Two Russian cybersecurity experts were sentenced to prison in late February for committing undisclosed acts of treason, leading to considerable speculation about whether they were involved in helping the United States investigate Russian interference in the 2016 U.S. elections. The details of the case were kept so secret that only a few facts are absolutely certain, but the timing is certainly suspicious—the two men were arrested just one month after the 2016 presidential election. The secretive treason trial is most significant, however, not for what it tells us about what went on during the 2016 election but instead for what it appears to reveal about the Russian government’s willingness to let cybercriminals call the shots—and its unwillingness to continue even the small amount of cooperation with the United States on fighting cybercrime that it once allowed.
What we do know: Sergei Mikhailov, a former intelligence officer at the Federal Security Service, or FSB, who helped coordinate anti-cybercrime partnerships with Western countries, including the United States, was sentenced to 22 years in prison. Meanwhile, Ruslan Stoyanov, who worked at controversial Russian cybersecurity firm Kaspersky Lab, received a sentence of 14 years. Both men have maintained their innocence throughout the trial.
The sentences were issued by a Russian military court following a completely closed court proceeding, but one of the defense lawyers revealed to CNN that the two men were being tried for committing treason against Russia on behalf of the United States. It’s possible that they were tried for helping the United States investigate the data breaches directed at the Democratic National Committee servers and Hillary Clinton’s campaign. Whether or not that’s the case, it’s not a good sign that Russia is going after the few people who were cooperating with the United States on cybersecurity matters in the public and private sectors. The Russia-U.S. relationship on cybercrime fighting was already strained. This won’t help.
But even more concerning is the strong suspicion hanging over the case that it was orchestrated largely by convicted cybercriminal Pavel Vrublevsky. Vrublevsky founded a company called ChronoPay that had a reputation for supporting spammers and malware distributors. In 2013, he was convicted of hiring botmasters to launch a distributed denial-of-service attack directed at one of ChronoPay’s competitors, the payment firm Assist. Mikhailov was an expert witness in that case, which ended with Vrublevsky’s conviction.
According to security reporter Brian Krebs, who has reported extensively on Vrublevsky and ChronoPay for years, the “most likely explanation” for Mikhailov and Stoyanov’s prosecution was “a long-running grudge held by Pavel Vrublevsky.” This explanation—like the theory that Mikhailov and Stoyanov were involved in helping the United States investigate Russian interference in the 2016 elections—is purely speculative. But Krebs does have some fairly compelling evidence to back up his argument, including an interview he conducted with Vrublevsky in 2011 in which Vrublevsky accused Mikhailov of feeding information about ChronoPay to U.S. officials and threatened to hire someone to “tear him [Mikhailov] a new asshole.”
Back in 2010, when ChronoPay was being investigated, Vrublevsky also wrote an email to a co-worker accusing Mikhailov and Stoyanov of working with the FBI and Secret Service. And on top of all that, Vrublevsky himself told CNN in late February that he had testified in the case against Mikhailov and Stoyanov and that the two men “are directly responsible for the cyber hysteria eventually going as far as election meddling scandal.”
Regardless of what Mikhailov and Stoyanov were accused of doing, it’s disconcerting that Vrublevsky—who has himself been on the wrong side of the law and so obviously had it in for the two men—was responsible for, in his own words, confirming “the substance of the accusations.”
Krebs writes that he “would not put it past Vrublevsky to have somehow greased the wheels of this prosecution.” Meanwhile, one of Stoyanov’s defense lawyers, Inga Lebedeva, seemed to allude to the theory that Vrublevsky was somehow behind the prosecution when she told reporters that Stoyanov and Mikhailov “think that with their activity aimed against hackers they’ve stepped on someone’s toes.”
If he did in fact drive the prosecution of Mikhailov and Stoyanov, Vrublevsky would not be the first cybercriminal to have enjoyed a cozy relationship with the Russian government—in 2017, the New York Times reported that Russian intelligence operations relied heavily on information provided by infamous cybercriminal Evgeniy Bogachev, the operator of the notorious Gameover Zeus botnet, which distributed the CryptoLocker ransomware and enabled the thefts of more than $100 million. But by siding with Vrublevsky against two men who dedicated their careers to fighting cybercrime, the Russian government seems to be taking an even stronger stance on its embrace of domestic cybercriminals over law enforcement.
It’s no great surprise that the Russian government views Russian cybercriminals as closer allies right now than the people who are trying to aid international efforts to fight cybercrime. But it’s disheartening all the same. Russia has long held a radically different view of what constitutes cybercrime than the United States, and indeed most of the Western world. Instead of gradually reconciling those views and establishing stronger international partnerships to combat cybercrime, last month’s convictions make clear that Russia is pulling back even further from those partnerships by convicting the people who actually participated in them. It’s a bleak but important reminder that if the United States and its allies want to make serious headway on fighting cybercrime, they will have to do it on their own without waiting for greater international cooperation.