Weekly 2 October 2021

Cyber-CEO arrested

Hello! This week our top story is the arrest of prominent cyber-executive Ilya Sachkov on treason charges. We also look at what’s at stake in the new criminal case against jailed opposition leader Alexei Navalny, why YouTube could be banned, record COVID-19 deaths, a large batch of ‘foreign agents’ and unfounded accusations against The Bell.

Group-IB’s Ilya Sachkov arrested on treason charge

Ilya Sachkov, founder of one of Russia’s biggest IT companies, was arrested Wednesday in Moscow. The 35-year-old businessman is accused of treason, which carries a potential 20-year prison term. As the case is classified, there is little public information and several theories are circulating about why such a prominent figure ended up behind bars.

  • Sachkov, the CEO of Group-IB, is accused of giving data that includes Russian state secrets to fireugn intelligence agencies, a source told state news agency TASS. The source said the security breach involved the security services of several different countries and that counter-intelligence operatives from the Federal Security Service (FSB) were working on the investigation. Group-IB declined to answer questions, issuing nothing more than a statement protesting Sachkov’s innocence. Sachkov reportedly denies the charges.
  • The most popular theory for Sachkov’s arrest is one that links him to a high-profile treason case against Col. Sergei Mikhailov, the former deputy head of the FSB’s Information Security Center (TsIB). Mikhailov was jailed for 22 years in 2019.
  • Much about the Mikhailov case still remains unclear. But various sources told The Bell at the time that Mikhailov and three other defendants – Mikhailov’s former deputy Dmitry Dokuchayev, a senior manager at cyber-security firm Kaspersky Lab Ruslan Stoyanov and shadowy businessman Georgy Fomchenkov – identified Russian hackers implicated in the cyber-attack on the servers of the Democratic National Committee prior to the 2016 U.S. presidential election and passed this information to U.S. intelligence. In addition, Kommersant reported that Mikhailov and his co-defendants received $10 million for giving U.S. law enforcement information in a case against Pavel Vrublevsky, the founder of Russian payments company Chronopay, who was accused of cyber-crimes.
  • Sachkov was a witness for the prosecution in the Mikhailov case. According to Mikhailov’s lawyer Ruslan Golenkov, the Group-IB founder “gave false testimony that led investigators to believe Mikhailov was guilty of treason”.
  • Later, it emerged that Sachkov was indirectly involved in another U.S. cyber-crime case: that of Nikita Kislitsin, head of Group-IB department of network security. Kislitsin was indicted by a U.S. grand jury in 2014 on cyber-crime charges related to the sale of data stolen from users of the Formspring social network. Group-IB denied that its employee was involved in any hacking activities.
  • The U.S. Justice Department last year unsealed a 2014 indictment of Kislitsin and it emerged that, in order to avoid a jail sentence, Kislitsin had struck a deal with the U.S. authorities — testifying against several acquaintances (including Dokuchayev, who later featured in the Mikhailov case and, at the time, was working at the FSB). At the same time, Kislitsin stressed that Sachkov had agreed to the disclosure of this information to the FBI.
  • But there are also different explanations for Sachkov’s arrest that do not involve U.S. election hacking. A cyber-security source quoted by media outlet Forbes suggested that Sachkov was accused of treason because of information released by Group-IB to an Interpol investigation. “Someone asks you to share the results of an investigation, you hand over the data and it turns out that buried in there is something that should not be seen by others. Anyone could make a mistake like that and given the way Ilya picked fights with everyone, somebody might draw attention to that mistake,” the source said.
  • Another version for Sachkov’s arrest was given by another source quoted by Forbes  who suggested it might be part of an investigation into Vladislav Klyushin, the influential owner of cyber-security consultancy M13, who was arrested in Switzerland in March. Media reports suggested Klyushin is suspected of industrial espionage and insider trading.
  • A final theory was laid out by sources quoted by RBC who speculated the Sachkov arrest was linked to recent U.S. sanctions against the SUEX cryptocurrency exchange, which the authorities suspect of financing hackers. According to one RBC source, Sachkov has long “watched” the cyber-criminals linked to SUEX.

Why the world should care

Sachkov’s arrest is worrying news for the cyber-security sector and Russian business more broadly. Despite the myriad of different theories, it’s highly unlikely we will ever discover the details of the charges he is facing. Treason cases in Russia — particularly when they involve cyber-security issues and the FSB — tend to remain shrouded in mystery.

 

Navalny faces new criminal charges that would add years to jail time

Opposition figure Alexei Navalny’s prison sentence is due to end in mid-2023, but this week it emerged there are plans to keep him behind bars for far longer. The powerful Investigative Committee launched Thursday a case against Navalny and the other directors of his Anti-Corruption Fund. They all now face charges of creating and managing an extremist organization (which carries a jail term of up to 10 years).

  • To fund the activities of the extremist Anti-Corruption Fund, investigators claimed Navalny set up eight organizations, both non-profit companies and commercial firms, in co-operation with his allies Leonid Volkov and Ivan Zhdanov. Then, in 2017 they set-up the Navalny HQ movement with the apparent aim of “widening the scope of [their] criminal activity”. Volkov was in charge of Navalny’s HQ, the Investigative Committee said, and between 2014 and 2021, Navalny allies Lyubov Sobol, Georgy Alburov, Ruslan Shaveddinov, Vyacheslav Gimadi also took part. Navalny’s YouTube channel and social media accounts on Twitter, Instagram and Facebook linked to the organization were all designed to promote criminal activity, investigators said.
  • There are likely two main reasons for the new case. The first is to keep Navalny in jail (most of the remaining leaders of the Anti-Corruption Fund have long since fled abroad). The second is to target an ill-defined circle of individuals who helped or supported Navalny. In theory, even sharing a social media post by Navalny could now make someone liable to prosecution, several lawyers told The Bell.
  • This is the fourth time Navalny has faced criminal charges: he was previously accused of insulting a judge, embezzling donations and creating a non-profit organization that infringes human rights. “If they tot these up without any discount, it’s 23 years. Of course, they can always think of something else, but in any event the maximum cumulative sentence is no more than 30 years. So fear not, I’ll be free no later than the spring of 2051,” Navalny commented on Instagram.

Why the world should care

The new case against Navalny takes the Kremlin’s ‘cleansing’ of the political field to new extremes — and for many years to come. Those opposed to the current regime have desperately few legal means of expressing dissent.

 

YouTube in Russia under threat after RT channel ban

When YouTube blocked state-owned media outlet RT’s German-language channels Tuesday, accusing them of spreading fake news about coronavirus, the Russian authorities promised “retaliatory measures”. These could include the complete shuttering of YouTube in Russia — the Kremlin has more than one way of doing this.

  • YouTube deleted two of RT’s German language channels: DE channel and Der Fehlende Part. RT’s editor-in-chief Margarita Simonyan responded immediately, calling this a media war and urging the Russian authorities to impose sanctions against YouTube and ban German media organizations, particularly Deutsche Welle. The Russian Foreign Ministry backed Simonyan, calling YouTube’s actions “unprecedented informational aggression” and promising to help deliver retaliatory measures against both YouTube and German media organizations.
  • The following day, media watchdog Roskomnadzor threatened to block YouTube if the site did not restore the deleted RT channels. President Vladimir Putin’s spokesman Dmitry Peskov said Russia’s laws were “grossly violated” and accused YouTube of censorship. Peskov added YouTube could be forced to comply with Russian law and promised there would be “zero tolerance for violations”.
  • The Bell interviewed several IT experts, who all said Roskomnadzor has the tools to block YouTube in Russia. This could happen in several ways. The service could be placed on a blacklist of sites banned on Russian territory — obliging internet providers to block the sites. Or YouTube could be blocked through an internet filtering system developed as part of Russia’s ‘sovereign internet’ drive (Roskomnadzor successfully used this system last month to block the online presence of Navalny’s organizations). Or the authorities could oblige providers to disable Global Google Cache (GGC), through which the corporation’s traffic is served. If this was disabled, it would take several minutes to download YouTube clips.
  • The Russian internet faces big problems even if YouTube is slowed rather than blocked entirely. When the authorities attempted to slow down Twitter after it refused to delete banned content earlier this year, many government sites temporarily stopped working. The unintended consequences of deliberating slowing a site as huge as YouTube are impossible to predict (apart from an inevitable surge of interest in online services that can bypass the official restrictions).
  • YouTube ranks third in Russia among the most popular web resources after Google and home-grown search engine Yandex. It has 35.6 million Russian visitors every day, who spend an average of 51 minutes on the site. There is no Russian-made equivalent that is remotely comparable in terms of audience size or convenience.

Why the world should care

When RT’s news outlet in the U.S. was registered as the agent of a foreign government, the Russian authorities responded with their own law about foreign agents. However, the response was far more severe. In a similar way, the Kremlin’s involvement in a conflict between RT and YouTube means restrictions against video hosting in Russia are not only very likely, they could be far more draconian than many expect.

IN BRIEF

 COVID-19 deaths hit new record as 4th wave bites

Russia recorded more than 25,000 new cases of the coronavirus Saturday for the first time since mid-July. And the daily COVID-19 death toll hit a new record of 887 on Friday, the fourth day running it had reached such a grim milestone. The Kremlin has repeatedly ruled out a new nationwide lockdown, however, experience suggests such statements offer no guarantee further restrictions will not be introduced. Either way, this appears to be the start of a fourth wave of coronavirus in Russia — and the data suggests it will be a big one. Several regions have already introduced new restrictions: in Saratov Region, all schools have reverted to online learning, in Kursk Region there are restrictions on large events, and, next week, in Rostov Region employers will once again be expected to transfer at least 30 percent of their staff to remote working.

Record one-day addition to ‘foreign agent’ list and future victims

 

Russia made a record one-day addition to its official registers of so-called foreign agents Wednesday, slapping over 25 organizations and individuals with the Soviet-era label that entails a considerable financial burden. OVD-Info which, for 10 years, has been the primary source of information about detainees at protests in Russia was included on the list. As was independent media outlet Mediazona, a major source of information about Russia’s legal system and law enforcement agencies. Mediazona’s editor-in-chief, Sergei Smirnov, and its publisher, Pyotr Verzilov, were named as individual foreign agents. They were joined on the list by a further 20 individuals who work with election monitoring organization Golos.

Meanwhile pro-Kremlin activists are craving new victims. This Wednesday RT published an article about The Bell and its alleged foreign funding. The ‘informer-in-chief’ Alexander Ionov (we wrote about his campaign against The Bell last week) was quoted calling for The Bell’s founder Elizabeth Osetinskaya to be listed as a foreign agent. On the same day, U.S. company Investigative Studios Inc., from whom Ionov alleges The Bell receives funding, published a statement rejecting claims it received funding from the U.S. government.