How America learned about the interference of Russian hackers in the elections

Photo: depositphotos.com

US intelligence agencies concluded that Russian hackers, acting on the order of the Kremlin, influenced US presidential elections in 2016.

Edition The Bellbased on the testimony of sources familiar with the situation, collected a chronology of events and data from the investigation.

FSB Colonel Sergei Mikhailov was arrested on December 5 2016 of the year. Before his arrest, he headed the FSB's 2 department of the Information Security Center (CIB) and was considered one of the main cybercrime specialists in the Russian special services. Now he is accused of treason.

Together with Mikhailov this year in the Lefortovo SIZO conducted three of his friends and defendants of the same case. Mikhailov was familiar with two of them at least 10 years, and even worked together with the third: he was a former employee of Kaspersky Lab Ruslan Stoyanov, a little-known Internet entrepreneur Georgy Fomchenkov and FSB Major Dmitry Dokuchaev.

The testimony of the detainees is inaccessible to the public due to the fact that their case is classified as a state secret.

Correspondent The Bell I managed to communicate with three people personally acquainted with the accused in the case of treason.

Two interlocutors The Bell in Russia they claim that they helped the American intelligence services to obtain evidence of the involvement of Russian hackers in last year’s attacks in the United States. Another person familiar with the investigation confirmed that the arrest of Mikhailov and his comrades was connected with the elections in the United States.

The Russian military intelligence — the GRU (now called the General Directorate of the General Staff of the Armed Forces of the Russian Federation) stood behind the prosecution of Mikhailov and other defendants, according to two. American intelligence agencies believe that it was the GRU last year that oversaw the attack on the servers of the National Committee of the Democratic Party. The administration of Barack Obama extended personal sanctions to the leaders of the GRU.

According to one of the interlocutors The Bell, the accused revealed to the Americans the hackers who participated in the hacks.

Lawyers for the defendants do not comment on the circumstances of the case, but deny that their clients have committed state treason.

What is known about attacks

The fact that the GRU was behind the hacks of the servers of the National Committee of the Democratic Party (DNC) was officially announced in January 2017, in report, under which, in essence, the entire US intelligence community has subscribed. But the American special services published only a part of this secret document, and there was no direct evidence of Russia's involvement in the attack.

Because of the hacks, tens of thousands of documents and letters from functionaries of the Democratic Party and supporters of Hillary Clinton turned out to be in open access. Clinton herself in public speeches repeatedly claimedthat if it were not for the "Russian hackers", the election victory would have remained behind it. The confidence of the representatives of the Democratic Party, backed up by the report of the special services, launched the most powerful anti-Russian sentiment in the United States since the fall of the Soviet Union. The Russian authorities have consistently denied the intervention.

The existence of state-sponsored cyber groups is not a secret, they exist in many countries, states antivirus expert at Kaspersky Lab Denis Legezo. Russia is no exception: there are scattered, pinpoint groups of hackers in the arsenal of its special services, there are a lot of them and they are scattered around the world, says a source close to the Russian authorities and familiar with the design of this system. According to him, in recent years the main role in this direction has been to win over the GRU.

But it is impossible to understand exactly who organized last year’s attack on the DNC, due to technical signs alone, according to four cybersecurity experts with whom we spoke. In order to establish what the GRU was behind the attack, the Americans needed sources, and preferably with access to a state secret, one of them says.

Colonel FSB Mikhailov had such access, and he was well aware of the activities of the GRU, says one of his friends. At the same time, the relations between the special services at the cyberfront were tense. FSB and GRU compete for the budget. Hackers were supervised by both special services, but Mikhailov believed that the FSB was doing it more professionally. He said that “the GRU breaks up the servers brazenly, clumsily and rudely, it interfered with the work of his department,” a colonel’s friend tells. “The traces of the GRU attacks were always visible.”

The confrontation between the GRU and the FSB is also stated in report American company Crowdstrike - It was her last year that DNC ​​ordered to investigate attacks on its servers. About the results of their work Crowdstrike announced in June 2016 of the year.

The main sensation of the investigation Crowdstrike it turned out that the DNC servers, as it turned out, were hacked not once, but twice. It first happened in the summer of 2015, when a successful attack on the DNC was carried out by a group of hackers, which Crowdstrike associated with the FSB. But this operation was carried out so carefully that for almost a year the DNC employees did not even know about it. The next attack, as he writes Crowdstrike, was held in the spring of 2016 of the year and was supposedly carried out on the order of the GRU. She was noticed by the American special services and warned the DNC.

Crowdstrike also came to the conclusion that both attacks were carried out independently of each other, which means that the Russian special services, in fact, competed with each other. We tried to find out from the founder Crowdstrike Dmitry Alperovich, how his company managed to distinguish FSB hackers from GRU hackers, but he did not answer the questions The Bell.

A source familiar with one of the accused claims that Mikhailov, through intermediaries, transmitted some information about hacker attacks Crowdstrike.

At the same time, it is known that in the past Mikhailov contacted employees of foreign special services directly. Unlike many security officials, he was free to travel abroad to attend conferences and cybersecurity events, say two of his acquaintances.

Mikhailov shared with colleagues abroad data about Russian hackers involved in financial crimes, recognize two acquaintances of the accused. In total, he transmitted such information up to 10 times, one of them claims. The mediator in some cases was his longtime friend Ruslan Stoyanov. But they didn’t give out any state secrets, both interlocutors insist. Many Russian hackers have a tacit installation not to engage in crime in their homeland - “not working in Russia”. And at the request of foreign countries, even large burglars are extremely rarely issued by the Russian authorities. Mikhailov and Stoyanov provided covert assistance to foreign intelligence services in precisely such cases.

References to the joint investigations of the CIB FSB, where Mikhailov served, and the FBI are even found in open sources - for example, in court documents in the case of the son of the deputy Seleznev, Roman, who this year was convicted in the US of 27 years for breaking into bank accounts. During the interrogation, Seleznev told about his “roof in the CIB FSB”. TV channel "Rain" He claimedthat Mikhailov’s group transmitted to Western intelligence agencies information about Seleznev’s whereabouts. Besides him, in the 2014-2017 years, at least 2 Russian programmers were detained on charges of crimes in the USA Peter Levashov и Stanislav Lisov, as well as citizens of Russia Mark Vartanyan и Evgeny Nikulin.

The former US government official, who has repeatedly met with Mikhailov and exchanged information with him that was of mutual interest to the authorities of Russia and the United States, describes him as an “aggressive, young, intelligent, but illegible in the choice of means” person. He also claims that Mikhailov, in his opinion, was involved in affairs that clearly went beyond his authority in the service, but what he was talking about - he does not specify.

Mikhailov and other defendants in the case have been monitored by the Russian special services since about April 2016, one source said. The fact that "from the Russian side" they were being monitored, knows another source close to the high-ranking American intelligence officers.

Attack on the DNC, as claimed Crowdstrike, occurred in March. After 8 months, Mikhailov and his comrades were detained, and a couple of weeks after that, just before the New Year, the departing administration of Barack Obama introduced new anti-Russian sanctions, this time - not related to Ukraine.

How Russian hackers attacked the USA

In early January 2017, the US intelligence agencies published a joint report on the results of the investigation of hacker attacks during the presidential campaign. They came to the following conclusions:

American intelligence agencies said that, in their opinion, Vladimir Putin personally sanctioned hacker attacks on the United States.

Results:

• December 2016 of the year. Barack Obama in connection with the hacker attacks introduced new sanctions against Russia and sent 35 Russian diplomats.
• Under the sanctions were: the FSB, the GRU (four of its leaders), as well as two hackers Alexey Belan and Yevgeny Bogachev.
• From the published materials, the DNC indicated that the committee, contrary to the rules, supported Hillary Clinton to the detriment of another candidate, Bernie Sanders.
• After the publication of this information, the head of the DNC, Debbie Wasserman Schulz, resigned, and many supporters of the party attacked Clinton.
• A few weeks before the election WikiLeaks He began to publish the correspondence of the head of Clinton’s headquarters, John Podesta, that was stolen by hackers.
• In total, there were about 60 thousands of his letters in open access, which gave a good idea of ​​how the internal kitchen of the Democratic Party’s presidential campaign works.
• After losing the election, Hillary Clinton has repeatedly stated that “Russian hackers” and numerous “plums” have deprived her of victory.

Both the FSB and the GRU were sanctioned for interfering with the American elections, but personal sanctions were imposed only against the intelligence leadership: the head of the GRU, Igor Korobov, and his three deputies. At the same time, two hackers, Aleksey Belan and Evgeny Bogachev, long sought by the FBI, got into the sanctions lists.

What started the case of treason

Formally, the accusation against Mikhailov and the others has nothing to do with the possible leakage of data about hackers or last year’s attacks, three interlocutors say The Bellclose to the effect.

According to their data, the defendants of the case are charged with the fact that at least from 2007, they provided the American special services with operational search documents related to the activities of a businessman, owner of a payment service. Chronopay Pavel Wroblewski. To accomplish this task, Mikhailov, Dokuchaev and Stoyanov were allegedly brought in by the fourth accused in the case of treason, namely Georgy Fomchenkov. According to the prosecution, on the instructions of Mikhailov, his subordinate Dmitry Dokuchaev provided the operational-search materials to the American special services, the transfer was carried out through Stoyanov.

Mikhailov and Wroblewski can be called enemies. In 2011, Vrublevsky ended up behind bars on 3, on charges of hacking into a competing payment system through which Aeroflot flights were booked. The main witness of the charges against him was Mikhailov. But even before he went to prison, Vrublevsky ordered his subordinates, including the former Foreign Intelligence Service (SVR) officer Dmitry Burykh, to collect dirt on Mikhailov. Burykh, who now works at the Russian Institute for Strategic Initiatives under the leadership of the former SVR director, Mikhail Fradkov, confirmed The Bell this information.

The accusation against Mikhailov and the other defendants in the case of state treason was partially based on this compromising evidence almost a decade ago.

Burykh says that in 2010 he "managed to find out that Mikhailov worked closely with Western intelligence services." The note, drawn up for Vrublevsky, says that Mikhailov allegedly "transmitted information about Russian cybercriminals who refused to cooperate with him <...> a US citizen." In particular, Mikhailov allegedly gave her information about hacker attacks in Estonia and Georgia in 2007-2008. Burykh claims that he collected information from open sources and through acquaintances, and says that he personally drew up a scheme according to which information as of 2010 went to the United States.

From this scheme, it follows that Mikhailov passed on information to his friend Ruslan Stoyanov, then, through an intermediary, the data went to an employee of an American company IDefence Intelligence Kimberly Zentz, and then - to the head of this organization and the US Department of Defense.

Scheme of information leaks from the Mikhailov group to the American special services (version of former CBP employee Dmitry Burykh): Sergey Mikhailov (CIB FSB) - Ruslan Stoyanov (bformer employee of Kaspersky Lab) - Dmitry Levashov (bformer employee of one of Stoyanov’s companies) - Kimberly senz (aAmerican company IDefence Intelligence) - Rick Howard (bformer director IDefence Intelligence) - William Lynn (bFormer Deputy Secretary of Defense.)

In 2010, Wroblewski handed over the collected materials to the FSB, but then his report on Mikhailov did not impress anyone, says the co-owner Chronopay Dmitry Artimovich. For a long time no one was interested in compromising material, but a year ago Vrublevsky suddenly witnessed the prosecution in the Mikhailov case. In fact, there is information that in 2010 and in 2012 in Canada and in the USA, at the request of his friend Mikhailov, Stoyanov allegedly passed information from hacked Wroblewski servers to American intelligence agencies The Bell. In fact, it was the usual exchange of data of operational development, and now it is presented as the disclosure of state secrets, Mikhailova’s friend is outraged.

Expecting that the indictment contains information that Mikhailov and other persons involved in the case might have known something about the hacker attack in the United States is definitely not worth it, because indirectly it would confirm Russia's participation in this attack, says Andrei Soldatov, co-author of the book “Battle for Runet. Mikhailov and other defendants in the case of state treason, by virtue of their competence, knew too much about the not always unambiguous relations between the special services and cybercriminals, and at the same time they had extensive contacts with Western cyber experts, he argues. Regardless of whether they actually gave out state secrets or not, it turns them “into people whom it is better to keep under lock and key” - at least while Russia’s interference in the American elections is under investigation, he concludes.

Read also on ForumDaily:

How Russian trolls are inherited in Brooklyn

How the "trolley factory" worked in the US elections

How does the Russian "trolley factory" in the US: an interview with an ex-employee

How Russia rules the world-American media

Do you want more important and interesting news about life in the USA and immigration to America? — support us donate! Also subscribe to our page Facebook. Select the “Priority in display” option and read us first. Also, don't forget to subscribe to our РєР ° РЅР ° Р »РІ Telegram  and Instagram- there is a lot of interesting things there. And join thousands of readers ForumDaily New York — there you will find a lot of interesting and positive information about life in the metropolis.