This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.nytimes.com/2017/01/27/world/europe/russia-hacking-us-election.html

The article has changed 3 times. There is an RSS feed of changes available.

Version 1 Version 2
Russian Charged With Treason Worked in Office Linked to Election Hacking Russians Charged With Treason Worked in Office Linked to Election Hacking
(about 9 hours later)
MOSCOW The authorities in Moscow are prosecuting at least one cybersecurity expert for treason, a prominent Russian criminal defense lawyer confirmed on Friday, while a Russian newspaper reported that the case is linked to hacking during the United States presidential election. WASHINGTON Ever since American intelligence agencies accused Russia of trying to influence the American election, there have been questions about the proof they had to support the accusation.
While surely touching a nerve in American politics, the developments in Moscow left a still muddled picture of what, exactly, a series of arrests by the security services here signifies. But the news from Moscow may explain how the agencies could be so certain that it was the Russians who hacked the email of Hillary Clinton’s campaign and the Democratic National Committee. Two Russian intelligence officers who worked on cyberoperations and a Russian computer security expert have been arrested and charged with treason for providing information to the United States, according to multiple Russian news reports.
But the virtually simultaneous appearance of at least four prominent news reports on the hacking and several related arrests, citing numerous anonymous sources, suggests that the normally opaque Russian government intends to reveal more information about the matter, though it is unclear why. As in most espionage cases, the details made public so far are incomplete, and some rumors in Moscow suggest that those arrested may be scapegoats in an internal power struggle over the hacking. Russian media reports link the charges to the disclosure of the Russian role in attacking state election boards, including the scanning of voter rolls in Arizona and Illinois, and do not mention the parallel attacks on the D.N.C. and the email of John Podesta, Mrs. Clinton’s campaign chairman.
In the waning weeks of the Obama administration, American federal intelligence agencies released a report asserting the Russian government had hacked into the computers of the Democratic National Committee and the chairman of Hillary Clinton’s campaign, John D. Podesta, stealing and releasing to WikiLeaks emails intended to damage Mrs. Clinton and help President Trump win the election. But one current and one former United States official, speaking about the classified recruitments on condition of anonymity, confirmed that human sources in Russia did play a crucial role in proving who was responsible for the hacking.
But the unclassified version of the report offered only thin corroborating information, many independent analysts have said. The treason arrests in Moscow hint at a possible human intelligence source in at least one hacking episode, the intrusion into state electoral boards in Arizona and Illinois. The former official said the agencies were initially reluctant to disclose their certainty about the Russian role for fear of setting off a mole hunt in Moscow.
The confirmation by the Russian lawyer, Ivan Pavlov, in written answers to questions from The New York Times, was the closest so far to a formal acknowledgment that the Russian government has detained suspected spies within the cyberbranch of its Federal Security Service, or F.S.B., the main successor to the K.G.B. The public disclosure of the arrests, and the severity of the treason charge, come at a delicate moment for President Trump.
Mr. Pavlov declined to identify his client or elaborate on the reason for the indictment for “betraying the state,” punishable by up to 20 years in a penal colony. He has been loath to accept the intelligence agencies’ conclusion that Russia tried to help him win, which he sees as part of an effort to delegitimize his election.
Kommersant, a Russian newspaper, first reported Wednesday on what the Russian news media are calling a purge of the cyberbranch of the F.S.B. that was conducted in early December. The Russian role will loom over the conversation with Mr. Putin that Mr. Trump is scheduled to have on Saturday since it was the Russian president who James R. Clapper Jr., the former director of national intelligence, told Congress ordered the hacking and leaking.
It reported that the Directorate for Internal Security, the agency’s internal affairs bureau, arrested Sergei Mikhailov, a deputy director of the Center for Information Security, the agency’s cybersecurity arm, and Ruslan Stoyanov, a senior researcher at a prominent cybersecurity company, Kaspersky Lab. One topic of the phone conversation is likely to be the sanctions that the Obama administration imposed on Russia, including ones that were imposed in December in retaliation for the election hacking.
Novaya Gazeta, a respected Russian opposition newspaper, reported Friday that the internal investigation led to two other arrests, and that all of the detentions were related to American investigations into Russian hacking during the election. For months, Mr. Trump rejected the finding that Russia was behind the hacking, accusing the intelligence agencies of incompetence and political bias. After a classified briefing in New York a month ago, he grudgingly accepted that Russia had a role, while playing down the hacking by noting that China and other countries also hacked the United States.
The newspaper’s report, based on unnamed sources, said the F.S.B. began the internal investigation after news media reports that a United States cybersecurity company, ThreatConnect, had linked the election hacking to a Siberian server company. That company, King Servers, was otherwise used largely for criminal and marginal cyberactivities, such as distributing pornography and counterfeit goods, by the admission of its owner. Steven L. Hall, a former C.I.A. head of Russian operations, said it was “very tempting and certainly reasonable” to connect the arrests to the American intelligence findings.
The report said the investigation led to Mr. Mikhailov, a senior officer involved in tracking criminal cyberactivity in Russia. But he added a cautionary note: “The rule of law doesn’t apply in Russia, and they manipulate the law to do whatever they want to do. So what they call treason may not be what we call treason.”
Both Novaya Gazeta, an outlet for the liberal opposition, and Tsargrad, a hard-line nationalist publication, reported that the F.S.B. made a brutal show of his arrest. Mark Galeotti, a Russia expert at the Institute of International Relations in Prague, noted that the intelligence agencies’ report on the election attack found with “high confidence” that Russia had carried out the election attack, which involved fake news stories and propaganda as well as the hacks and leaks.
Agents arrested Mr. Mikhailov with a theatrical touch, placing a bag over his head in the midst of a congress of senior intelligence agency officers in Moscow and leading him from the room, the two publications reported. “It was always pretty obvious that they had more than just the computer evidence,” Mr. Galeotti said. “The arrests are a big deal.”
The arrests, according to reports by the Russian newspaper Kommersant and Novaya Gazeta, among others, were made in early December and amounted to a purge of the cyberwing of the F.S.B., the main Russian intelligence and security agency.
Those arrested by the agency’s internal affairs bureau included Sergei Mikhailov, a deputy director of the Center for Information Security, the agency’s computer security arm, and Ruslan Stoyanov, a senior researcher at a prominent Russian computer security company, Kaspersky Lab.
A nationalist publication, Tsargrad, and RBC, a respected business newspaper, identified on Friday a third suspect, Dmitry Dokuchayev.
Described as a former hacker who used the online pseudonym Forb, Mr. Dokuchayev had agreed to work for the F.S.B. to avoid prosecution for credit card fraud, a rampant crime in Russia.
RBC also reported an alternative theory about the counterintelligence investigation, saying it may have begun after a hacking group, Shaltai Boltai, or Humpty Dumpty, stole the emails of a senior Russian official a year ago. By this account, the investigation of email theft led to Mr. Dokuchayev.
Both Novaya Gazeta, an outlet for the liberal opposition, and the hard-line nationalist Tsargrad reported that the F.S.B. added a theatrical touch to the arrest of Mr. Mikhailov.
Agents arresting the suspected spy placed a bag over his head in the midst of a congress of senior intelligence agency officers in Moscow and led him from the room, the two publications reported.
“The arrest was certainly colorful,” Tsargrad’s report said. “Mikhailov was led from the congress of F.S.B. colleagues with a bag on his head.”“The arrest was certainly colorful,” Tsargrad’s report said. “Mikhailov was led from the congress of F.S.B. colleagues with a bag on his head.”
Still, the fragmentary information about the arrests seemed, as is so often the case here, little more than shadows cast on a wall of real, unseen events taking place out of public view. The virtually simultaneous appearance of at least four prominent news reports on the arrests, citing numerous anonymous sources, suggested that the normally opaque Russian government wanted the information out, though it was unclear why.
The hints suggested to some analysts that the Russian government may be signaling that it might, however indirectly through a treason trial, reveal details of election hacking, which have the potential of damaging the administration of Mr. Trump. A prominent Russian criminal defense lawyer on Friday confirmed that the authorities in Moscow were prosecuting at least one computer security expert for treason.
“They are suggesting it is true, and furthermore, they can prove as much,” Kenneth Geers, a former cyberanalyst with the Department of Defense and an authority on Russian signals intelligence tradecraft, said of the Russians possibly revealing details of their own operation. The confirmation by the Russian lawyer, Ivan Pavlov, in written answers to questions from The New York Times, came the closest so far to a formal acknowledgment of the arrests.
“They could increase the pressure on Trump in the United States by suggesting he is an illegitimate president,” Mr. Geers said, by simply verifying parts of what United States intelligence has already asserted that Russia did. “That would seem to put tremendous pressure on the White House.” Mr. Pavlov declined to identify his client or elaborate on the reason for the indictment for “betraying the state,” punishable by up to 20 years in a penal colony.
Another, somewhat counterintuitive suggestion is that by documenting its role in the electoral hacks, the Kremlin could serve its foreign policy interests by underscoring the extent and power of its reach in the world. The Russian Foreign Ministry has denied any role in the hacking. The report in Novaya Gazeta said the F.S.B. began the internal investigation after news media reports that a United States cybersecurity company, ThreatConnect, had linked the election hacking to a Siberian server company.
That company, King Servers, was otherwise used largely for criminal and marginal computer activities, such as distributing pornography and counterfeit goods, by the admission of its owner.
The report said the investigation led to Mr. Mikhailov, a senior officer involved in tracking criminal computer activity in Russia.
The hints suggested that the Russian government may be signaling that it might, however indirectly through a treason trial, reveal details of election hacking, which would have the potential to damage Mr. Trump’s administration.
But there is another explanation, if something of a counterintuitive one: Documenting a Russian role in the electoral hacks could also serve Moscow’s foreign policy interests by underscoring the extent and power of the Kremlin’s reach in the world.
Cyberattacks, mixed with information warfare, have proven a vital tool for the Kremlin, used in Europe and the Baltics before the attack on the United States election. And now, there is evidence of new meddling in France and Germany, both of which have major elections this year.
The Russian Foreign Ministry has denied any role in the hacking.
ThreatConnect, the cybersecurity company that released the report about King Servers, said its analysis was based on information published by the F.B.I.ThreatConnect, the cybersecurity company that released the report about King Servers, said its analysis was based on information published by the F.B.I.
The investigation into King Servers began after the hacking of state electoral board computers in Arizona and Illinois from June until August of last year. The F.B.I. published eight internet addresses used in those attacks.
ThreatConnect then identified six of the eight addresses as originating from servers in Dronten, the Netherlands, owned by King Servers and run by Vladimir M. Fomenko, a 26-year-old living in a remote town in Siberia near the border with Mongolia. In an interview in September, Mr. Fomenko denied any role in the electoral hacking, but conceded clients who had rented his servers may have used them for that purpose.
ThreatConnect declined to comment after the arrests in Moscow.ThreatConnect declined to comment after the arrests in Moscow.
Deepening the sense of intrigue in Moscow, Tsargrad, the nationalist publication, and RBC, a respected business newspaper, identified on Friday a third suspect, Dmitry Dokuchayev. Described as a former hacker going by the pseudonym Forb who was recruited by the F.S.B., Mr. Dokuchayev had agreed to work in the Center for Information Security to avoid arrest for credit card fraud, a rampant crime in Russia.
RBC also reported an alternative theory about the entire counterintelligence investigation, saying it began after a hacking group, Shaltai Boltai, or Humpty Dumpty, stole the emails of a senior Russian official a year ago.
That investigation of email theft led to Mr. Dokuchayev, the former hacker turned F.S.B. employee, the newspaper said, in a version that would seem unrelated to the United States election hacking.
In a 2004 interview with Vedomosti newspaper, apparently before his reported recruitment by the F.S.B., Mr. Dokuchayev openly described himself as a hacker, believing that “information should be free” and calling his “crowning achievement” the hacking of an unspecified United States government website.