In recent days we have received many letters and messages from journalists asking for comments on the arrest of the Russian Federal Security Service (FSB) officers and the publications in the Russian press about the role of Shaltai Boltai (Russian for Humpty Dumpty) hackers in the #SurkovLeaks operation. InformNapalm volunteer intelligence community was the original publisher of the analysis and the actual dumps of Surkov’s correspondence provided by Ukrainian Cyber Alliance (UCA) in October 2016. In our opinion, the noise created in January 2017 in the Russian media deliberately takes readers through the looking glass into the “alternative facts” reality. We publish here an extended commentary of a Ukrainian hacktivist and the official speaker for #UCA explaining in more detail the reasons for the arrests of FSB officers and Russia’s attempts to implicate Anonymous International in #SurkovLeaks. (In this translation, we have tried to preserve the author’s style)
Hacker behind the looking glass
…my name means the shape I am — and a good handsome shape it is, too. With a name like yours, you might be any shape, almost. (Through the Looking Glass, by Lewis Carroll)
A few days ago, a number of Russian news agencies published a story about the arrest of FSB officers responsible for information security, the head of department at Kaspersky Lab (Department of cybercrime investigations), and one Vladimir Anikeev who testified against another FSB employee.
Anikeev is believed to be “Lewis”, the spokesperson for Anonymous International. FSB recently decided to confuse the matters by using the discovery on Anikeev’s computer of #SurkovLeaks files, which had been obtained and published by #UCA, and had already been in the public domain.
As the speaker for #UCA, I categorically deny any connections between Ukrainian Cyber Alliance and Anonymous International. I will now try to unravel this KGB tangle.
Let’s start with the major points. Kremlin – is not the monolith that it seems from afar. In Moscow, there is a continuous struggle between various groups and clans, and the “St. Pete gang” is positioned between them as a coordinator and mediator. And the Shaltai Boltai group, in my opinion, is one of the instruments in this fight.
Together (as #UCA) and individually, we conducted a lot of cyber operations against Russia and its puppet republics. There were many large targets, such as the State Duma, the Federation Council and, of course, Surkov. Russia reacted immediately – with layoffs, official statements, audits, criminal proceedings initiated by all three security agencies (FSB, Interior Ministry, Investigative Committee). But there had been no criminal proceedings initiated against Shaltai Boltai in three years, and all the victims keep mum.
Of course, we try to aim high, but we also gladly take anything coming our way, as some inconspicuous clerk or propagandist can be a very valuable booty. And we (as well as InformNapalm volunteers) spend a lot of time figuring out how a particular person could be connected to the leadership of the Russian Federation, how the decisions are made, and whether the information obtained is not some crackpot nonsense. Shaltai Boltai people post “samples” of letters of influential, but non-public people, virtually without comment. And they also offer information for sale. But did any of the allegedly sold correspondences surface anywhere? Why not? Because a complete dump would inflict a tremendous damage on Moscow, whereas the real goal is to pull some strings and rein in a competitor for power.
It is easy to hide behind a Guy Fawkes mask. Although we are hackers too, we are not a faceless chaos. We meet with journalists, communicate with everyone on Facebook, provide evidence for our claims. Whereas, in the rare interviews given by Shaltai Boltai we hear specific vocabulary more appropriate for political consultants, not hackers.
Now let us talk a little about hackers, antiviruses and the FSB. In the post-Soviet hacker underground, there used to be a clear rule “not to work in the CIS”, which of course was constantly violated, because “a 300% upside can justify any crime”. Naturally the comrades in uniform were not amused. But the FSB also realized that hackers could become a powerful weapon (mainly in cracking down on the remnants of the internal opposition). So the FSB started infiltrating the computer underground in the early 2000s.
Companies related to information security and anti-virus protection, such as Dialog Science (Dr. Web), Kaspersky Lab and Group IB were instrumental in this. If you look a bit deeper into their background, you will find close ties with the KGB. Eugene Kaspersky graduated from the Higher School of the KGB, where he was taught by Alexei Remizov, who set him up at KAMI, the anti-virus company. Kaspersky then went on to found his own company (in exchange for the shares in KAMI, which he had received in the most “mysterious” way).
It is the same with the other Russian security market participants, such as Dmitry Lozinsky of Dialog Science. And CERT-GIB can quite be called CERT-FSB with no exaggeration. Kaspersky Lab recruits former special services employees for its department of cyber crime investigations. Ruslan Stoyanov, the arrested head of department in KL, is one of those “formers” (however, we know that there are no “former” KGB officers).
As I have mentioned, FSB is doing agent recruitment on hacker forums, so as not to depend on experts from private companies. One of such forums is the Hacker magazine forum. Which is associated with another person involved in the case – Dmitry “Forb” Dokuchaev. I browsed through Dokuchaev’s old articles on Hacker (he does not even bother to hide his name), and they did not impress me whatsoever (although judging by the 2004 interview for Vesti newspaper he was supposed to be a highly professional hacker).
In the midst of the Vrublevskiy affair scandal (another equally fascinating story with hackers, bribes, FSB and, surprise-surprise, Kaspersky Lab) Forb Dokuchaev was hacked using the Pinch stealer, and back then, in 2012, it became known that one of the Hacker editors was an FSB officer. All of this suggests that Dokuchaev did some recruiting and surveillance of (usually) young hackers. Dokuchaev is not a hacker, he is a curator from the FSB.
Also, nothing is known about the journalism work of Vladimir Anikeev, the alleged leader of Shaltai Boltai. According to an anonymous FSB source, some #SurkovLeaks files were found on Anikeev’s computer, which had been retrieved and published by the Ukrainian Cyber Alliance long before his arrest. #UCA has never worked and does not intend to work with foreign groups. #SurkovLeaks were made possible by CyberHunta group and by joint efforts of #UCA and InformNapalm.
Let’s go back in time a little. In the US, Russian hackers broke into the Democratic Party (and by now, you should already have a pretty good idea who the “Russian hackers” are). So, the US intel community and Western cybersecurity companies began to diligently collect information on the subject. One of the possible versions is this. FSB employees Sergei Mikhailov and Dmitry Dokuchaev shared secret hack-related information with the Kaspersky Lab employee Stoyanov, who, using his KL legacy connections, sent all the information abroad.
Taking advantage of the situation, Tsargrad TV (owned by the sponsor of pro-Russian terrorists Konstantin Malofeev, who is associated with the Kremlin hawk Sergei Glazyev) issued a bogus story claiming that arrests at the FSB are connected with the leaks of Shaltai Boltai (I cannot even call them hacks). This is revenge. The Shaltais previously dumped dirt on Malofeev. Since the Kremlin does not like surprises, Shaltai Boltai curators (after the information on the DNC hack leaked to the press) were replaced. This time the FSB guys got the upper hand. Guess who? Mikhailov and his subordinate Dokuchaev. True hackers.
We have successfully unraveled the tangle, and now let us join all the strings. Somebody in the Russian Presidential Administration (there are rumors about Volodin or Gromov, but it is nothing more than Kremlin towers gazing) got himself a pocket “leak-tank”, the Shaltai Boltai group to fight rivals for power. After the FSB and Russian Presidential Administration special op of meddling in the US elections got busted, the power scramble escalated and Shaltai Boltai was made the scapegoat. In such situations, it is necessary to sacrifice someone inside the gang.
Now the Russian media, which are loath to write about hacking in Russia (so much so, that even information security experts can not adequately assess the threat to Russian information security), so these very media are actively distracting the public from the connection between the FSB, the Presidential Administration and Fancy Bears to the fictional connection between Shaltai Boltai and Ukrainian hackers. What are the objectives? Trying to pass off Russia as a victim in cyber-space, rather than the aggressor. Discrediting the Ukrainian volunteers. Settling internal conflicts in the top echelons of power.
We plan to continue publication of the materials related to Surkov and other top Russian officials. With no need to send a text to register, with no KGB men or Bitcoins. And we will show you some things that were not and could never be on Anikeev’s computer, no matter who he is, because Ukrainian volunteers do not cooperate with aggressors and occupiers.
Glory to Ukraine!
(CC BY) Information specially prepared for InformNapalm.org site, an active link to the authors and our project is obligatory for any reprint or further use of the material.