The Russian leadership is now looking for any loopholes in order to withdraw attention from itself and its intelligence services, which the US authorities suspect of meddling in the presidential elections of 2016.
Day by day, there are more and more facts evidencing the involvement of the GRU and the FSB in hacking attacks on the servers of the Democratic Party, as well as other operations during the presidential elections in the USA, which had an impact on public opinion.
Since the end of last year, the Kremlin began to work out a plan of retreat. It is extremely simple: using one unsightly situation, which we will discuss below, to admit that the Russian hackers, which involved in the organization of this crime, were actually led by curators from the Russian FSB. But the curators themselves should be portrayed as traitors, which handed over the interests of their own State and sold to CIA.
The ultimate goal is to show how the Americans and the CIA tried to use “corrupt intelligence for discredit of the Russian leadership”. As they say, from two evils try to choose the lesser.
All this can and will be able to explain to the simple Russian citizen the reason for imposing tough sanctions against Russia in January next year. But meanwhile, it is not clear what they are hoping for in Moscow on the international arena, because it is absolutely clear that none will believe in this “legend”.
At the same time, the Kremlin is unlikely to succeed in creating a stable alibi. Now there is one serious obstacle that prevents the Russian authorities from getting rid of unnecessary risks. They build alibis on the results of the internecine war between the GRU and the FSB, which resulted in a conflict and became the property of not only Vladimir Putin, but also the public.
Traces of Kremlin “bears”
Recently, Russian Foreign Minister Sergei Lavrov, answering journalists’ questions, broke into a real hysterics. Thus, the head of the Russian foreign ministry pointed out that Americans constantly meddle in the elections that take place on the territory of Russia.
Such nervousness is easily explained. Putin cronies are afraid of a retaliatory strike from the USA, whose political system the Russian intelligence services tried to undermine during the presidential elections of 2016. In truth, the intuition of Kremlin officials is not deceiving, because new sanctions will be imposed against Russia from the end of January next year, as required by the law “On Countermeasures to the opponents of America …”, which applied in August.
We have to recall that after the launch of restrictive measures, firstly, the work of the Russian military-industrial complex will be practically stopped (most of the export products will stuck in warehouses); second, the construction of new gas pipelines is likely to freeze; third, investors will be forced to abandon large-scale projects in the territory of Russia because of the threat of mirror sanctions from the USA.
But most importantly, it is the Americans’ readiness not only to disclose all information about the financial condition of Putin’s cronies, and, if necessary, to close their shadow foreign accounts.
But here the Russians only have to blame themselves, namely, on the negligence of their performers, who relied on the eternal Russian “and so will come down”, leaving many traces of meddling in the process of presidential elections in the United States.
So, a year after the hacking of the email of Hillary Clinton, and also after the illegal penetration into the servers of the National Committee of the Democratic Party, American experts found enough evidence that Russian intelligence services are involved in this crime, as well as other operations, namely, influence and formation of public opinion.
For example, representatives of the company Facebook found 3,300 advertisements (with digital fingerprints) that were sent by burglars of the Russian company Internet Research Agency, also known as the Troll Factory (St. Petersburg).
Employees of the American corporation also found 470 counterfeit accounts and pages in the social network associated with the Troll Factory. On these pages were posted messages that split the American society along racial and gender lines. Also, separate groups were created (for example, in support of the black population, or against Afro-Americans) which held rallies for Russian money. These communities were able to organize rallies in support of Trump (and therefore against Clinton) in 17 major US cities.
“More than 1.2 million subscribers were in 16 groups on the struggle of black people for their rights. About 143 thousand Americans followed for updates to the community dedicated to the LGBT movement. More than 300 thousand people have subscribed to the page about the problems faced by Muslims in the United States, “- writes RBC edition.
In addition, employees of the Twitter found 200 accounts that were created and used by Russian hackers to undermine the political system of the United States.
However, American specialists were able to find out immediately (as soon as there was a breakdown of the servers of the Democratic Party) that the attack was organized by the Kremlin intelligence services
In the summer of 2016, when there was an illegal penetration into the internal network of the National Committee of the Democratic Party, company CrowdStrike, which eliminated the consequences of the hacking, stated that it was organized by the Russian cyber espionage groups – Fancy Bear and Cozy Bear.
“We have a high degree of confidence that both groups are Russian intelligence agencies,” Dmitry Alperovich, Technical Chief of CrowdStrike, told to Passcode edition.
“As for the” Fancy Bear “we have an average degree of confidence that it is the GRU, the Russian military intelligence agency, and in the case of the “Cozy Bear”- a low level of confidence that is FSB, the Russian Federal Security Service,” he said.
Researchers from CrowdStrike found a malicious code collected on Russian servers. They also found that the attackers “operated from 8 am to 8 pm Moscow time, which indicated that we are dealing, more likely, with employees of government agencies than with cybercriminals who work for profit at night”.
Now, Moscow intends to play the card with traitors from the intelligence services, which while working for the American intelligence services, set up Russia, and also to say that all these accusations of meddling, retaliatory measures in the form of sanctions are a special operation of Washington with aim to destabilize Russia and discredit its top leadership.
Case of Humpty Dumpty
At the beginning of January 2017, it became known that members of the Humpty-Dumpty cyber group – Vladimir Anikeev (Lewis), Alexander Filinov and Konstantin Teplyakov (March hare) were taken into custody in the criminal case on illegal access to computer information. The only one hacker Alexander Glazastikov could to escape abroad (to Estonia).
Also, one of the heads of the Information Security Center of the FSB Sergey Mikhailov, his deputy Dmitry Dokuchaev (former hacker) and Ruslan Stoyanov, head of the investigation department of computer incidents of Kaspersky Lab, were arrested for treason against the State. These people are considered to be the curators of the cyber group Humpty Dumpty.
Hackers indicated in their confessions that Mikhailov found them in 2016 and then became their curator. However, there is one important detail, which is trying to hide Russian special services. 12 million $ in cash were found during the searches in the apartment of Mikhailov. Probably, he took this money from the hackers themselves, who at their time stole information from officials for further blackmail and extortion of money. This means that the head of the Information Security Center of the FSB was a common corrupt official who simply collected a tribute from a group of hackers.
However, this information was quickly withdrawn from the accessible Internet segment. Kremlin is trying to divert Mikhailov from the Humpty Dumpty case, attributing the article “treason against the State” to him, which will make the trial closed.
It is interesting that after catching the persons involved in this case, Alexander Glazastikov, who fled to Estonia, immediately said that authorities want to blame their group for hacking the servers of the National Committee of the Democratic Party, indicating that they are the “Cozy Bears”.
Further, the press received information allegedly from the investigators, who indicated that Mikhailov and his associates, using the official position, regularly provided information to representatives of the US intelligence services. An example of such a leak was CIA data on the owner of the Russian hosting company “King Servers” Vladimir Fomenko. It was reported that a cyber-attack was carried out on voter registration systems in the states of Illinois and Arizona from the servers of this structure in August 2016.
Then, two Russian hackers are arrested in Spain – Stanislav Lisov and Petr Levashov. Official Madrid gives permission for the extradition of these two to the USA, where they are suspected of attacking the American electoral system.
Now, US authorities suspect Levashov of managing the global computer network Kelihos, which includes tens of thousands of computers infected with viruses. Investigators believe that Russian hackers attacked the American electoral system with the help of these computers.
Levashov, without thinking twice, decided to immediately admit that he is a serviceman (most likely the GRU of the RF General Staff), which, among other things, collected information about opposition parties for United Russia party and brought it to the right people.
In this regard, an article by Herman Alexandrov “Who handed over the US to Russian hackers” appears on the Russian website Rosbalt. He took the opportunity to point out that immediately after the arrest of FSB representatives; the Americans began to catch Russian hackers.
But the red line that goes through this article is completely different – the accusation of Mikhailov and his subordinates in the work for the CIA.
So, the author reports that the arrested Ruslan Stoyanov, a Kaspersky Lab employee, dealt with a number of Western companies that helped the US intelligence services to find Russian hackers and record their activities. Americans, according to Rosbalt, owned certain information, but could not complete a picture, because it was necessary to have secret information for this. According to the author of the article, Stoyanov helped to get this information. He directly received it from his superiors – Sergei Mikhailov and the operative Dmitri Dokuchaev.
However, until these events, Konstantin Kozlovsky, a hacker from Yekaterinburg, was arrested on May 18, 2016. Now, as reported by Novaya Gazeta, he is held in the special block of Matrosskaya Tishina prison and is suspected of organizing and directing an international group of hackers, which included about 50 people.
Initially, he was accused of theft about 1.7 billion rubles from the Russian banks using the “Lurk” virus.
Everything changed a year after when the criminal case was started against the FSB officers led by Mikhailov. Hacker Kozlovsky for no reason decided to speak at the Moscow City Court and confess to involvement in cyberattacks on the site of the committee of the Democratic Party of the United States and in hacking personal correspondence Hillary Clinton.
According to him, he was recruited by the FSB in 2008, and “fulfilled a lot of tasks” during these eight years, received from his curator-operative of the 2nd department of operational control of the FSB, Major Dmitry Dokuchaev.
In support of these words, someone puts the relevant documents on Kozlovsky’s Facebook page. It is interesting that this is indicated by the special correspondent of Novaya Gazeta. The first sensational materials on this page were posted early August 2017. They were accompanied by hashtags # FSB, # Dokoutchaev, #Mikhailov # Stoyanov, # hackers, # Kaspersky.
Interesting thing is that everyone became aware of this page only in December, and, according to the author of the article, any web search engine did not find the page of the Russian hacker in September-November.
In one of his letters (we give an abbreviated version) Kozlovsky writes: “Over the years of cooperation I have completed many tasks. Ilya, my curator, gave tasks and controlled me, supplied by technical and software tools, patronized in questions with law enforce officers.
In recent years, the focus of attention has been chained to the servers of America and the EU. The task for hacking the National Committee of the Democratic Party of the United States, the correspondence of Hillary Clinton, I carried out successfully, transferring data on the hard disk to the FSB officer Ilya (850 GB in compressed form with video recordings of hacking)”.
Later, Kozlovsky will say that he refused cooperation because of the constant pressure of his curator who wanted to launch a program to destroy important US infrastructure. After that, he allegedly was imprisoned in “Matrosskaya Tishina” prison.
As you understand, the Russian hacker named the real name of his curator. He was a major FSB Dmitry Dokuchaev.
Kozlovsky also recalls Ruslan Stoyanov, head of the department of investigations of computer incidents of Kaspersky Lab, as a specialist who, under the judicial sanction and instruction of the FSB, hacked off foreign servers. In particular, servers that have IP addresses 188.8.131.52 (Germany), 184.108.40.206 (United Kingdom), 220.127.116.11 and 18.104.22.168 (France).
Based on this information, it seems that Kozlovsky is a member of the “Cozy Bear” cyber group, whose inspirer and creator was Colonel Sergei Mikhailov, under whose command Stoyanov and Dokuchaev stayed, as the Russian intelligence services try to present.
In other words, the Kremlin intelligence services form image of three “representatives of the FSB”, as “werewolves” who “became traitors, merged the information of the CIA, and, becoming part of a campaign to discredit Russia, framed the Kremlin by organizing hacker attacks against the Democratic Party and its main candidate for elections in 2016” by order of the Americans.
But the Russians cannot fully present this version to the end, since Dokuchaev himself has already conveyed through a lawyer that he “denies acquaintance (communication) with Kozlovsky and any cooperation with him”.
However, all this is not important, because the Kremlin will not be able to create even such a stupid alibi, and for what reasons.
Conflict between FSB and GRU
It should be said that there a confrontation between the GRU and the FSB (the former KGB) was always.
Another conflict arose in 2014. “In recent years, the Main Intelligence Directorate (GRU) of the General Staff of the Russian Federation has failed many times. The lists of operatives, who work under the cover, are walking on the Internet, employees are sent out after espionage scandals, high-ranking intelligence officers are killed under strange circumstances, and the entire leadership of intelligence service is under American sanctions. Representatives of GRU connect this not only with the successes of foreign counterintelligence, but also with subversive activities of the FSB. Their response to the FSB was the exposure of the hacker group Humpty Dumpty and its curator-colonel of the FSB, Sergei Mikhailov”, – the Center for Investigation Management (CIM) found out it in June this year.
So, according to the CIM, the article of a certain Vladimir Kolpakov “War in Putin’s espionage triad” appears on the Russian website “Military Materials” at July 15, 2014. There it is just told that there is a war between the various intelligence services for financial flows. But in the end, the author lays out a list of 79 Russian military intelligence officers who work undercover in the US, Europe, Asia and South America.
Dozens of Russian and foreign websites managed to reprint this entire list. “There has never been such a dangle in the history of the GRU”, – one of the sources in the Ministry of Defense of the Russian Federation said to the CIM.
A year after the leaks the spy network of the GRU into internet, a new scandal broke out in the RF Ministry of Defense. Defense Minister Sergei Shoigu received an e-mail from the hacker group Anonymous International (also called Humpty Dumpty) with a proposal to shoot himself or submit resignation. The hackers justified their “request” by the fact that they managed to break the mailbox of the assistant to the former head of the military development department, General Roman Filimonov, 30-year-old Xenia Bolshakova, and they had documents classified as Top Secret.
In early July 2015, this lot was put up for sale on the “Information Exchange”. Later, Humpty Dumpty posted screenshots of several letters. While the leadership of the Defense Ministry was deciding how to react to what is happening, hackers published an open letter about the cracking to the chief of the military counterintelligence of the FSB, Colonel-General Alexander Bezverkhniy. At the end of this message, Humpty Dumpty offered to Bezverkhniy to buy out the archive of Bolchakova with a 50% discount, estimated at 350 bitcoins (at the exchange rate at the date of the letter – 6.2 million rubles).
“You can imagine what Shoigu felt when the director of the FSB Bortnikov spread out the papers before the president, and began reporting about a mocking letter to the military counterintelligence of FSB, the discharge of our spy network in the Internet and a chronic mess in the central apparatus of the Defense Ministry”, – the same MoD source told to the CIM.
After the incident, Russian Defense Minister Sergei Shoigu demanded “to find urgently those who are behind the hackers.” As a result, military intelligence established that the author of the letter to the Defense Minister Shoigu and to the FSB was one of the founders of Humpty Dumpty Vladimir Anikeev (Lewis).
The representatives of GRU were surprised when they discovered that Anikeev-Lewis had been recruited by the FSB, and his immediate supervisor was the head of one of the FSB units, Colonel Sergei Mikhailov, who “successfully” fought with the websites that had spread the GRU’s residence list. According to the investigation, Shoigu reported to Putin very unpleasant news for Bortnikov.
According to the CIM, the exposure of the hacker group Humpty Dumpty and its curator, the FSB colonel Sergey Mikhailov, was the retaliatory strike of the GRU on the subversive activities of the FSB against military intelligence.
It is clear that in the context of this whole situation, there have been corresponding infighting and unpleasant conversations in the Kremlin. Bortnikov, of course, spoke to Putin and Shoigu that he had no clue, and his subordinates were engaged in some kind of amateur performance, but the guilty will be punished.
Also, given the fact that information about the detention of Mikhailov and his assistants appeared only in early 2017 (although they were arrested in October 2016 – before the election of the US president), Russians decided to play this unsavory situation in this way – treason of the defendants, cooperation with the CIA in order to discredit and set up the Russian leadership amid sounding accusations against the Russian special services and the Kremlin about meddling in the American elections.
As they say, there would be no happiness, but misfortune helped.
In the meantime, it can even be doubted that the American investigation, taking into accounts the evidence and witnesses (the direct perpetrators – hackers), will bring the case about the meddling of Russian special services in the American electoral system to its logical conclusion.
In the end, everything will turn out to be the same as the representative of the company “CrowdStrike” Dmitry Alperovich said initially that all these Russian “bears” who broke into the servers of the Democratic Party – representatives of the GRU and the FSB, who acted on orders from the Kremlin.
And after that, it will not stop the wave that will be swept by the EU countries – from Great Britain to Spain. European states will begin to conduct their pre-judicial investigations, and then identical verdicts will be followed against Putin and his network.