Russian FSB cybersecurity implosion continues with more arrests

As we discussed in our recent piece, “Russia’s FSB Cybersecurity Team Implodes” the number of individuals who are in shackles from within the FSB cybersecurity entities continues to increase, and the timeline of the Russian security service, Federal Security Service of the Russian Federation (FSB; Russian: Федеральная служба безопасности Российской Федерации (ФСБ)), investigation continues to expand.

Over the course of the past two day, we have seen Russian media, digging deep into their sources within the FSB on the powerplay going on between two FSB elements, and the arrest of four individuals associated with Humpty Dumpty (hacker group) and having shared information with US entities.

US Election – Russian shenanigans

What is clear now, is the existence of a United States angle in the longer tale, which is tied to the FBI’s August 2016 alert to Russian activity targeting individuals associated with the Arizona and Illinois voting systems. See Washington Post: Russian hackers targeted Arizona election system, for how the activity was described in 2016.  And, the New York Times September 2016 report, that the King Servers company’s servers were also used for the attack on the Democratic National Committee (DNC).

The CEO of the company, when interviewed in September 2016, noted that when he learned his company’s servers were showing up in FBI reports, he immediately blocked those servers. The worldwide media carried Vladimir Fomenko’s comments about being shock and outrage that a criminal might have leased his servers for such nefarious activity.

Additionally, the previously mentioned Wroblewski and his Chronopay investigation and conviction is connected to King Servers — yes, Chronopay was hosted by King Servers.

January 2017 – FSB cybersecurity investigation

Fast forward to 26 January 2017, and we learned of the December 2016 arrest of yet another member of the FSB cybersecurity, Information Security Centre (CDC), Dmitry Dokuchaev. Dokuchaev, a Major within the FSB, served as deputy to Sergei Mikhailov. Dokuchaev, is also being charged with treason (Article 275 of the Russian Criminal Code).

Dmitry Dokuchaev’s (дмитрий докучаев) relationship with the FSB began when he was given the choice between jail or cooperation, as Dokuchaev, is the Russian hacker known by his street name “FORB.”  In a 2004 interview with Vedmosti, the then 20-year old Dokuchaev claimed to have successfully penetrated the US government (not further identified) while a university student in Yekaterinburg (his home town). Dokuchaev, continued how he met his expenses by “stealing money from credit cards” earning for himself $5-30,000 per month. This latter activity came to the attention of the FSB, and they made him an offer he could not refuse.

Dokuchaev, now a Major within the FSB’s cybersecurity CDC, and deputy to Mikhailov, was identified by the FSB as sharing both personal data and FSB data to both companies and the government representatives of the United States. (Perhaps they are one of the many sources used in the creation of the DNI’s “Assessing Russian Activities in Recent US Elections“)

Uncovering Mikhailov, Dokuchaev and Stoyanov

No one will ever claim the FSB counterintelligence – counterespionage teams are not thorough, patient and persuasive.

The uncovering of the activities by personnel with the FSB CDC and the greater Russian cybersecurity community, came as a result of the apprehension and subsequent interview and confession of Vladimir Anikeeva (Владимир Аникеева), a journalist, who is also believed to be the head of, Humpty Dumpty (see our prior piece). Anikeeva’s online handle, is “Alice.”  Anikeeva, was lured from the Ukriane, to St. Petersburg where he was arrested and charged with “illegal access to computer information” (Article 272 of the Russian criminal code).

The arrest of Anikeeva (October 2016), had to do with the emails from Vladislav Surkov (aka Kremlin’s puppet master), which the group had published on the site “Kiberhunta” (Cyber Hunter).  It was during the interview/interrogation of Anikeeva, which resulted in his identification of the activities of Mikhailov. Indeed, the media reports how Anikeeva volunteered the information on the complicity of Mikhailov, Dokuchaev and Stoyanov.

So, while the initial investigation was focused on who dox’d Surkov and his emails; and the take down of Humpty Dumpty, the resultant multi-month investigation uncovered elements within the FSB CDC, engaging in a bit of moonlight shenanigans.

Russian media has reported a fourth individual has been arrested, with much of the media speculating it is Anikeeva.

FSB cybersecurity cat-fight

Once the FSB compartmented the counterintelligence investigation, the table was set for the imploding of the FSB CDC.

The cat fight between the two elements within the FSB began. These elements being, the FSB CDC and the FSB Special Communications Group (FSB SCG) (previously known to the western intelligence services as FAPSI). The latter group is responsible for all Russian cryptographic standards, security the Russian elections, and a multitude of other activities to include signals intelligence (SIGINT).

The FSB SCG wasted no time in positioning itself to catch the pieces as the FSB CDC was systematically dismantled with the forced retirement of the head of the CDC, Andrei Gerasimov; the arrest of his deputy Sergei Mikhailov and Dmitry Dokuchaev and their good friend and the member of the troika with industry and international government contacts, Stoyanov.

Putin gets to look good to Trump

While the internal gyrations are taking place, we can expect Putin to play the internal housecleaning to his advantage when engaging with the new administration within the US. He is now able to say, “we did not interfere or try to influence the US election; but some rogue members of the FSB were associated with a criminal element and we have brought them to justice.”   He is also able to commensurate, with the new US president, Trump, “we too have our issues with the security services.”