The Kremlin Is Not a Victim of Hackers

To think such a thing is possible is to profoundly misunderstand the symbiotic relationship between Russian hackers and the Kremlin’s security services.

The Wall Street Journal yesterday published an article titled “In Russia, Leaked Documents Rattle the Kremlin“, the main thrust of which is to suggest that the Kremlin is as besieged by hackers as any Western state getting ready for elections. The opening passage of the WSJ piece:

Russian domestic politics are being influenced by hacking tactics similar to ones Russia is accused of using to try to weaken its foreign opponents.

Documents found in email accounts hackers said are linked to Russian officials helped fuel recent protests across Russia against corruption. The documents were released by a shadowy group called Anonymous International—also known as “Shaltai Boltai,” which is Russian for Humpty Dumpty.

Alexei Navalny, an anticorruption activist who mobilized the protests, featured some of the documents in a video released beforehand alleging that Russian Prime Minister Dmitry Medvedev used a network of friends to help hide his wealth and property.

The article goes on to portray the Kremlin as fighting a desperate battle with the forces that these hackers have unleashed, forces harnessed by Navalny’s upstart political movement that resulted in widespread protests around the country a little over a month ago. The message is clear: These are the ugly realities of today’s politics, where “shadowy” anarchist groups (or maybe just morbidly obese people living in their parents’ basements?) repeatedly compromise government officials and try to disrupt democratic elections.

As if to underline the point, the Journal goes on to point out that Russian President Vladimir Putin “vigorously” denied having had any hand in the leaking of hacked emails purloined from the Macron campaign, and that he has no intention to sway any vote in the West. “It wasn’t us!” Putin seems to be saying. “We, too, are victims!”

The usually reliable Journal really dropped the ball. The story is misleading at best, partly because the known details of the Anonymous International/”Shaltai-Boltai” story are never discussed, but mostly because it paints an incomplete picture of how Russia’s special services operate. In getting this critical framing wrong, the piece unwittingly ends up playing defense for a Kremlin doing damage control after what is widely believed to be a badly botched intervention in last weekend’s French election.

Eagle-eyed readers may have connected the WSJ‘s brief mention of “Shaltai-Boltai” to news earlier this year that Russia had successfully completed a counter-intelligence operation, mopping up several Russian hackers and even a few of its own security personnel in the process. The only reason that rather obscure story got any play in Western media is that Kremlin Spokesman Dmitry Peskov, obviously aware of the uncomfortable timing of the arrests, went out of his way to preemptively deny that they had anything to do with allegations of Russia hacking U.S. elections. But since the story is so bizarre and the details are so sketchy, Western media quickly lost interest.

Here’s what’s known with a reasonable degree of certainty: the “Shaltai-Boltai” group had been publicly active for around three years until late 2016, and throughout that time had hit upon a profitable formula: leak mildly embarrassing (but ultimately not incriminating) snippets of stolen correspondence from various Kremlin apparatchiks and officials online as proof of hack, and then have people anonymously bid for the rest of the haul. The idea was to set up a competitive marketplace between the affected players trying to buy back their kompromat, and those that want to have something on their enemies.

Then, last October, one of the founders of the hacking group, Vladimir Anikeyev, was arrested. Under questioning, he appears to have given up two of his other colleagues in the organization, whom the security services then lured to Moscow and arrested the very next month.

Finally, a few weeks later, three more notable arrests occurred: Sergei Mikhailov, the head of the Informational Security Center of the FSB, his deputy Dmitry Dokuchaev, and Ruslan Stoyanov, an employee of the cybersecurity firm Kaspersky Lab. The FSB officials were nabbed in spectacular fashion—arrested at a gathering with their colleagues, accused of treason, and hauled off to the clink with bags over their heads.

Lots of hard to pin down speculation and innuendo accompanied the “official” news. One Kremlin-friendly outlet wrote that upon arrest, Anikeyev immediately cooperated with authorities, and mentioned Mikhailov’s name in connection with “Shaltai-Boltai”. Another Kremlin-allied television station, known for its conspiracy-mongering, went further, suggesting that the CIA was behind “Shaltai-Boltai”, and that Mikhailov was a mastermind U.S. spy running the whole operation, whose ultimate goal was to interfere in Russia’s Presidential elections next year. No less an authority than Mark Galeotti also got in on the speculation: “I have long assumed there has to be some human resource for U.S. intelligence [claims of Russian interference in the 2016 elections]” he told the AP.

End of story? Not quite. First, one of Anikeyev’s co-conspirators, still at large, started giving interviews to various news outlets in early February, and filling in some important blanks. He revealed that though he and Anikeyev had initially set up their little extortion scheme independently, they were approached by the FSB in the first half of 2016 with an offer they couldn’t refuse: “Shaltai-Boltai” would be allowed to continue to exist and they would not be prosecuted; in return, their handler would get a veto over any material considered for posting on the exchange, and in addition, the FSB could use their organization to leak information. “[Anikeyev] told me the FSB knew who we were, but wouldn’t touch us if we cooperated,” Anikeyev’s collaborator said.

Then, last month, Kaspersky’s Stoyanov unexpectedly began singing like a songbird while in jail, sending a slew of letters through his lawyers to the media. His letters confirmed a longstanding FSB policy on recruiting and coopting hackers. Namely, the FSB offers them blanket immunity from prosecution for cybercrimes committed abroad, especially financial crimes, in exchange for access to their expertise—and, presumably, some kind of kickback.

The details of the exactly relationship between “Shaltai-Boltai” and the FSB remain murky. For one, it’s not a given that the rolling up of the hacker group had anything at all to do with the arrest of Mikhailov, Dokuchaev and Stoyanov, as the notoriously unreliable Russian rumor mill has framed it.

But what is clear is that the most prominent Russian hackers are by now, in mid-2017, very much part of the system, and are not likely to be acting in any way that is not in some way approved by another part of the system.

The key to understanding what’s going on is to let go of the idea that Russia’s security state is a massive, well-functioning bureaucracy. It is, of course, at its very heart bureaucratic, but what is euphemistically called a “turf war” in the United States is in Russia more akin to a real feudal struggle for territory, or a competition between rival mafia clans. The overall structure of the system is guaranteed by Vladimir Putin himself, but the hierarchy below is beset by, and determined through, vicious and often deadly infighting.

So while it’s possible that the compromising material on Medvedev included in Navalny’s documentary came from Anikeyev’s group as the WSJ article implies, it’s also clear that it’s not a matter of shadowy anarchists trying to “rattle” the Kremlin. Rather, it’s almost certainly an inside job, as our own Karina Orlova has been reporting for months now. To think the Kremlin is a “victim” in this situation is akin to believing that the Kremlin was “victimized” by the executions of Stalin’s notorious hangmen Yezhov and Beria.

Palace intrigue has always been deadly serious in Russia.


. . . . . . . .

Leave a Reply