the attorney for Igor Artimovich, was displeased by the verdict. According to him, the court “has established that the virus used for the DDoS attack on the Aeroflot web site was created two months after that attack”. The defense lawyers filed an appeal with the Moscow City Court, and the sentence was mitigated. The three defendants had to serve their terms not in a penal colony – but in a settlement colony. Vrublevsky, who has already spent a year in Lefortovo Pretrial Detention Center by that time, was taken into custody in the courtroom, while brothers Artimovich were permitted to travel to the correctional facility by their own.

Pursuant to the court verdict, Vrublevsky and Dmitry Artimovich have spent 2.5 years in a settlement colony in the Ryazan region. However, Igor Artimovich has neither showed up in the correctional facility nor picked up numerous phone calls from officers of the Federal Penitentiary Service of Russia. In January 2014, he was put on the wanted list; the name of Igor Artimovich is still present in the database of the Ministry of Internal Affairs (MIA) of the Russian Federation. 

Dmitry Artimovich is aware of the warrant issued against his brother – but declines to comment on his deeds. “I had no contact with my brother for a long time; therefore, this story is of no interest to me. Everything is in the past,” – the programmer says. Vrublevsky has a different opinion – he submitted a letter to the Prosecutor General’s Office asking to check the circumstances of this incident. 

It is hard to believe that the mastermind behind a cyber attack on the largest Russian air carrier has a personal animus toward its perpetrators – whom he “had never seen in his life”. The true reason why Vrublevsky has addressed the Prosecutor General’s Office is likely his strong personal enmity toward FSB colonel Sergei Mikhailov – in the letter to Yuri Chaika, the businessman puts all the blame on him. Vrublevsky believes that Mikhailov is responsible for the decision of Igor Artimovich not to serve his term. According to Vrublevsky, at that time, the FSB colonel had possessed “enormous powers and possibilities” and “recommended Igor not to go to the colony promising him to settle this matter”. In addition, Vrublevsky believes that “the programmer could not remain in hiding for five years without exterior help”.

Sergei Mikhailov

In his letter to Yuri Chaika, Vrublevsky provides a possible reason behind the interference of Mikhailov into the life of Igor Artimovich: the renowned anti-cybercrime specialist could appreciate the "high professional skills" of the hacker and "offer him to perform special assignments for the FSB Center for Information Security using the warrant issued against Artimovich as a hook". Vrublevsky does not specify what assignments could Igor Artimovich perform for Mikhailov. "But I hope that Igor hadn't hacked the web site of the Democratic party – as he later joked in his Twitter," – the owner of ChronoPay wrote. 

This is not the first accusation publicly made by Vrublevsky against colonel Mikhailov – who was in charge of the high-profile inquest into the cyber attack on Aeroflot as the Head of the Second Department of the FSB Center for Information Security. According to his own words, the businessman has submitted the first complaint against the colonel to the law enforcement authorities back in 2010 accusing the FSB officers of “unlawful actions that could be interpreted as high treason”. Vrublevsky claims that one of his letters has resulted in the institution of a criminal case against Mikhailov under Article 275 of the Criminal Code of the Russian Federation (high treason). 

The FSB colonel was arrested in December 2016. Three more persons were charged in the framework of that case: major Dmitry Dokuchaev, a subordinate of Mikhailov; MIA major Ruslan Stoyanov, a former operative of the Department of Special Technical Measures employed at that time with Kaspersky Lab as the Head of the Department for Investigation of Computer Incidents; and businessman Georgy Fomchenkov specializing in online payment services. All the four suspects have been remanded in custody and waited for the trial in Lefortovo Pretrial Detention Center.

Sergei Mikhailov and Ruslan Stoyanov

After the publication of details of the high-profile spying scandal involving Mikhailov in the media, some experts concluded that this case was framed-up. The FSB colonel was accused of leaking operative materials pertaining to the inquest against Vrublevsky – constituting a state secret – to the Americans. However, nobody was able to explain the strange interest of the FBI or CIA to the cyber attack on Aeroflot – especially taking that a portion of operative materials collected in the course of that inquest was published online back in 2011. Why would the FBI or other foreign secret service be interested so much in judicial details of a Russian investigation related to the classification and reclassification of crimes?

Somehow, the investigation decided that the information leaked by Mikhailov was of utmost importance for the Americans – who had promised to pay him $10 million for it. However, in the course of the inquest, the operatives failed to establish the precise amount of the reward or prove the receipt of the money. Therefore, the sum of $10 million was not mentioned in the final indictment – perhaps, because it would inevitably raise a question: why were foreign intelligence services willing to pay millions of dollars for information available in open sources? 

The investigation believes that Mikhailov has recorded the materials of the cyber attack probe on two compact discs and gave those to his subordinate Dokuchaev. The MIA major, in turn, gave one of the discs to Stoyanov. As an employee of Kaspersky Lab, he has visited in 2011 an international cybersecurity conference in Canada. Allegedly, Stoyanov gave the disc to some Kimberly Zenz – the FSB believes that she actively collaborates with the FBI. Businessman Fomchenkov has smuggled the second disc with classified materials to the USA. Again, no one can explain why such a complicated method was used in our computer age – after all, it was sufficient to send the recipients a link to the respective archive.   

Ruslan Stoyanov

In the course of the investigation, Vrublevsky had repeatedly stated in public that Mikhailov was guilty of high treason. The businessman had described the FSB officer, who was in charge of the inquest into the cyber attack orchestrated by him, as follows: “A smart enemy and traitor fully aware of the damage inflicted to the motherland by his actions”. 

Vrublevsky had generously shared shocking details with journalists. He claimed that Mikhailov had offered him to visit the US Embassy to "get recruited". Therefore, Vrublevsky has submitted his first letter to the law enforcement authorities back in 2010 to inform them of his "suspicions against a group of persons whose unlawful actions could be interpreted as high treason". The term "group of persons" referred to Mikhailov and Stoyanov. According to Vrublevsky, the two high-ranked enforcement officers had manufactured the Aeroflot cyberattack case against him in revenge. "This group of persons has later prosecuted us (ChronoPay company – The CrimeRussia),” – Vrublevsky said.

The trial of the people charged with high treason was held behind closed doors. Only the verdict was announced at an open court session. On February 22, 2019, the Moscow District Military Court found colonel Mikhailov guilty of two high treason episodes and imposed a punishment exceeding the maximum limit by two years – 22 years in a maximum security penal colony. The FSB officer was sentenced to 18 years behind bars for the first treason episode and to 16 years for the second one. In total, Mikhailov has to spend 22 years in a penal colony and pay a fine of 400 thousand rubles ($6.1 thousand). In addition, the judge stripped the colonel from this rank and three governmental awards: the Order of Military Merit and medals of the Order of Merit for the Fatherland I and II Class. Ruslan Stoyanov was convicted to 15 years in a maximum security penal colony. Dokuchaev and Fomchenkov were not present in the courtroom because they have partially admitted their guilt and made plea deals.

Dmitry Dokuchaev

Ex-colonel Mikhailov pleaded not guilty and emphasized that he had never worked for American secret services or received any rewards from them. Immediately after the verdict announcement, Inga Lebedeva, defense attorney for Stoyanov, said that she is going to appeal the sentence “in all instances”, including the European Court of Human Rights. “These guys had investigated the activities of hackers and stepped on somebody’s toes,” – Lebedeva believes.

The lawyer has no doubt that the case against her client Stoyanov and his former boss Mikhailov was framed-up. Lebedeva considers Vrublevsky the mastermind behind it: this is how the businessman has avenged his own prosecution. Lieutenant colonel Aleksander Gusak, who used to be in charge of the 7th Department for Combating Criminal Organizations of the FSB, shares her opinion. Gusak was a defense attorney for Stoyanov prior to Lebedeva and believes in the innocence of his client. "He is a patriot and skilled specialist in cybercrime control; he had carried out extensive research studies in this sphere. We believe that his actions cannot be interpreted as high treason," – Gusak told to journalists. 

After the sentencing of Mikhailov and Stoyanov, the owner of ChronoPay has dismissed the accusations brought against him by Lebedeva as “an emotional outburst and nothing more”. In addition, Vrublevsky said that he does not consider Stoyanov a sane person and “compulsory treatment would be the best punishment for him”. According to Vrublevsky, the struggle against hackers “had taken place only in the imagination of Stoyanov”. 

On the other hand, the businessman considers the punishment imposed on Mikhailov 100% justified. “Sergei has nearly destroyed not only my international company that had held 25% of the Russian online payment market – but the entire industry as well,” – Vrublevsky said. He claims that “the tales of Mikhailov” outlined in his service memorandums have formed a biased belief that “every Russian programmer is a potential malefactor”. The businessman believes that Mikhailov has created this myth to advance his career and then decided to make some money on it by contacting the American secret services. Forestalling a logical question – why would the FBI or CIA need information about his case? – Vrublevsky claims that Mikhailov was going to expose operative methods used by the FSB to the Americans. 

Vrublevsky does not make a secret of his malicious joy – neither in the Russian nor in international media. In an interview to The Associated Press published shortly after the sentencing of the FSB colonel, the businessman said that Mikhailov has "turned Russian online entrepreneurs into cybercriminals", thus "whipping up cyber hysteria around the world". 

However, the new allegations against Mikhailov outlined in the letter submitted to Prosecutor General Yuri Chaika indicate that personal revenge could be the sole motive of Vrublevsky from the very beginning. Isn’t it absurd to accuse the former FSB colonel of hiding Igor Artimovich from the justice in order to use him as a hacker? In that context, it seems that some powers have used the letters written by Vrublevsky and his eagerness to wreak vengeance upon the FSB colonel to conceal the true reasons behind the prosecution of Mikhailov. 

Who in the world could be interested in the neutralization of the best specialist of the Second Department of the FSB Center for Information Security? Several versions have been suggested so far. A source of Novaya Gazeta newspaper believes that the FSB colonel has attracted the attention of his colleagues by leaking to the American secret services the names of masterminds behind the cyber attacks on electoral boards of Arizona and Illinois. The Deputy Head of the FSB Center for Information Security informed the Americans that Vladimir Fomenko, owner of King Servers, had ties with Fancy Bear cyber espionage group operating under the cover of the General Staff Main Intelligence Directorate of the Russian Federation. This group is considered responsible for cyber attacks on the White House and NATO information systems, governmental institutions of Germany, and French channel TV5 Monde in 2015. In 2016, Fancy Bear became the primary suspect in the hacking of the computer network of the Democratic Party and web site of the World Anti-Doping Agency. 

Interestingly, after the arrest of Mikhailov, the activity of Fancy Bear has sharply declined – this indirectly confirms the above version. According to the source of Novaya Gazeta newspaper, “hackers in uniform could be ordered to drop out of sight for some time”. A number of foreign periodicals, including The Bell, also claim that Mikhailov was arrested because he had informed Washington about the ties between the Russian authorities and hacker attacks on servers of the Democratic Party of the United States. 

Brian Krebs, the leading world specialist in cybercrime and author of KrebsOnSecurity.com blog with an audience of more than one million people, also believes that the criminal case against Mikhailov was instituted for ‘turning in’ the Russian hackers to the American secret services. In January 2017, Krebs published a material implying that Mikhailov was that very source leaking to him and the FBI tens of thousands of classified documents pertaining to the investigation of cybercrimes in Russia. Allegedly, these materials constitute the basis of national bestseller “Spam Nation: The Inside Story of Organized Cybercrime” written by Krebs. 

Krebs also published a screenshot of an e-mail message sent by Pavel Vrublevsky and voicing his suspicion that colonel Mikhailov and his subordinate Stoyanov were collaborating with the FBI. The message is dated September 2010.

 

The correspondence of Vrublevsky was stolen in 2011; Krebs got access to it in the same period. So, why has he published these materials only six years later, after the arrest of Mikhailov and Stoyanov? Perhaps, he was unwilling to discredit a valuable source of information about Russian cybercriminals? However, it cannot be ruled out that Krebs had kept the e-mail in secret due to another reason. 

The expert comments the screenshot of the e-mail sent by Vrublevsky as follows: “My book “Spam Nation” identified most of the world’s top spammers and virus writers by name, and I couldn’t have done that had someone in Russian law enforcement not leaked to me and to the FBI tens of thousands of email messages and documents stolen from ChronoPay’s offices”. A few days after this publication, in February 2017, Vrublevsky was summoned for questioning in the framework of the inquest into the high treason supposedly committed by Mikhailov. Then the founder of ChronoPay started proudly telling journalists that the information provided by him forms the basis of a high-profile treason case involving the leak of personal information of more than 100 Russian citizens implicated in cybercrimes to the American authorities. 

It is quite possible that the 6-year-old testimonies accusing the FSB colonel of ‘turning in’ the Russian hackers were used to conceal a completely different reason behind the arrest of Mikhailov. Almost immediately after it, leaders of Shaltay Boltay hacking group – supervised, according to some media outlets, by the Deputy Head of the FSB Center for Information Security – have been arrested as well. This group ascended to fame after hacking e-mail accounts and publishing correspondence of Russian politicians, businessmen, and celebrities, including Prime Minister Dmitry Medvedev, Arkady Dvorkovich, then-Vice Prime Minister of the Russian Federation, etc. Shaltay Boltay is also believed to be responsible for the leak of the correspondence of Vladislav Surkov, ex-First Deputy Chief of the Presidential Administration.

Vladimir Anikeev (Lewis)

Journalist Vladimir Anikeev (Lewis), the leader of Shaltay Boltay, was detained in October 2016 – two months before the arrest of Mikhailov. Anikeev claims that the colonel received an order to investigate Shaltay Boltay, quickly identified all its members, and became the supervisor of the hacking group. Since summer 2016, Mikhailov had allegedly provided the hackers with information for publication. In the past, they had mostly published amusing materials – but then, the group started ‘leaking’ the correspondence of high-ranked officials containing damaging information. The materials received from Mikhailov were sold to Shaltay Boltay hackers for bitcoins. The publication of the correspondence of Vladislav Surkov, Aide to the President of the Russian Federation, became the last straw. According to Lewis, after that ‘leak’, the FSB has arrested Mikhailov.

via