With mystery surrounding the recent arrests in Moscow of several high-level Russian cybersecurity figures, speculation mounted Friday that one of the men may have been an informant who provided crucial information to the United States about Russian meddling in the U.S. election campaign.
The speculation came from two former employees of the National Security Agency, which intercepts, deciphers and analyzes the world’s electronic communications.
News of the arrests filtered out in reports beginning Wednesday and it has shaken the insular world of cybersecurity, espionage and cybercrime.
Among those arrested for suspected treason was Sergei Mikhailov, deputy chief of the cyber intelligence department of the FSB, Russia’s main security agency. The Russian newspaper Novaya Gazeta said Mikhailov had been detained in December, and led away with a sack over his head from FSB headquarters in Moscow.
Also arrested were a second FSB officer, Maj. Dmitry Dokuchayev, according to REN-TV, and Ruslan Stoyanov, a cybersecurity manager of Kaspersky Lab, a well-known cybersecurity firm. Stoyanov was in charge of the firm’s computer incidents investigations team. The company said Stoyanov was under investigation for activities before he was hired in 2012.
Dave Aitel, a former NSA research scientist who founded Immunity Inc., a firm based in Miami Beach that offers offensive measures for cybersecurity protection, said the Russian probe into the men likely had started long ago and its beginnings likely were unrelated to U.S. election hacking.
“When I talk to the guys over at Kaspersky and the Russians who are following this sort of thing, they point out very clearly that you don’t arrest a high-ranking FSB officer in, like, three days, the same way you wouldn’t arrest a high-ranking CIA officer in three days, no matter what evidence you have,” Aitel said.
The FSB is entrusted with certifying software to be used in Russia, and obtaining such licenses can involve corruption, especially for foreign firms wanting a foothold in Russia.
“This could be purely about corruption, is what the Russians are telling me, corruption that could weaken Russian national security, but corruption nonetheless,” Aitel said.
But Aitel and John R. Schindler, a former senior NSA executive who has been tweeting about the case, suggested that the arrest of Mikhailov may have a link to U.S. charges of Russian meddling in the U.S. election campaign, outlined in Dec. 29 and Jan. 6 unclassified public reports. Those dubbed the alleged Russian interference campaign as Grizzly Steppe.
Was Mikhailov a high-level informant for U.S. intelligence or that of an allied power? Aitel said he thought it possible, and if so that would amount to a “humongous loss.”
“The loss of a human source is always devastating, especially one at this level,” Aitel said in a telephone interview, adding that the U.S. intelligence community fought against releasing too much information in the reports to avoid such an outcome.
“If you think about it and you’re the Russians and you’re looking at the stuff we put out, the Grizzly Steppe stuff, that does not look like signals intelligence,” Aitel said, referring to electronic intercepts. “That looks like human intelligence. It looks like very, very high-placed human intelligence.”
Aitel said he thought the Russian probe was initially about corruption but later evolved. “It’s also possible that based on some of that information, plus the interrogation of those people, they were able to find our sources for the Grizzly Steppe information,” he said.
For his part, Schindler suggested that someone in the White House had tipped off the Russians.
“Trump enters WH, FSB immediately rolls up alleged moles who told IC about Kremlin interference in US 2016 election. Mmmmmmkay,” Schindler tweeted.
Fellow Democrats and many Republicans clamored last fall for then-President Barack Obama to release more information about an administration charge, first made Oct. 7, that Russian hackers were interfering in the election.
“Look, we will provide evidence that we can safely provide that does not compromise sources and methods,” Obama said at a Dec. 16 news conference. “But I’ll be honest with you, when you’re talking about cybersecurity, a lot of it is classified. And we’re not going to provide it, because the way we catch folks is by knowing certain things about them that they may not want us to know, and if we’re going to monitor this stuff effectively going forward, we don’t want them to know that we know.”
Now they may know.