Late last year, top cybersecurity investigators from a private firm and Russian intelligence were arrested in dramatic fashion. One was dragged out of a meeting with a bag over his head. All were disappeared. Details were scarce at the time, but revelations from a new Reuters report now only complicate what we know.
In December, Ruslan Stoyanov, head of the computer incidents investigation team at Russian cybersecurity firm Kaspersky Lab, was arrested with no explanation from Russian law enforcement. Along with Russian Federal Security Service (FSB) agents Sergei Mikhailov and Dmitry Dokuchayev, Stoyanov was charged with treason. Reports indicated that the suspects would be tried in a “secret military tribunal”.
According to a Reuters source, the treason charges are related to accusations made by a Russian businessman named Pavel Vrublevsky seven years ago. In 2010, Vrublevsky, founder of internet payment firm ChronoPay, reported the suspects to authorities. He claimed that they had passed state secrets to American firms including Verisign, a company that specialises in domain name services and internet security, which then turned them over to US intelligence. Reuters reports the accusations were never investigated.
A spokesperson from Verisign, the only American firm identified, denied that it had been given any secret information. The company does have an iDefense unit that gathers information on cybercrime and supplies dossiers to US intelligence, but the spokesperson insisted that it does not deal in classified information. “Nothing like the arrangement as described by Pavel Vrublevsky ever took place,” said Kimberly Zenz, a former analyst at Verisign’s iDefense unit.
Making an already strange case even stranger, Vrublevsky himself was convicted of putting together a cyberattack against a competing online payment firm shortly after making his accusations. Released a year early in May 2014, Vrublevsky has always maintained his innocence. He claims that one of the accused, FSB agent Sergei Mikhailov, illegally leaked information about his business which led to law enforcement targeting him.
To recap, Vrublevsky accused Mikhailov, Dokuchayev and Stoyanov of passing state secrets. It wasn’t investigated, but Vrublevsky found himself with unrelated charges that he claims were a result of leaks coming from Mikhailov.
A mysterious case that involves the top investigator at the world’s fourth largest cybersecurity firm might have gained attention under normal circumstances. But the timing of this one raised suspicions for some observers because it came shortly after US intelligence accused Russia of interfering with the 2016 US election through hacking. Some speculated that the suspects might be the sources that led to all 17 US intelligence services unanimously concluding that Russia deliberately tried to aid Donald Trump’s presidential campaign.
Back in January, cybersecurity expert Brian Krebs actually predicted that Vrublevsky was connected to the treason case. He outlined the suspicious circumstances under which Vrublevsky was able to receive an early release and had previously spoken with the businessman about his desire for revenge against the people he believed had set him up. Among the many connections Krebs’ blog makes is a long relationship between Vrublevsky and Vladimir Fomenko, owner of King-Servers. The internet addresses that were used as staging grounds in the US state election board hacks were assigned to King-Servers hosting. The company has denied any involvement and cheekily claimed that the people who were responsible “still owe the company $290 [$378] for rental services and King Servers [will] send an invoice for the payment to Donald Trump & Vladimir Putin”.
One of Reuters’ sources, who spoke anonymously, suggested there was more to the recent treason case and that “Russian authorities at times use old cases as a way of charging people suspected of later crimes”. The Kremlin, however, has declined to comment, only saying that “President Vladimir Putin is aware of reports about it.”
The revelation that this case is related to passing information to the US could certainly have a chilling effect on potential leakers in the future. And the idea that an ancient accusation can turn into a legitimate case will undoubtedly make anyone question their own past if they are considering opposing the Kremlin.