Russia Imprisoning Sources Associated With U.S. Election Meddling

For those keeping score, the Russian Federation has been sending Russian intelligence officers to prison at a rapid clip. These officers were active in counterintelligence cyberoperations within the Russian Federation and are alleged to be the sources of information concerning the U.S. presidential election hacking of 2016 to the U.S. intelligence community. Imprisoning them places them out of the reach of the West, a tried and true tactic of  modern-day Russia and the USSR of old to move individuals off the playing field.

This past week we saw Dmitry Dokuchayev sentenced to prison for six years for the crime of treason in Russia. This is the same Dokuchayev who is being sought by the U.S. Department of Justice (DoJ) for cybercrimes associated with the Yahoo hack of 2014.

The allegation of treasonous behavior (read: espionage) was levied against members of the elite cybersecurity team within the Information Security Centre (CDC) of the Russian Federal Security Service of the Russian Federation (FSB) (Федеральная служба безопасности Российской Федерации [ФСБ]) in late-2016.

Dokuchayev and two others were arrested in late-2016. Sergei Mikhailov, who was Dokuchayev’s supervisor, was arrested during a staff meeting in classic draconian style: A bag went over his head and he was unceremoniously dragged from the meeting/building, Russian media tells us. A senior manager at Kaspersky Lab, Ruslan Stoyanov, was also arrested, but in less-dramatic fashion.

All three were taken to Lubyanka and then incarcerated in the famed and feared Lefortovo Prison in Moscow to await their trials.

U.S. Election Hacking Connection?

The trio—and, subsequently, others—were charged with providing FSB-collected information to both companies and representatives of the U.S. government. Their accidental discovery by the FSB counterintelligence is tied to a separate FSB investigation into the doxing of Russian government officials, which was carried out by the “Humpty Dumpty” group. The alleged leader of the group, Vladimir Anikeeva, was arrested in late-2016, and during his “interrogation” he “volunteered” the linkage that led to the FSB discovering that CDC officers were sharing information outside of approved channels.

While not explicitly stated, it is within the realm of plausibility these three were among the unidentified human intelligence (HUMINT) sources used in the 2017 assessment from the director of National Intelligence assessing Russian activities in the U.S. elections. A portion of the assessment noted how the analysis was conducted: “Intelligence Community analysts integrate information from a wide range of sources, including human sources, technical collection, and open source information …”

Information of Interest to the United States?

Stoyanov may have had access to the information of the U.S. National Security Agency’s Tailored Access Operations (TAO) information via the compromise of contractor Nghia Hoang Pho, who himself harvested troves of classified information and kept it at his home. Kaspersky Lab was publicly accused in October 2017 of leveraging the Kaspersky security suite on Pho’s computer and subsequently downloading files associated with TAO from Pho’s computer. We know from the Reality Winner publication of NSA information that the the agency was deep into the investigation of Russian activities and that TAO no doubt was involved; knowing that the Russians were aware via Stoyanov would have been invaluable.

Mikhailov, who was the deputy director of the FSB CDC, is tied specifically to the cyberattack on the electoral systems in Arizona and Illinois, according to sources of Russian media outlets. His portfolio included counterintelligence operations and he is characterized by his peers as “the best in the business.”

With the evidence mounting that the United States was privy to the election hacking (not exactly a news flash in 2019, but still being debated in 2016), Russia’s counterintelligence efforts got lucky with the interrogation of Anikeeva. Contemporaneously with the arrests came the implosion of the CDC, with the responsibilities being absorbed by the FSB’s Special Communications Group (FSB SCG), known to the West as FAPSI.

It would appear that Dokuchayev’s cooperation garnered him only six years in prison, while his brothers in crime received much longer sentences: Stoyanov was sentenced to 14 years in prison and Mikhailov was sentenced to 22 years. For now and for a good many years, these three are outside the reach of U.S. intelligence and law enforcement entities. No doubt, Dokuchayev now wishes it was the DoJ who prosecuted him as he heads to the Russian prison system.

Christopher Burgess

Featured eBook
Managing the AppSec Toolstack

Managing the AppSec Toolstack

The best cybersecurity defense is always applied in layers—if one line of defense fails, the next should be able to thwart an attack, and so on. Now that DevOps teams are taking  more responsibility for application security by embracing DevSecOps processes, that same philosophy applies to security controls. The challenge many organizations are facing now ... Read More
Security Boulevard

Christopher Burgess

Christopher Burgess (@burgessct) is a writer, speaker and commentator on security issues. He is a former Senior Security Advisor to Cisco and served 30+ years within the CIA which awarded him the Distinguished Career Intelligence Medal upon his retirement. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century”. He also founded the non-profit: Senior Online Safety.

burgesschristopher has 130 posts and counting.See all posts by burgesschristopher