“One might think this would be a good time for Russian cyber intelligence officials, credited as they are with hacking and leaking Democratic emails that may have altered the course of the U.S. presidential election. One would be wrong.”
Emily Tamkin — Foreign Policy
February 12 2017 — Both Deputy Directors of the Federal Security Service Information Security Center have been sacked while the Director is rumoured to have resigned. The reasons behind this ongoing crisis are still unclear. UPDATE: In the fall of 2017, a Russian lawyer has confirmed that the case against Sergey Mikhailov, Ruslan Stoyanov and others is about ‘high treason’ in favor of the United States. Follow us on Twitter: @Intel_Today
RELATED POST: Dutch Intel Agency Witnessed 2016 DNC Attack by Russian Hackers — Q&A with Dutch Intel Expert Dr Peter Koop [UPDATE]
RELATED POST: Russian Hackers — Evgeniy Bogachev aka “Umbro” aka “Lucky12345”
RELATED POST: Inside the Intrigue of ‘Russia’s Cyberattacks’
RELATED POST: Russia Intelligence Chiefs Visit Washington to Meet American Spooks
RELATED POST: Who Is Who in World Intelligence and Security Agencies : SVR Director Sergey Naryshkin
The Federal Security Service of the Russian Federation [FSB — Russian: Федеральная служба безопасности Российской Федерации (ФСБ)] is the principal security agency of Russia and the main successor agency to the USSR’s Committee of State Security (KGB).
Its main responsibilities are within the country and include counter-intelligence, internal and border security, counter-terrorism, and surveillance as well as investigating some other types of grave crimes and federal law violations.
It is headquartered in Lubyanka Square, Moscow’s centre, in the main building of the former KGB. The Director of the FSB since 2008 is army general Aleksandr Bortnikov.
Inside the FSB, the Information Security Center is the Division responsible for cyber-security. Andrei Gerasimov is head of the FSB Information Security Center. [UPDATE : Andrey Gerasimov ‘retired’ in the summer of 2017. Sergey Skorokhodov became the new head of the FSB Information Security Center.]
Although no “organizational chart” is available in the public domain, it is usually accepted that this Division has — at least — two departments. The “Operation department” was headed by Colonel Sergey Mikhailov while the “Technical Department” was headed by Dmitry Pravikov.
Andrei Gerasimov has been head of the FSB Information Security Center since 2009. According to Russian media, Gerasimov may be dismissed soon. There are some reports that he may have already resigned.
[UPDATE: Gerasimov was pushed to early retirement and succeeded by Sergey Skorokhodov during the summer 2017.]
Colonel Sergey Mikhailov
Colonel Sergey Mikhailov was Deputy Director of the FSB and Chief of its Operational department. According to Interfax News Agency,
“Sergei Mikhailov, a top cybersecurity specialist in the FSB, and his subordinate Dmitry Dokuchaev are being accused of breaking their oath and working with the CIA.”
In December 2016, Mikhailov was detained at a board meeting — escorted out of the room with a bag thrown over his head. (The exact date may be December 5 2016.)
Sergey Mikhailov has been charged under Art. 275 of the Criminal Code (High treason).
RELATED POST: WHO IS Shaltay-Boltay? FSB Colonel Sergey Mikhailov
RELATED POST: WHO IS Shaltay-Boltay? FSB Major Dmitry Dokuchaev
The deputy Director of the FSB Information Security Center — Department of Information Technology (DIT) — Dmitry Pravikov is currently under investigation.
Dmitry Pravikov is suspected of bribe-taking. He was Deputy Director and Head of the DIT since 2005.
“Kommersant notes that Dmitry Pravikov is dubbed ‘an icon in information security”. He has Ph.D. in Engineering Science and is an associate professor of Information Security department in Bauman Moscow State Technical University. Pravikov has also written dozens of research papers, books and articles in the field of information security.”
[UPDATE: In September 2017, the Moscow District Military Court sentenced Dmitry Pravikov to three years imprisonment. was found guilty under part 3 of Art. 285 of the Criminal Code of the Russian Federation (Abuse of Official Powers) and part 3 of Art. 286 of the Criminal Code of the Russian Federation (Exceeding Official Powers).
Gerasimov’s retirement and Pravokov’s sentence appear to be related to the case of Kaspersky Lab Ruslan Soyanov charged with treason.
Pravikov, being the head of the CIB Information Technology Department, twice signed Stoyanov’s “clearance papers”. The rest of the documents were signed by head of the CIB Andrey Gerasimov.]
Zhahongir Yuldashev was appointed as temporarily chief in charge of operations instead of Mikhailov. Alexey Grachev was appointed as the Interim Head of the DIT to replace Dmitry Pravikov.
What is ‘the’ Story behind the Crisis?
There is obviously a major crisis but the reasons remain unknown. There is no lack of ‘good stories’ to explain the arrests and charges of treason.
Popular explanations include a link to the ‘Russian DNC hack’, the leak of the ‘Trump Dossier’, Espionage for US Intel Agencies (FBI, and /or CIA), a connection to the Shaltay Boltay hacker group (with multiple sub-stories such as the “Surkov-Leaks” scandal , the leaked documents from the chief of the Defense Ministry’s construction department) , and so on…
RELATED POST: WHO IS Shaltay-Boltay? Alexander Glazastikov
But truth being told, none of these appears convincing so far. Some experts believe that the situation in the ISC is linked to internal conflicts.
An Internal Power Fight?
The investigation against Dmitry Pravikov may be the result of his recent conflict with the management following a planned reorganization of the FSB departments.
After the reorganization the ISC would be placed under the control of the ‘Vosmyorka’ – which is allegedly the FSB Information Protection and Special Communications Center.
We know that Russia just passed a set of new laws that may prepare the ground for a major paradigm shift and place the entire Russian cyber world under State control.
Meanwhile, the Kremlin is also preparing to implement the notorious “Yarovaya Package” of laws (scheduled to go into effect in 2018), which will give Moscow greater control over the personal online information of Russian citizens as well as empower the authorities to label and prosecute critical online speech as “extremist” (see EDM, July 15, 2016).
Taken together, it appears the Kremlin is preparing to undertake a great “cyber purge” that may change the entire architecture of relations between Russian IT companies and the state, leading to the establishment of full government control over this sector. [Eurasia Daily Monitor]
Cyber-criminality and Russian contacts
According to Western cyber-security experts, cooperation with their Russian counterparts has come to a sudden halt since the arrest of Sergey Mikhailov, Dmitry Dokuchaev and Ruslan Stoyanov, head of the computer incidents investigation team at Russian cyber security firm Kaspersky Lab.
“Everybody has clammed up,” said John Bambenek, a manager of threat research at Fidelis Cybersecurity.
The arrests send a message that “even an informal information-sharing relationship with trusted Russian intelligence and law enforcement officers might be considered treason,” said Vitali Kremez, director of research at American security firm Flashpoint.
“This sends a shiver down everybody’s spine,” said a senior U.S. law enforcement official. “We were getting some headway over there…”
UPDATE: In the fall of 2017, a lawyer has confirmed that the case against Mikhailov, Stoyanov and others is about high treason in favor of the United States.
Security services sweeping purge underway: another FSB officer targeted — Crime Russia
Head of FSB Cyber Unit May Soon Be Dismissed — FP
Cyber expert’s arrest silences Russian contacts of some Western crime fighters — REUTERS
Making Sense of Russia’s Cyber Treason Scandal — STRATFOR
Russia on the Verge of a ‘Cyber Purge?’
One Year Ago — RUSSIA: FSB Shaken by a Major Reshuffle
Two Years Ago — RUSSIA : FSB Shaken by a Major Reshuffle
Pingback: ロシアの作戦行動は非常に日和見主義的で、細分化され、ときには矛盾を孕んでいる | TechCrunch Japan
Pingback: ロシアの作戦行動は非常に日和見主義的で、細分化され、ときには矛盾を孕んでいる | 暮らしのニュース速報まとめサイト KURASOKU
Thank you for the opinion from Japan. Please, read my own analysis reported in this post:
Two Years Ago — Inside the Intrigue of Russia’s Cyberattacks
Pingback: ロシアの作戦行動は非常に日和見主義的で、細分化され、ときには矛盾を孕んでいる | 暗号通貨ジャーナル