Novaya Gazeta Learns of 3rd Arrest in Hackers’ Treason Case: Is FSB Agent Major Forb the Head of Shaltai-Boltai?

January 28, 2017
Screen grab from a Youtube published by Anonymous International, as Shaltai-Boltai is known in English.

LIVE UPDATES: Novaya Gazeta has learned of a third arrest in the hackers’ treason case in which a Kaspersky Laboratory employee and an FSB agent have already been arrested. He is Maj. Dmitry Dokuchayev, a senior operative at the 2nd department of the operations division at the Center for Information Security.

The previous issue is here.

Recent Analysis and Translations:

Live Updates: New Allegations Emerge That Russia Is Blackmailing Donald Trump
How Many Russians Are Fighting for ISIS? A Brief History of The Kremlin’s Arbitrary Numbers
State TV Video Shows Russian Special Forces Fighting on the Ground in Syria, Supposedly Killing ISIS
An In-Depth Examination Of Donald Trump’s Ties To Russia And Vladimir Putin


Fourth Arrest Comes to Light in Russian Hackers’ Case

A fourth arrest has come to light related to the Shaltai Boltai hacking group whose members appear to be staff members, or cooperating with, the FSB and a Kaspersky Laboratory employee.
RosBalt, an independent wire service known for reporting on the Nemtsov murder and trial and other sensitive issues says:
“The story of the detention of Sergei Mikhailov, a high-ranking officer of the Center for Information Security, is taking on the nature of a feverishly-twisted thriller.”

As we have reported, Ruslan Stoyanov an employee of the Russian private company Kaspersky Laboratory, which makes anti-virus and other security software and performs forensic studies of hacks, was arrested for treason as has been confirmed in a terse press release from Kaspersky. Kaspersky says the arrest is unrelated to their business and involves the investigation of a case that predated Stoyanov’s employment. Before he came to Kaspersky, Stoyanov worked for Department K at the Interior Ministry, the police division responsible for investigating hacks.

A second arrest was of Sergei Mikhailov, an officer of the Federal Security Service’s Center for Information Security (TsIB) whose mandate isn’t just preventing the hacking of government and business but hacking those it needs to hack in the interests of government and big business.

A third arrest was made of Dmitry Dokuchayev, a one-time popular hacker who taught others how to hack, who was recruited and coopted into the FSB’s TsIB.

In Soviet Russia, the hacking investigators hack you. All of the people involved in investigating and preventing hacks can just as readily turn to being the hackers who others then try to investigate.

Some or all of these people may or may not be involved in Shaltai-Boltai, which is a hacking group that may or may not have some authenticity to it, i.e. motivated not by pay or government instructions, which has selectively hacked some government officials but not others, i.e. Prime Minister Dmitry Medvedev, responsible for what remains of the Russian economy, and Kremlin aide Vladislav Surkov, responsible for the separatists in the Donbass, among other jobs in Russia’s “near abroad.”

Rosbalt writes: 

A source familiar with this situation told RosBalt that Anikeyev was detained by FSB officers in late October 2016 when he arrived at the airport in St. Petersburg from Ukraine.

The operation was the result of long work. A complex operative trap was sprung with the aim to lure Lewis from Ukraine, from which he had not intended to return.

The FSB brought Anikeyev for booking to Moscow, where he was charged with Art. 272 (unauthorized access of computer information).

At first, the FSB counter-intelligence people were interested in the leak of Surkov’s email — by that time it was known it was in the hands of Shaltai-Boltai. Since this was a question of electronic mail with the “gov” domain, the FSO [Federal Protection Service, which guards top leaders and the Kremlin grounds] became very alarmed. This email leak was published on a Ukrainian site by a ban of hackers who called themselves “the CyberJunta.”

We could note that already-existing Ukrainian hackers who worked on exposing Russia’s war in Ukraine hadn’t heard of these hackers, and also suspected that they may be a front for some kind of active measure by Russian intelligence.

RosBalt says “in reality, it was suspected that Anikeyev posted the leaks”. He had traveled to Ukraine before, because his girlfriend lived there; according to available information, he had no intention of returning to Russia. The authorities were also interested in other email Lewis had, which had begun appearing on the Shaltai Boltai site. Said the source:
“Anikeyev immediately began cooperation with the investigation and provided extensive testimony, in which the name of Mikhailov was repeatedly mentioned as a person connected with the Shaltai-Boltai team.”

In December 2016, Mikhailov and Dokuchayev, said to be his “right-hand man,” and also a TsIB officer, were arrested; a judge issued an order for their arrest.

There was also another TsIB officer — that would make a fifth person — who was detained and interrogated, and then released.
This is the version of the story provided by the source:

“In early 2016, in Mikhailov’s division at the TsIB, there was an order to ‘work with’ Shaltai-Boltai, which had published the government officials’ emails. Dokuchayev was the intermediary chosen for this ‘work’. The TsiB managed to figure out who were the members of Shaltai-Boltai — they all took names from the story of Alice in Wonderland — Lewis [Lewis Carrol, the author of that story]; Alice, the March Hare, etc. Lewis was the one who organized the web site and the team. There were searches last summer, although formally, other reasons besides the hacker’s case were found for them.”

So after the last summer attack, Shaltai-Boltai found itself with a new boss, or, a “curator,” as the Russian intelligence term has it. The source believes that boss of a now-turned hacking group was Mikhailov. So the targets of Lewis’ team changed, as well as the methods of their work. Previously, Lewis’ people picked out their targets in places where mobile phones were used. They used fake cells (if it was a question of the mobile Internet) or used a spoofed Wi-Fi (if a person was connected to a wi-fi). The downloaded content them would be sent to a member of Lewis’ team who lived in Estonia. He would comb through it and pick out what needed to be put on the open Internet and what could be sold for Bitcoins. Several people who lived in Thailand were part of the financial side of Shaltai-Boltai.

The Bitcoins the group earned by selling some of the hacked correspondence they turned into cash in Ukraine. From time to time, Lewis’ sources would “dump” to him emails that had already been “taken” by other hackers.
So by the fall, Shaltai-Boltai began exclusively to work with the content they got from their “curator,” i.e. the FSB. If before, says RosBalt, the emails dumped on the Internet were mainly “entertaining” in nature, and the people whose secrets were leaked were not particularly harmed, now the emails being leaked contained information capable of causing “serious unpleasantness:. When it became known that Surkov’s email had leaked in Ukraine, that was the last straw.
Said the source:
“Mikhailov is a magnificent specialist. The best in his field. You can say that the TsIB is all Mikhailov. But he overplayed his hand.”

What that means is that he went too far when he took over a group that before that, had merely made fun of Medvedev by hacking his Twitter to make him look ridiculous, or made a buck by hacking some officials with interesting financial information, now they were stepping on bigger toes by showing that Surkov really ran the separatist leaders, as those in the field already suspected three years ago.

There is a theory that Surkov falls in and out of favor and that at the time of this hack he was back in favor running Ukraine and this was a big setback fro him. 

It’s also possible that he simply is moved to different desks from time to time and remains quite firmly in favor, and the hack of his email is a cover for something else, or a distraction, or the results of clan warfare by people who are equally happy to keep Russian troops in Ukraine.

Rosbalt has one source on this, and Novaya Gazeta and Tsargard each have one source, so there is not a lot to go on here. 

There is no indictment; no mothers or wives sounding the alarm; no human rights groups; no lawyers; no co-workers, even, leaking the information with concern to the press. This is unusual even for Russia, where even highly-sensitive political cases do get covered at least in some fashion. 

While it can’t be ruled out, given what we know, it’s a stretch to make the leap to a mission profile for this turned FSB-run hacker group to involve either hacking for Putin to help Trump, or leaking to the Americans the fact that other hackers had hacked for Putin.

Maybe for money or because they are good civic internationalists, they wanted to make sure the world knew about the hack of the DNC or other hacks, such as the election systems of Arizona and Illinois that they felt “went too far”. But since these are the same people who five minutes before that were hacking for their directors at the FSB, we can’t be sure of their agenda in any event.  The hack of Surkov doesn’t tell us anything we didn’t know, it misleadingly implies only he runs the Ukraine account which is false (when military intelligence and many other offices have leadership roles) and it also creates a false impression that there are valiant opposition hackers in Russia who behave like valiant opposition hackers in other countries. These are hackers who were recruited to work for the FSB; they were either happily recruited or reluctantly pressured into cooperation with the FSB through blackmail. They aren’t freedom fighters.

The angle of German Gref perhaps standing behind this hackers group cobbled together part out of FSB agents and part out of turned formerly-independent hackers might explain some of its strangeness. He is an ethnic German born to a family deported under Stalin in Kazakhstan, the former minister of economics in the early years of Putin’s rule, the current CEO of Sberbank, and a member of the board of Russia’s search engine Yandex, and considered a “liberal reformer” within the Russian system. Perhaps he really had hoped to seriously challenge Putin in the 2018 presidential election. Now if his people — if in fact they were his people — are enmeshed in a case of high state treason, those hopes will be dashed.

— Catherine A. Fitzpatrick

Novaya Gazeta Learns of 3rd Arrest in Hackers’ Treason Case: Is FSB Agent Major Forb the Head of Shaltai-Boltai?

The following is a translation from the Russian of the article “Is Major Forb the Head of Shaltai Boltai” by Irek Murtazin published January 27 in Novaya Gazeta, an independent online news site. Shaltai-Boltai is a character in Russian folklore similar to “Humpty Dumpty,” and is the name of a hackers’ group that has gained notoriety for hacking the accounts of a number of prominent Russian officials, notably Prime Minister Dmitry Medvedev’s Twitter, where they put out expressions of regret about annexing the Crimea.

The Internal Security Service of the Federal Security Service is confident that the FSB officer Dokuchayev detained on suspicion of state treason is connected to a hacker’s group that attacked political figures in Russia.

We have learned of the name of another figure in the criminal case about state treason at the FSB. He is a senior operative at the 2nd department of the operations division at the Center for Information Security (TsIB), Major Dmitry Dokuchayev of the Russian FSB. He, just like the officer of the same division, Sergei Mikhailov, and Ruslan Stoyanov, an employee of the Kaspersky Laboratory, was arrested back in December of last year.

I first heard of Dokuchayev in 2012, when I conducted research concerning the criminal case of the founder and general director of the payments processing company Chronopay, Pavel Vrublyovsky.

[See also Cybercriminal No. 1 Pavel Vrublyovsky: Superagent or FSB Victim?]

At that time I learned that Dokuchayev back in 2005, at that time with the rank of senior lieutenant of the FSB, ran the column Hack in the Russian-language magazine Hacker. To be sure, he hid behind the nick-name “Forb”.

I was able to find out that Dokuchayev/Forb was a native of Ekaterinburg, where in 2005 he had graduated from a technical school, and had professionally worked in programming, administering web sites.

In IT circles, he gained fame after hacking several serious sites, including American ones. It was that time that he came to the attention of the FSB TsIB, which invited him to work for them.

In September 2016, the FBI accused the owner of the company King Servers, a Russian citizen named Vladimir Fomenko of a cyberattack on the electoral systems in the American states of Arizona and Illinois, which was allegedly conducted with 8 servers, 6 of which belonged to the company King Servers.

[See also Trojan Code: Hackers and Chekists Suspected of State Treason in Passing Secret Data to the Americans].

It was in fact at that time, according to our information, when the FSB’s Department of Internal Security began a probe regarding this leak of information, that Mikhailov and Dokuchayev were put under surveillance. They did not manage to confirm that involvement of Russians in the attack on servers in the US, but the FSB agents from the Department of Internal Security managed to get up close to the Shaltai-Boltai group of hackers, who were infamous for hacking the personal emails of Dmitry Medvedev, vice-premier Arkady Dvorkovich, bureaucrats at the presidential administration, the Department of Defense and Roskomnadzor [the agency for supervising the media which serves as a censor–The Interpeter].

The FSB suspected that Mikhailov was curating [the term the KGB and its successors use to describe agent handling] Shaltai-Baltai — and Dokuchayev was the direct perpetrator of the hacks and leaks.

In 2005, in the 77th issue of the magazine Hacker, Dokuchayev/Forb taught people who to become a hacker:

“It’s no secret that some 20 years ago, hackers were considered not evil-doers, breaking servers on commission, but talented programmers who had a keen understanding of their craft. In my understanding, the word ‘hacker’ is a multi-faceted developed person who knows the theory of network mistakes and successfully applies his knowledge in practice. Aside from this, the hacker must possess programming skills, know at a minimum two operational systems and of course, have major connections and influence with other hackers.”

It looks like Dmitry Dokuchayev followed his own instructions completely.

But he didn’t master his own advice on security.


Novaya Gazeta then ran a copy of the article in Hacker magazine, “How to Become a Hacker,” in which he provides sites to visit and books to read on how to hack.

At the end of his piece, he has 10 items of advice for the novice hacker:

1. Never talk to strangers about hacker issues. That may end badly.

2. Use only a convenient and tested software for various network operations.

3. Visit security forums. Don’t be shy about asking questions there and solving others’ problems. 

4. Have five or six email accounts on foreign hosts. These will come in handy for anonymous correspondence.

5. Have in your arsenal two or three remote shell accounts. I have repeatedly described the use of shell-access.

6. If people have knocked on your door with a problem — this is a symbol that you have achieved respect. Definitely help the person solve their problem.

7. Do not spent 24 hours a day on the computer. Remember, aside from the Internet, there must be healthy sleep, personal life, and visiting classes in school.

8. Every month, buy Hacker and SpetsHacker [Special Hacker]. Also read all the issues since 1999. Many questions after that will fall away on their own.

9. Never take on a complicated and risky hack if you have not yet matured for this. No one ever looks pretty with a suspended sentence.

10. Don’t squat on somebody else’s Internet access. This is nothing but ordinary theft.


If despite all these warnings, you’re out on a shaky hacker’s limb, definitely take concern for your own security. Even if you do nothing bad, you must have established the habit of defending yourself on the Net. Definitely use socks or proxy-servers which can be found on the Internet. Aside from that, be careful and become a paranoid : )  This will not hurt. Talk about hacker topics only with PGP or in SSL-IRC, fortunately there are such networks. Never expose your address, city or even name — this may be turned against you at any moment. And shiver from telephone calls, knocks on the door and sudden turn-offs of the light — that means they’ve come for you : ).

— Catherine A. Fitzpatrick 

‘Hybrid Cyberwars’: Are the Russian Hackers’ Arrests About American or Internal Russian issues?
We published a number of stories this past week on the sensational arrests of three Russian hackers (and there may be more).

Shaltai-Baltai are the hackers who were said to crack Medvedev’s Twitter, and put up funny sayings from him that were in his style, but not characteristic, such as regrets about seizing Crimea.

But the results of Shaltai-Baltai’s work, which included highly-publicized email leaks that revealed, for example, that the youth official in the Kremlin told the press what to say, attracted a lot of media attention. People began to wonder why they never seemed to really challenge the system. But there was also the realization that they couldn’t be just kids; or the usual kompromat business black-mailers but something much higher level.

While suspended from Twitter after the Medvedev hack in 2015, @b0ltai came back, but interestingly, he stopped tweeting on December 12 — a week after Mikhailov was arrested.

As often happens with stories of this sensational type, where there are no official statements at all, and no fully-reliable source of news because journalists have to rely on law-enforcement leaks, there are a number of different versions of the story floating around in state media, pro-government private media, semi-independent media, and actually-independent media.

But it’s important to remember:

– All we have are two pro-government newspaper accounts based on FSB sources;

– There is no charging sheet or indictment or arraignment in court;

– No relatives have spoken;

– No lawyers have appeared, even to ask the right questions;

– Not a single co-worker, starting with Eugene Kaspersky, has made any statement of substance about why they were arrested.

So there is really very little to go on. 

Hush-up of December Arrests 

Perhaps most telling is that while Ruslan Stoyanov, the number two or number three department head of Kaspersky Laboratory (even if the PR person denies now he was a “top manager”) was arrested back in December — a man who was well known in the cybersecurity community and spoke at conferences — the news of his arrest did not surface for weeks until now.

Eugene Kaspersky, founder and head of Kaspersky Laboratory had nothing to say on his Twitter feed about the arrest of his colleague and reports of Stoyanov’s arrest did not surface in the independent media, which would seem likely given the intersection between computer professionals, hackers, the media, and opposition.

Kaspersky has sought to downplay this incident as completely unrelated to their company and related to a criminal case that happened before Stoyanov came to work at Kaspersky — “with epaulets on his shoulders” as some Russian media has put it, mean that he was employed by the police, or Interior Ministry, in Department K, which is for cyber crimes.
As we noted, Kaspersky himself has long had a close relationship to intelligence having graduated from the KGB’s cryptography academy and worked for military intelligence, although currently the official story in all media stories now (because it was in a Kaspersky press release) is that Kaspersky only began “in 2013” to work with the FSB on cyber crimes (such as large cases involving stolen credit cards).
So the least amount of information has come from the company where Stoyanov worked and from which the most might be expected to come, given the close cooperation with the FSB and Interior Ministry, but we have very little — and Kaspersky himself has not even tried to spin people away from linking these arrests to the Trump dossier or the DNC hack. In today’s Russia, you can go from being a witness to being a suspect at the same encounter with law-enforcement, so it pays to keep quiet.

It’s not uncommon for people to disappear into the Russian prison system — a highly-publicized political prisoner named Ildar Dadin couldn’t be found for over a month recently after he smuggled out an account of his torture. The prison monitors from the remnants of the human rights movement who are occasionally allowed into Lefortovo sometimes report with alarm their discovery of people who had been missing for months — and their completed “treason” investigations of these type which are impossible to stop.

The only thing that can be said about the FSB’s prison, inherited from the KGB, is that the gruel is a little more nutritious and the bedding perhaps a bit warmer, as perhaps the FSB has to get more refined types of information out of its suspects that other types of police who can use cruder methods and worse conditions.

But it’s also odd that an FSB officer, who might not have an open network of friends like a cybersecurity expert in a private company, but would at least have some sympathetic co-workers — had no one to leak his arrest right away, no one in his office or among his relatives or other contacts that might have called a reporter.
And we may never hear the real story of what happened to these men (there is now a third, Dmitry Dokuchayev), as their trial may be declared “secret” and held behind closed doors. There are good lawyers in Russia, but they may have trouble even getting in to see their own clients. One such lawyer who has taken up high-profile political cases was himself abducted by the FSB this week as he attempted to defend Crimean Tatars in Russian-occupied Crimea.

Komsomolskaya Pravda: Hackers for Hire to Damage Business Rival

Komsomolskaya Pravda, a pro-government newspaper and web site, has told the story of Mikhailov, who suspected of “receiving money from a foreign company through an intermediary of a certain Russian information security company.” It repeats Kaspersky’s press release but with one telling mistake (or contradiction): Ruslan Stoyanov was said to come to Kaspersky in 2011 (not 2013) and with “epaulets,” a reference to his job in the police in the department combating cyber fraud. 

What is that foreign company? Is it King Servers, mentioned in the hacking of the electoral computers in Arizona and Illinois? What is that “intermediary of a certain Russian information security company”? Is it Kaspersky? King Servers is not a cyber security company, they only rent servers. Is anything named in the Trump dossier related to people and incidents in this case? There aren’t enough clues to go on. 

Komsomolskaya Pravda (KP) then said it had its own sources saying the arrest “could be related to a DDoS attack on the Assist payments system” which was made by a competitor in the payments business which caused Aeroflot ticket buyers to be unable to purchase tickets online for several days, and which cost Aeroflot a loss of 146 million rubles ($2.4 million).

We have now entered the era where kompromat, which is effective but can take time to gather and disseminate, and assassinations — which can be difficult and risky to perform — are displaced by a cruder means of knocking out a rival — crashing their servers.

Pavel Vrublyovsky, Entrepreneuer, Ex-Con and Collaborator

The FSB’s Center for Information Security (TSIB) then learned that Pavel Vrublyovsky, owner of the Chronopay payments system, the rival to Assist, may have organized the DDoS attack on Assist, and also “may have had contacts with the siloviki (power ministries, i.e. the FSB and others) who hindered the investigation.”
We could add that since Investigative Committee staff (itself a rival of the FSB and other agencies) have been arrested for blocking investigations into mafia lords, it’s feasible that FSB agents could be guilty of the same.
“Just the facts,” says KP in describing the fact that Vrublyovsky was then arrested in 2011, recanted, but was then tried again when the FSB found more information to prove his guilt. He was sentenced to 2.5 years of labor camp, a relatively light term which he has now already served.
During Vrublyovsky’s trial, materials from that criminal case wound up on the Internet, exposing the methods of how FSB agents interfere with business, picking sides in various commercial wars. Vrublyovsky’s representatives claim that the attack on Assist was in fact instigated by the FSB to discredit Chronopay — in other words, not Chronopay’s idea but a set-up.
KP says that while the investigation in Vrublyovsky’s case was completed, FSB agents kept researching the case, looking for the hackers who might have done this job for Vrublyovsky in 2011. What is known, says KP, is that the FSB commissioned a forensic probe of the DDoS on Assist from the Kaspersky Laboratory. 
We don’t know how “it is known,” and the question naturally arises, in dealing with cases and media reports like this in Russia, what enemies of the FSB in general, or those FSB agents in particular in some other law-enforcement agency or government office, let that fact leak, or set KP up to say it.
Kaspersky Laboratory has not commented on this allegation in KP, and in their original press release about Stoyanov’s arrest says that it “does not concern the professional activity of the company and neither its experts, its business, its products, or clients of the company are in any way effected.”
Naturally, even if Kaspersky was involved in performing a job for the FSB — a contact they now publicly acknowledge — confidentiality clauses in contracts or common sense (if they wanted to keep in business) would prohibit them from exposing this attack.

“Nothing is True and Everything is Possible”

So this version of the story in KP, a pro-government newspaper that enthusiastically takes the side of Russian fighters in Ukraine and Syria — with some of the most popular war reporters in Russia — may be true, or may be intended to distract us from any American angle in the story.

This version also highlights the fact that without any relationship to Kaspersky per se, for their own reasons, not self-evident, these particular FSB agents could have had a vendetta against either Chronopay or Vrublyovsky — or even Assist, to take it at face value. Or they may have hoped to show that the FSB is not at all in the business of helping anybody savage their business rivals, although they appear to be.

As the title of Peter Pomerantz’s book goes, “Nothing is True and Anything is Possible“.

Tsargrad TV: Hacker Hustled Away From a FSB Board Meeting With a Bag Over His Head

Novaya Gazeta referenced Tsargard in its first piece on the hackers’ arrest, but didn’t get into Tsargrad’s version of the story; the most sensational element of Novaya‘s story — that FSB security arrested Mikhailov during the FSB’s own board meeting by putting a “light-proof” black bag over his head — comes from Tsargrad. Is it true? Well, Tsargrad itself says it was a victim of one of the hackers — Mikhailov — so this has to be kept in mind. And Tsargrad is getting this story from some FSB agent close to them who may just want to tell the story this way to scare people off from it.

German Gref of Sberbank and Big Data 

Tsargrad titled its piece “And This Man Was Supposed to Head Up Big Data“. Tsargrad, we will recall, is owned by Konstantin Malofeyev, a conservative businessman often described in the Russian media as “the Russian Orthodox oligarch” to stress his religious affiliation contrasting with Jewish or secular oligarchs. Malofeyev is known to have funded Col. Igor Strelkov and other Russia-backed separatist leaders in their war in eastern Ukraine. He also favors Internet “safety” which can involve “decency” in Russia as well and preventing the corruption of youth, and sits on the board of the pro-government League for Internet Safety.

“Big data” in this headline is written in English. Many Internet terms, especially for the latest phenomenon, tend to be in transliterated English, as their Russia equivalents in Cyrillic letters, in a sentence tend not to be able to fit into the 140 character space of a tweet. But long before the Internet, vycheslitel’naya mashina — computer — for example, was shortened to kompyuter or komp.

 FSB Head of Hacking Pushed Into Retirement

Tsargrad took up this story from the angle of Andrei Gerasimov, head of the FSB’s Center for Information Security, who, as we know from other press reports, was being pressured into retirement. The TsIB “curates practically the whole line of battle with cybercrime in Russia from the hacks of credit and finance information to leaks of personal data to plants in the media and social networks,” Tsargrad enthused.
“Curate” is the Russian term of art used about the KGB and later FSB to explain that combination of surveillance and management and operations involved in having the secret police run the state by controlling various figures. So when American researchers look for clues about the hacking of the DNC or sources in the Trump dossier, they assume it has to come from this shop, since they are known to be in charge of hacking, basically. That is, there are of course other shops in other agencies, including military intelligence and the police that do this same thing and are even rivals of the FSB, but the main job appears to be performed by this office. 

That’s why some US press has hastened to say these hacker arrests could be about the DNC hack or the allegations of the Trump dossier, as they believe the people indicated in those stories must have come from this agency and are now going to be punished or sacrificed by President Vladimir Putin who either wants an object lesson about those who hack and leak without strict government supervision or a limited hang-out to do damage control, or a disinformation campaign to hide the fact that the Kremlin is really behind all the hacks in the US.

It’s important to keep in mind that these arrests may have nothing to do with any events in the US, although we can’t trust the pro-government papers telling us this. 

Tsargrad says they learned that Gerasimov’s retirement was all but a fait accompli and had been hastened along by the internal investigation the FSB conducted about how information on its strong-arm DDoS practices was leaking out. That’s how Sergei Mikhailov, Gerasimov’s deputy at TsIB and the head of the 2nd operations department, came to be dismissed — “the real hero of this story,” says Tsargrad.

A Black Bag Over the Head 

It’s interesting that in six weeks in Moscow — a town with a lot of leaks, a lot of stories, and many things getting out one way or another — THIS story just never surfaced anywhere until now. That’s how black the sack was. 

Tsargrad’s “source in law-enforcement” (likely the FSB) told them that Mikhailov’s arrest was quite dramatic — agents (who themselves were likely masked, we could add) put a bag over Mikhailov’s head right during a board meeting of the FSB. 

To get an idea of the setting, think of the board meeting footage last year of Putin speaking solemnly at this same type of annual meeting where the FSB report their accomplishments, such as the summary execution of hundreds of suspected Islamists in the North Caucasus, with the dutiful FSB head Alexander Bortikov by his side, and bottles of mineral water arranged on the podium, and the audience — FSB officers — motionless except for when clapping is required. To put a black sack over a fellow officer’s head during such a meeting and bundle him out the door sends a dramatic message to every FSB agent never to do anything remotely like what that hapless victim was said to do — leak things. Especially to foreigners.
Tsargrad also tells the story of Assist’s costly DDoS attack and adds this interesting detail:  “Vrublyovsky, who had earlier met with the above-referenced Sergei Mikhailov, decided to set the FSB office and Department K of the Interior Ministry against each other.” Department K, in the Interior Ministry or police, is the FSB’s rival.
So Vrublyovsky said the case against him was fabricated by the TsIb and asked Department K to investigate. On his desk, when he was detained, a note was found: “Sergei Mikhailov at the FSB TsiB FSB leaked us,” i.e. he was said to have leaked the facts of Vrublyovsky’s case to the media. Also on Vrublyovsky’s desk was a folder with documents that exposed Mikhailov’s contacts.
This was in 2011. “If the internal security service [of the FSB itself] had been put into gear back then, perhaps many spy and hacker scandals of the future could have been avoided,” fumes Tsargrad.

Tsargrad says that according to its sources, Mikhailov was involved in the group of hackers known as Shaltai-Baltai — “he could be their direct curator and protector.”

We would point out here that the work of Shaltai-Baltai always had that KGB feel — the leaks never seemed to challenge Putin himself or anyone close to him, but only targeted lower figures who either seemed to need to be “kept in line” by Putin (Medvedev) or for various reasons needed to be discredited (a youth official associated with the Kremlin controlled youth movements, some of which turned violent.)

FSB-Created Hackers On Mission 

Shaltai-Baltai also became the answer to the question people often had about WikiLeaks: why are there never any Russian leaks? Why does nobody ever hack Russia? As with the perestroika years, given the “inertia of fear” as it has been called by some Soviet authors, where people are too paralyzed to move even when allowed, sometimes the KGB and later FSB have to do things in society themselves.

Tsargrad describes Shaltai-Boltai as having “literally come out of nowhere.” In the technical community, no one knew who they were; the group’s members were able to encrypt themselves very well and lived abroad, it was said, although they happened to have access to the personal data of virtually all the Russian political and business elite from Medvedev to media magnate Aram Gabrelyanov, the owner of LifeNews.

Translation: Throughout the world, politicians begin writing nonsense when their accounts are hacked, but only in Russia do they speak the truth for which everyone was long waiting.

Tsargrad itself has reason to hate them:

“In the spring of 2014, at the height of the Russian Spring [the term used to describe the resurgence of Russian nationalism around the annexation of Crimea and invasion of the Donbass–The Interpreter], Shaltai-Boltai broke into the email box of Aleksandr Dugin, the editor-in-chief of Tsargrad. They didn’t find anything compromising, of course, and that meant they failed to blackmail him or sell his correspondence to any interested persons. It was just dumped online.
Dugin himself commented:
“I had been preparing a data base of the major Russian media so that those people who speak out against American hegemony in favor of the multi-polar world, critics of the Atlanticist imperialism both from the left and the right, become more actively involved in the information policy of Russia.”
Dugan’s list, once published, became the reason for the persecution of people in it, and even the jailing of some. Someone on the list died a suspicious death.

So it seemed that Shaltai-Boltai, aside from the usual motivation of cybercriminals to make money had something of value — this list of “Putin’s friends” and “Russian agents of influence.”

Dugin’s ‘Friends of Putin’

Dugin is often mistakenly described in the Western media as an “advisor to Putin” or having influence on the Kremlin which has never really been the case. Putin and other top leaders have found it useful to allow Dugin and other such colourful figures such as Vladimir Zhirinovsky to flit around on talk shows and get themselves in the news for outrageous outbursts  — so Putin can look rational by contrast.

Dugin has spoken on the same platform of the annual conservative “Moscow the Third Rome” meeting where Sergei Ivanov, Putin’s chief of staff at the time, also spoke, but he isn’t some kind of regular Kremlin visitor in any respect or given any space in influential state publications. His brand of ultranationalist “Eurasianism” in part overlaps with Putin’s own, but Putin’s guru is Ivan Ilyin.

Nowadays, Dugin and others of his persuasion like Col. Igor Strelkov, who led the separatist forces in eastern Ukraine, are very frustrated with Putin, whom they see as having betrayed the “Novorossiya” cause of restoring the greater Russian Empire. They fear he is under the influence not just of “fifth columnists,” those traditional foreign-tainted enemies within, but “sixth columnists” who are people who seem like “one of us” but engage in defeatist talk about the war in Ukraine.

Putin is chairman of the board of Moscow State University, which decided to fire Dugin from his position in the university’s philosophy department in 2015. Some hoped this was because Dugin incited the killing of Ukrainians on his social media pages — something that in fact Russian state media had more reach and effect doing at the same time. But the efforts that went into hacking his email means that there may have been hopes to remove him for other reasons.

Dugin made a data base of “friends of Putin” and “agents of influence of Russia” which was of interest because it was based on his ideology — other people might have different “friends of Putin” or  different “agents of influence of Russia”.

‘Hybrid Cyberwars’ 

IT expert Igor Ashmanov, in an interview with Tsargrad, called Shaltai-Baltai’s hacking, “hybrid cyberwars,” like the hybrid war in Ukraine, part covert and part overt.
Novaya Gazeta didn’t include this part of Tsargrad’s article, but here is where the “Trump connection” comes in — although not in the way some have thought.
According to Tsargrad’s sources, Sergei Mikhailov, the FSB agent, was in negotiations with the leadership of Sberbank. That’s why the photo of German Gref, CEO of Sberbank, is in Tsargrad’s image with the article, along with a Guy Fawkes mask, used by Anonymous. 
Tsargrad said sources told them that Mikhailov was holding talks with the Sberbank leadership:

“Sberbank has at its disposal one of the largest information security services in Russia. It was proposed not just to strengthen security, but to make a new Internet special service, like the US NSA, which keeps all Americans under a bell jar [i.e. under surveillance– The Interpreter].”

Put together the information from the savings accounts of millions of Russian citizens in Sberbank (the name means “Savings Bank” and is likely the most popular) along with the information about those same people on social networks, and you’ll have one of the largest mass data bases on Russian citizens:

“The chairman of the board of the largest bank in Russia, German Gref, could not help but be briefed on such a plan,” says Tsargrad. If Mikhailov had not been arrested, he would have been directly under Gref’s supervision in making use of this vast data bank. Gref is “a man who has entree to Western globalist circles and also has stubbornly refused to open an office in Russian-occupied Crimea,”

This was from Dugin’s perspective was wrong — and here he and Putin’s views would be aligned.

Big Data to Win the 2018 Presidential Elections

With such a “Big Data” base of Russian citizens, Gref could do a lot, but Tsargrad sources say Gerasimov’s ambitions went beyond more than banal enrichment. As Tsargrad sees it:
Thus experts believe that Donald Trump was able to win the elections thanks to the company Cambridge Analytics which applies Big Data in political campaigns and PR campaigns or black PR [negative advertising] against concrete candidates. Cambridge Analytics has studied the possibilities of influence the electorate for many years through “targeted” advertising, taking into account not only an abstract social group but all the data which are shown about a user of say, Facebook. Existing technologies enable you to target a specific audience, combining not only factors of sex, age, education and other basic information but also their combination and other more trivial preferences — for example, musical or culinary tastes, hobbies, past-times, etc. In a word, everything that you tell about yourself in social networks.
Hillary Clinton meanwhile, says Tsargrad, relied on traditional methods such as media plants and discreditation of her rival from a moral perspective; Trump used more modern technologies from memes on Twitter to targeting with Big Data.
US specialists on election campaigns might find this a skewed description of the US elections, but it doesn’t matter; what matters is that the Russians absorbed the idea that they needed “big data” to win elections.
It strikes us Putin would be the one most interested in this Russian Big Data for his 2018 re-election, but in the possession of Gref’s hacker, so to speak, who might be “contrary to national interests,” the information about be in “the wrong hands”. Perhaps Gref himself thought to run against Putin. 
“This wouldn’t only smell of kerosene,” said Tsargrad — meaning it was flammable material — and then some.
All of this ended up being grounds for pushing Gerasimov, the head of the FSB’s hacking shop, into early retirement. “Only one thing is clear: Mikhailov and Gerasimovv fell in the battle of the patriots and globalists for Big Data,” says Tsargrad.
By “patriots” here, Tsargrad means the nationalists or even ultra-nationalists who might seemingly have an “internationalist” vision like the old Soviet Communists by calling themselves “Eurasianists,” but it’s only because their version of Eurasia is dominated by Russia, not Central Asia. Their “patriotism” was preventing Western corruption of their native Russian values, the family, the church, women as wives and mothers, and so on. The “globalists” were people who didn’t mind the penetration of Western culture, say, in the form of i-phones or popular films, but who would still (being FSB agents) want to turn this to a particular Russian identity.
These differences are hard to describe for the Russian scene because “globalism” has a certain connotation in the West, but it is similar. To give the reader a feel: beneath Tsargrad’s article is a banner for a sensational article: “Why has Russia Invested 6 Billion Dollars in Nazi Kiev?” as if Russia’s current war wasn’t fierce enough, and “Chapman Predicts Start of War with USA” — yes, that Anna Chapman, the spy who was expelled from the US after being exposed as a “sleeper” spy. If you have time to linger on Tsargrad, you can click on a scary banner at the top with a stamp bearing George Soros’ visage and vote for the “Russophobe of the Year” — both Soros and Hillary Clinton are in the list, but doing badly, at 7% and 6% of votes currently, by contrast with “Westernizer” Chubais.
To sum up, Tsargrad is proud of these hacker arrests:
“The purses in the ranks of the FSB illustrate the high level of work and worthiness of our special services which has begun seriously to take up this topic, despite the fact that high-ranking figures in their own agency were involved.”

King Servers and Siberian Vladimir Fomenko 

The Russian press around these hacker arrests have mentioned King Servers — which the New York Times have covered back on September 27, 2017.

Times reporter Andrew Kramer travelled to Biysk, a town in Siberia near the Mongolian border, to meet up with a young man, Vladimir Fomenko, who was discovered to run a company named King Servers with servers in Russia and abroad, through which some of the hacking attempts in the US had run.
Fomenko, a young man with a tattoo on his neck made in the infamous image of the Guy Fawkes mask used by Anonymous, seemed to taunt US authorities:

“We have the information, but nobody contacted us,” said Vladimir M. Fomenko, a tattooed 26-year-old who snowboards in his free time and runs a business out of a rented apartment.

“It’s like nobody wants to sort this out,” he added with a sly grin.

Mr. Fomenko was recently identified by an American cybersecurity company, ThreatConnect, as the manager of an “information nexus” that was used by hackers suspected of working for Russian state security in cyberattacks on democratic processes in several countries, including Germany, Turkey and Ukraine, as well as the United States.

One cybersecurity specialist recognized this cocky behavior pattern, which we could note we have seen in hackers, Kremlin trolls, and some officials:

“The equivocation of responses by Mr. Putin and Mr. Fomenko is studied and deliberate, Kenneth Geers, a senior research scientist at Comodo, a cybersecurity firm, and a former cybersecurity officer with NATO, said in a telephone interview.

“You are not saying yes, you are not saying no, so it’s frustrating for the victim, and it’s intimidating,” he said. “You are suggesting there is more to come.”

The tattoo, though, “is something of a giveaway.”
Is Fomenko also in the shadowy Shaltai-Boltai group hooked up to the FSB’s hacking shop? He doesn’t say. The FBI published the URLs involved in the hacks and perhaps they will be tracked eventually to the FSB.
— Catherine A. Fitzpatrick