Humpty Dumpty fell off. History and implications (updated)

Logo of the group "Anonymous International" or "Humpty Dumpty"

Last week, January 25, the media reported that the FSB had carried out the arrests of the head of the Central Security Bureau of the FSB Sergey Mikhailov and the top manager of Kaspersky Lab Ruslan Stoyanov. Both are accused of treason.

Article 275 of the Criminal Code, treason

High treason, that is, espionage committed by a citizen of the Russian Federation, extradition to a foreign state, international or foreign organization or their representatives of information constituting a state secret, entrusted to a person or made known to him by service, work, study or in other cases provided for by the legislation of the Russian Federation, or providing financial, logistical, consulting or other assistance to a foreign state, international or foreign organization, or their Representatives in activities against the security of the Russian Federation ...

According to the text of the criminal code, Mikhailov and Stoyanov face imprisonment from twelve to twenty years. At the same time, the representatives of the FSB openly said that Mikhailov “... is the best in his business. We can say that the CIB is Mikhailov. ”
')
On Saturday, information appeared about the arrest of the head of the Anonymous International group (known as “Humpty Dumpty”), which was engaged in distributing compromising materials to officials and their correspondence.

And these two detentions are directly related.

Restoring chronology

Information about the arrests began to appear in doses and in order of priority: the detention of a top manager of a large company specializing in information security and a high-ranking FSB officer. At that moment, parallels were actively drawn between Mikhailov and the corporate sector, with which his department (CIB - Information Security Center) closely interacts.

It seemed, obviously, how “sideways” Stoyanov, the top manager of Kaspersky Lab, appeared in this matter. Work with the corporate sector, accusations of treason and the rhetoric that has begun against Microsoft and Cisco on the part of the authorities that the RAEC structure based on companies opposes the adoption of a law on the security of the critical information infrastructure of the Russian Federation, better known as the law on cyber attacks, thoughts of lobbying the interests of the corporate sector from Mikhailov for a certain reward.

However, information about the arrest of the leader of the Anonymous International Vladimir "Lewis" Anikeev and his testimony made it clear that everything is much more complicated.

According to one version, Vladimir Anikeev was arrested during a special operation by the FSB at the airport of St. Petersburg at the end of October 2016. According to another, “Lewis” was caught while trying to enter the territory of the Russian Federation from the Republic of Belarus. Later he was transported to Moscow, where, according to representatives of the FSB, “literally during the second interrogation” he began to actively testify and cooperate with counterintelligence agents.

It was Anikeev who gave the FSB a tip to Mikhailov, who was detained in December 2016. Together with the head of the CIB FSB, the top manager of Kaspersky Lab was also detained.

According to life.ru , FSB officers found the servers of the Humpty Dumpty group in the south-east of Ukraine. They managed to find encrypted archives of data on the activities of the group, part of the stolen information files, as well as schemes for future developments of cybercriminals. One of the members of the Humpty Dumpty group admitted that the south-east of Ukraine was chosen as a territory poorly controlled by the country's special services, thanks to which the group planned to hide from the Ukrainian authorities for the longest time possible. All discovered and removed servers have already been delivered to the FSB laboratory for examination.

Vladimir "Lewis" Anikeev

The biography of the head of Anonymous International was published yesterday by Rosbalt, which was the first to report the arrest of Lewis.

Before becoming the founder of “Humpty Dumpty”, Anikeev worked for a long time as a journalist, had extensive contacts in various departments and had his own informants. He entered a new level in 2001 when he met a group of St. Petersburg PR people. It was then that, for the first time, Anikeev took up the collection of information and compromising information about officials and either transmitted the collected information to interested parties or blackmailed his goals and demanded a ransom for silence.

In 2002-2003, Anikeev began to "expand" and, in addition to the already existing channels for extracting information, began practicing hacking e-mails to representatives of government agencies and entrepreneurs. “Vladimir, through his channels, found the personal mailboxes of the“ objects ”and transferred them to various St. Petersburg hackers. Who among them was the first to “break” the mail received a good reward. The work was carried out simply with the help of phishing, ”own sources told Rosbalt. In the middle of the “zero” Anikeev broke a solid jackpot in the form of correspondence of a serious St. Petersburg official. The latter paid a large amount so that his data did not get into the Network. Over time, the activity Anikeeva came to the federal level.

After the founding of “Humpty Dumpty” and setting up work to stream information onto the stream, Anikeev left the Russian Federation and tried to appear as little as possible in the country. "Anonymous International" was housed in Ukraine and Estonia, from where he conducted his activities, also Anikeev often visited Thailand. However, the largest rewards for plums, or vice versa, for preserving information, were paid in cash in Moscow or St. Petersburg and Anikeev had to visit the capitals from time to time.

The main reason for the failure of Anikeev "Rosbalt" refers to the fact that his publications have become politically biased based on the preferences of the leader of "Humpty Dumpty" himself. Anikeev also behaved too greedily and did not enlist the support of a single major political group of the Russian Federation, constantly changing the “camp”, or even “oathing allegiance” at the same time to several of them.

As a result, in 2016, the FSB became interested in the activities of the “black PR man” and the CIB FSB was instructed to “process” the grouping of “Anonymous International”.

Sergey Mikhailov

The FSB FSB, headed by Sergey Mikhailov, deals with cybercrime, including in the field of e-commerce and the illegal dissemination of personal data. The activities of Anonymous International were precisely in their area of ​​responsibility.

Sergei Mikhailov did not differ much disgust or intelligibility in the methods of doing business. Back in 2007, he was seen in excess of official authority. Then, for his signature in the direction of the founder of Roem.ru, Yuri Synodov, a request was received for disclosing personal data of one of the site users. History repeated itself in 2011, which forced the Synodov to appeal to the Prosecutor General’s Office of the Russian Federation. According to the results of the proceedings in the supervisory authority, they concluded that the FSB had violated the law “On the operational-search activity”. The CIB was pointed out that such actions were unacceptable, as outlined in the document published by the Synods on Roem.



“I, perhaps, would not write about it - well, to hell with him, contact the FSB. But, first, I believe that a public analysis of these events will help in the future to avoid such weakly motivated attacks, and secondly, the scale of the phenomenon, it seems to me, is too large and affects any Internet business, ”wrote the Synods in 2011 .

In 2013, Mikhailov appeared in court in the case of a DDoS attack on the payment system Assist, as a result of which it was impossible to pay for tickets for a week on the site of its main partner, Aeroflot. Then it turned out that Mikhailov was personally acquainted with the defendant, the founder of the Chronopay service, Pavel Vrublevsky, who accused Mikhailov of slander and forging personal accounts with him. Then the FSB officer did not deny acquaintance with Wroblewski.

Treason and criminal collusion or internal disassembly of the FSB?

After receiving the order for the “processing” of the “Shaltai-Boltai” group, Mikhailov began operational work through a dummy agent — his subordinate and the “right hand” of Dmitry Dokuchaev (who was also detained by counterintelligence officers). According to the FSB, Mikhailov, instead of suppressing the activities of the group, became its “curator” and engaged in coordinating actions to find targets and extract information for subsequent sale.

It was after Mikhailov and his department got involved in the work of Anonymous International that the most serious “plums” of information followed. The main one is the publication of correspondence by the assistant to the President of the Russian Federation Vladislav Surkov.

After the appearance of information about the detention of Anikeev and his cooperation with the FSB, this was considered the main reason for the detention of the colonel and the top manager of Kaspersky Lab. In total, in the case of Humpty Dumpty six people were detained.

On the other hand, there is a version that the arrest of Mikhailov and his assistant with an accusation of high treason is the internal disassembly of the FSB, which resulted in “light”.

In addition to the CIB, in the structure of the FSB, there is a duplicate subdivision “Center for the Protection of Information and Special Communications of the FSB” (legally it is military unit No. 43753) under the leadership of Andrei Ivashko. However, the FSB notes that both of these structures, although they have overlapping areas of interest, have a different focus of their activities: the FSB FSC under the guidance of Mikhailov focuses on external activities, while the Center for Information Protection deals with issues within the state. For example, it ensured the protection of communication channels for transmitting information by the CEC during elections. In this case, the partial duplication of structures within the FSB is called normal practice:

“Duplication is purely pragmatic, there is no competition here. Units have different functions, but very often in some sectors they overlap. At the same time, any intersection is to a certain extent an increase in the level of information reliability, ”retired Major General of the FSB, former head of the Center for Public Relations of Special Services Alexander Mikhailov, said in a conversation with RBC .

“Full duplication in the special services never happens. One unit may be engaged in operational work, and the second - counterintelligence . They can intersect only at the level of the director of the FSB, ”retired Major General FSB Valery Malevanny added.

Major General in the remainder, Alexander Mikhailov, doesn’t believe in the version with “disassembly” between Sergey Mikhailov and Andrey Ivashko:

“The FSB has never had any internal squabbles that would lead to criminal prosecution. There is always the possibility of elementary change of managers, dismissals, changes in the structure of these conflicts to solve. I do not see any intrigue here. When two units cannot find a common language, this is allowed surgically and without using procedural measures. The FSB is a powerful force structure, where a clear vertical is built. Connecting third-party tools is stupid, ”he stressed.

Implications for the IT sector

The FSB FSB under the leadership of Mikhailov closely interacted with representatives of the country's IT sector. As acknowledged by the FSB employees themselves, Mikhailov became so closely integrated into the structure of the CIB that many people put an equal sign between him and the center. The colonel almost completely “tied up” all the work on interaction with IT companies and was the unofficial “curator of the Internet” in Russia.

If Mikhailov’s guilt in treason, overseeing the Humpty Dumpty group and draining the information of high-ranking officials of the state will be proved, it will compromise all the existing connections between business and government that were built by him.

For example, the arrest of Mikhailov coincided with claims by the FSB against RAEC to counter the adoption of the draft law “On Cyber ​​Attacks”.

“Do you remember the founders of RAEC (Russian Association of Electronic Communications)? I can call - the company Microsoft, the company Cisco. Similar legislation was adopted in the Federal Republic of Germany, Austria, and the United States, but for some reason, these corporations consider it necessary to implement these laws in that territory and not to implement them here. We believe that the wave of criticism is caused precisely by this, ”said Nikolai Murashov, deputy head of the relevant FSB center during the discussion of the draft law by the State Duma committee.

According to representatives of the law enforcement agency, the failure to adopt the draft law of the Ministry of Communications and Mass Media on the critical infrastructure of the Russian Internet by foreign companies is associated with a reluctance to bear the cost of compliance.

RAEC, a structure founded by Cisco and Microsoft and uniting more than a hundred IT companies operating in the territory of the Russian Federation, actively opposed the adoption of the aforementioned law. Thus, in the conclusion of the RAEC expert commission, it was stated that the law is technically and practically incorrect: “the Internet is not divided into“ segments ”on any“ national ”basis, especially in connection with an arbitrary set of domain names”.

In addition, the shadow fell on Kaspersky Lab, which for many years has been actively cooperating with security agencies and law enforcement agencies on information security issues.

Updated

The journalist of the Znak.com edition, Ekaterina Vinokurova, cites the following data on the Humpty Dumpty case:

Now filed a case of treason. My source close to the investigation says that new arrests are pending on the case. Firstly, there is a development of people connected with the arrested head of the Central Security Council of the Federal Security Service Sergey Mikhailov, in particular in the Moscow Department of the Federal Security Service. Secondly, the investigation is trying to establish a channel through which information received by hackers and transmitted to Mikhailov through Kaspersky Lab's employee Ruslan Stoyanov was transmitted through third hands to Western intelligence agencies (this is the version of the investigation). “Perhaps, for these purposes, third parties were used who traveled abroad as part of official delegations,” my interlocutor, who is familiar with the investigation, said. He also explained how the hackers of the Humpty Dumpty group were calculated: other hackers helped the security forces to track them down.

In addition, it is expected that officials will be dismissed, who voluntarily decided to cooperate with hackers to publish compromising materials on representatives of competing departments. Such facts are also discovered, the source says.

But the official position, they say, has changed again today. The basic version, which will be retransmitted - Mikhailov and Dokuchaev collaborated with the CIA and transmitted secret data. In total, four people were arrested in the case, and up to eight people were involved as accomplices. Four will pass as witnesses.

The themes of hacker attacks and betrayals seem to overlap each other in the case, but do not overlap. The whole group was connected with the fact that they were familiar with each other and related to IT-technologies and the field of information security.

At the same time, Mikhailov, apparently, is not considered as the main one in this chain.