The Extradition of Vladislav Klyushin
As December 2021 came to a close, indicted and arrested Russian national Vladislav Klyushin was quietly extradited from Switzerland to the United States. A spokesperson for the Russian Embassy in Switzerland, Vladimir Khokhlov, was quoted by TASS and Radio Free Europe/Radio Liberty, saying, “We are forced to state that we are dealing with another episode in Washington’s ongoing hunt for Russian citizens in third countries.” Khokhlov isn’t wrong—Klyushin is the latest in an ever-growing list of individuals who have been apprehended, held and subsequently extradited to the United States after being indicted for cybercrimes.
Klyushin’s Arrest and Extradition
On March 21, 2021, Klyushin and his family arrived via private jet in Sion, Switzerland for a family vacation. He was arrested upon arrival. In April 2021, the U.S. Department of Justice (DoJ) formally requested the extradition of Klyushin for his “alleged involvement in a global scheme to trade on non-public information stolen from U.S. computer networks that netted tens of millions of dollars in illegal profits,” according to the DoJ. Interestingly, the Russian Federation had requested his extradition in March 2021. The Swiss Federal Office of Justice denied Russia’s request and granted the United States’ request. On December 18, he was extradited to Boston, Massachusetts.
Klyushin’s Alleged Crime
The multi-count indictment (22-page pdf), unsealed upon Klyushin’s extradition, detailed Klyushin’s alleged connection with Russian cybercriminals and his role in a conspiracy “to obtain unauthorized access to computers, and to commit wire fraud and securities fraud, and with obtaining unauthorized access to computers, wire fraud and securities fraud.”
His co-defendant, Ivan Ermakov (aka Yermakov), was an officer of the Russian GRU (Russian Main Intelligence Directorate – military intelligence) and was previously charged in July 2018 for his role in a “hacking and influence effort related to the 2016 U.S. elections.”
Klyushin, Ermakov and one other co-defendant all worked at Russian IT technology company M-13. The marketing content on the M-13 website noted that their solutions are used by the Russian Federation including by the offices of the president and numerous other federal ministries and departments.
They are alleged to have hacked into two separate U.S.-based filing agents used by U.S. companies to file required paperwork with the Security Exchange Commission (SEC) and accessed information about upcoming public financial declarations. The information gleaned from those forays allegedly gave the co-conspirators the opportunity to engage in financial transactions based on insider information and obtain lucrative returns on investments from the purchase/sale of shares of stock. The level of success enjoyed by the co-conspirators is highlighted by a message from Klyushin to investors, “Pay attention to shares of [company] now and tomorrow after 1630 and on how much they go up.” The indictments of Klyushin’s co-conspirators list the various companies whose financial documents, destined for SEC filings, were compromised.
Klyushin and Ermakov’s Relationship
The relationship between Ermakov and Klyushin—both employed by M-13, both with ties to government entities within the Russian Federation—is worthy of approbation. While publicly available information relating to the exact nature of their collaboration is limited to the aforementioned indictment unsealed upon Klyushin’s extradition, it does suggest that Klyushin may have information related to Russian active measures targeting the U.S. This information may be limited to hearsay, since it was gleaned from conversations with his colleague Ermakov.
Given Russia’s concerted effort to have Klyushin extradited to Russia on fraud charges which were filed immediately after Klyushin’s March 2021 arrest in Switzerland, it seems there is something special about Klyushin. Indeed, the urgency with which Russia attempted to have Klyushin returned to his home country adds weight to the speculation that, given his documented close working relationship with the Kremlin, he may have insight into the decision-making process within the Russian Federation active measures campaign and/or the Kremlin’s support of cybercriminals.