A senior Russian intelligence officer who was arrested on suspicion of treason in December has been charged with passing secrets to the CIA, sources told the Russian news agency Interfax on Tuesday.
Sergei Mikhailov was the deputy head of the information security department of the FSB, Russia’s national security service. He was arrested along with Dmitry Dokuchaev, a cybersecurity expert who worked as a hacker under the alias “Forb” before joining the FSB; and Ruslan Stoyanov, a key cybercrime investigator at the Russian cybersecurity firm Kaspersky.
They were arrested shortly after the CIA concluded that Russian hackers, at the Kremlin’s order, broke into Democratic National Committee servers and Hillary Clinton campaign chairman John Podesta’s account during the US presidential election. It is unclear, however, whether the arrests were linked to the election-related hacking.
The Russian newspaper Novaya Gazeta reported last week that Mikhailov, the senior FSB official, had been accused of giving US intelligence officials information about a server-rental company, King Servers, through which Russian hackers have been known to attack the US. Interfax’s reporting on Tuesday was the first to mention a CIA link.
Mikhailov and Dokuchaev have also been linked to a group of hackers known as Shaltai Boltai, or Humpty Dumpty, that has published emails from Prime Minister Dmitry Medvedev and other Kremlin officials, Bloomberg reported on Monday. Bloomberg cited sources suggesting that Mikhailov and Dokuchaev worked for Shaltai Boltai, selling sensitive information to the highest bidder even as they were still employed by the FSB.
“It’s a murky world in which actors are both predator and prey,” wrote Leonid Bershidsky, the founding editor of the Russian newspaper Vedomosti. “The Kremlin enjoys access to brilliant and unscrupulous people; the downside, of course, is that they may be hard to control.”
Investigators are also reportedly examining money that Stoyanov, the hacker-hunter at Kaspersky, is accused of receiving from foreign companies or entities. A source told Russia’s Kommersant newspaper that the case had been filed under article 275 of Russia’s criminal code, which allows the government to prosecute an individual suspected of aiding a foreign state or organization.
“Stoyanov was involved in every big arrest of cybercriminals in Russia in past years,” a source familiar with Stoyanov’s past work told Forbes.
Andrei Soldatov, who has studied the internet and Russian security services for more than a decade, told Business Insider last week that Stoyanov was “seen as a sort of broker” between an unnamed foreign company and Mikhailov. So the treason charges could have been a result of Stoyanov facilitating foreign access to someone with Russian security clearance – in this case, Mikhailov.
Still, Soldatov emphasized that “so far, I see no evidence to link this case to Russia’s hacking” of US Democrats.