A series of staff purges has begun in Russian security services responsible for cybersecurity of the state authorities. Layoffs and high treason criminal cases against senior FSB officials could be related to the recent successes of Ukrainian hacktivists.

In recent days, Russian media have been reporting on the arrest of Sergey Mikhailov, deputy head of the FSB Center for Information Security. He was arrested in December 2016 in a high treason case, but the hype in the press has started only now. Along with this story, Interfax reported the arrest of Ruslan Stoyanov, a top manager at Kaspersky Lab, also in December 2016 in the framework of the same proceedings.

The experts of InformNapalm volunteer intelligence community wondered, why was there this month-long pause in reporting these events? Why is the Russian press pushing the version about the alleged connection of the arrested senior FSB officer with the Shaltai Boltai (Russian name for Humpty Dumpty) or Anonymous International hacker group?

After analyzing numerous media reports, we noticed that another significant event was obscured by these reports. Alexander Pavlov, the head of the reception office of the Russian presidential aide Vladislav Surkov was dismissed, also in December 2016. However, only on January 20, 2017 Vedomosti , a popular Russian business journal, reported that the Russian presidential aide had lost his chief of staff, and that his dismissal may be linked to a series of publications of the hacked correspondence of his reception office released by Ukrainian hackers in late 2016.

The publication of Surkov’s office mail dump (#SurkovLeaks part 1 & part 2) made a serious stir in the Western press. Its contents were verified and its authenticity confirmed by international OSINT and analytical organizations such as InformNapalm, Bellingcat, and Atlantic Council. Articles about the hacking of Surkov’s office appeared in the international media, including the BBC, TIME, The Daily Mail, The Times, Radio Free Europe / Radio Liberty, The Guardian and others. It was a severe blow to the image of the chief architect of the Russian Spring and Novorossia projects.

The mail dumps from the office of Surkov contained references to the Russian billionaire Konstantin Malofeev. He is one of the primary financial sources for the Russian militants in Donbas and the founder of many informational projects, think tanks and analytical centers, where he sits on supervisory boards together with the prominent Russian nationalist ideologue Alexander Dugin.

On January 25, 2017 the first report about the connection of the deputy head of the FSB Center for Information Security Sergey Mikhailov with the hackers of the Shaltai Boltai group was published by Tsargrad.tv. “Coincidentally”, Tsargrads’s general producer is Konstantin Malofeev, and its editor is Alexander Dugin. Tsargrad referred to unnamed “own sources in law enforcement agencies”. The news quickly spread in the Russian media. Journalists jumped on the story, although the tone and content of it sounded rather like a conspiracy theory that had included “CIA involvement” and other juicy details just to make it more exciting for the Russian audience.

At the same time, Shaltai Boltai (Anonymous International) hacker group had been inactive for quite a while. Some of the most high-profile “CIA conspiracy” operations listed by Tsargrad for more dramatic effect were the hacks of Russian PM Dmitry Medvedev’s Twitter account in 2014 and Alexander Dugin(!) e-mail account, also in 2014.

We asked a representative of the Ukrainian Cyber Alliance (UCA) to explain the dismissals and arrests in the Russian cybersecurity community in December 2016.

– the UCA hacktivist said.

Perhaps we can expect more media reports about the high-profile arrests and mysterious deaths of Russian security officers and civil servants. Apparently, it is not a coincidence that last week a number of Russian news agencies announced the impending major reshuffle at the FSB department dealing with cybersecurity. In particular, Kommersant reported that Andrei Gerasimov, head of the FSB Center for Information Security, who has been in charge since 2009, may soon be fired. Gerasimov also served as FSB’s deputy director for counterintelligence. The publication stresses that his dismissal may mean the beginning of “great purges”. Russian companies in the field of information security will have to rebuild their relationship with the state, which effectively steers the industry through the FSB Center for Information Security.

Who else will be jailed for high treason or be fired for a series of inexcusable blunders, including #SurkovLeaks, in the field of information security? We may not need to wait long to find out. The cyberwar is escalating, and Russia is continuing its attacks against Ukraine and NATO countries. However, Ukrainian hacktivists are doing their part by responding with their offensives against Russian targets. And the success in cyber warfare against the Russian intervention and propaganda is no less important for deterring the aggressor, than battle orders and modern weaponry. 

Material prepared by Andrew Lysytskiy and Roman Burko, translated by Artem Velichko, edited by Max Alginin

 (CC BY 4.0) This information has been specially prepared for InformNapalm.org, an active link to the authors and our project is obligatory for any reprint or further public use of the material.
We call on our readers to actively share our publications on social networks. Broad public awareness of these investigations is a major factor in the information and actual warfare.