A U.S. indictment of two Russian intelligence agents and two hackers alleged to have stolen more than half a billion U.S. email accounts in 2014 has cast a spotlight on the intertwining of the Russian security services and the murky digital underworld.
The officers of the powerful FSB, Russia's Federal Security Service, are accused of employing cybercriminals to access Yahoo's systems and steal data on millions of ordinary users as well as U.S. and Russian officials, Russian journalists and executives at large companies.
Interviews with security experts, hackers and people close to the Russian cybercriminal world suggest that the FSB's ties to cybercrime date back years and are mediated through a web of intermediaries and lubricated by blackmail and cash.
“There has been a lot of piggy-backing by the Russian state on the activities of Russian organized cybercriminal groups and scooping up the fruits of their activities,” said Nigel Inkster, director of Future Conflict and Cyber Security at the International Institute for Strategic Studies in London and a former British intelligence officer.
“The FSB know where these guys are and they know where they can find them,” he said.
According to the indictment, FSB agents Igor Sushchin and Dmitry Dokuchaev ran two hackers during the Yahoo operation and paid them. The hackers were Aleksei Belan, a Russian national, and Karim Baratov, a Kazakh who lives in Canada. Belan also is alleged to have simultaneously used the data to run a spamming network to look for financial information for personal profit.
Dokuchaev, a 33-year-old major in the FSB's Information Security Center, was arrested in December as part of a treason case, Russian media have reported. The U.S. Justice Department would not confirm that account.
In 2011, Dokuchaev was identified by the pseudonym “Forb” in the Russian-language magazine Hacker. In a 2004 interview with the Russian newspaper Vedomosti, Forb boasted of making money from credit-card fraud and breaking into U.S. government websites. Little is known about the nature of the treason charge.
In announcing the indictment that included Dokuchaev and Sushchin, Acting Assistant Attorney General Mary McCord noted that their department was “the FBI's point of contact in Moscow for cybercrime matters.”
“The involvement and direction of FSB officers with law enforcement responsibilities makes this conduct that much more egregious,” she said.
President Vladimir Putin's spokesman Dmitry Peskov said the Kremlin learned about the indictments from the media and hasn't received any official information. He also reaffirmed Russia's denial of any official involvement in hacking.
“We have repeatedly said that there absolutely can't be any talk about any Russian agency's official involvement, including the FSB, in any illegal actions in cyberspace,” he said.
The FSB press service had no immediate comment on the indictment, and the agency did not reply to earlier faxed questions about its broader contacts with hackers.
Along with Dokuchaev, at least three other men reportedly were arrested in the treason case, including Col. Sergei Mikhailov, the deputy head of the FSB's Information Security Center. Although details are sparse, that case has highlighted apparent links between the FSB and cybercrime.
Russia has long been known for its dynamic cybercriminal underworld, which is fueled by high technical standards and the opportunity for significant financial rewards.
That makes it a fertile recruiting ground for the intelligence services.
“It's all about outsourcing,” said Andrei Soldatov, an expert on the Russian security services and co-author of “Red Web,” a book about Kremlin attempts to control the internet.
Soldatov pointed to the Russian military operations in Ukraine that used local proxies and private contractors, describing it as a tactic helpful to Kremlin officials “because it allows them to deny responsibility.”
The most talented Russian hackers work for groups that carry out big financial heists, said Alexander Gostev, chief security expert at Kaspersky Lab, a cybersecurity firm. This community is run by about 20 kingpins who have technical skills but are more notable for their management abilities and contact networks, he said.
“Any hacking group can be hired for an attack on whatever you want,” Gostev said.
The FSB is the leading Russian intelligence agency engaged in cyber operations, but it competes with the military intelligence service, known as the GRU, and the Foreign Intelligence Service, or SVR, according to Mark Galeotti, an expert on the Russian security services and a senior researcher at the Institute of International Relations in Prague.
Rivalries between these groups mean they are constantly vying for the Kremlin's favor. “They are like a collection of cats wanting to bring the dead mouse to the master's kitchen,” Galeotti said.
Outgoing U.S. president Barack Obama imposed sanctions in December on both the FSB and the GRU for their role in what U.S. intelligence services concluded was Russian interference in the 2016 election campaign.
The FSB is more aggressive than the military and foreign intelligence agencies, which run more traditional intelligence operations, according to Galeotti.
“The FSB are secret policemen who are used to operating with absolute impunity and they freely use heavy-handed tactics like blackmail,” he said.
Russian programmer Dmitry Artimovich, who was convicted in 2013 of hacking offenses, said the FSB had made repeated attempts to recruit him.
The first time, he said, was via his cellmate when he was in prison awaiting trial. Artimovich said he refused the offer, preferring to spend time in prison.
“Why would I do it?” he said. “I served one and a half years. Now I am free and don't owe anyone anything. But if you agree to this, you can't go anywhere. You can't have any career growth. It's real dependency.”
Since being released, Artimovich said he has been asked dozens of times to carry out hacking operations, offers he said are designed to tempt him to break the law and become vulnerable to FSB pressure. Artimovich shared screenshots of some of these proposals with The Associated Press, which were made via social networking sites.
Alexander Glazastikov, a member of a hacking group that blackmailed top Russian officials after stealing personal details, said earlier this year that the group, known as Humpty Dumpty, cooperated with the FSB. In exchange for protection, Humpty Dumpty handed the FSB compromising material from hacked email accounts.
Security analysts also highlight the case of Yevgeny Bogachyov, a Russian programmer with a $3 million FBI bounty on his head. He is thought to be behind one of the most successful viruses, Zeus, which siphoned off hundreds of millions of dollars from bank accounts worldwide. U.S. officials have said that Bogachyov lives a luxurious life in a southern Russian resort on the Black Sea.
Bogachyov is one of the kingpins in Russia's cyber community, according to Kaspersky Lab's Gostev. “He is clearly not a programmer,” Gostev said.
Since he was named publicly in 2010, Bogachyov has been linked to intelligence-gathering operations targeting the security services of Turkey, Georgia and Ukraine. Many experts assume his talents have been utilized by Russian intelligence agencies.