Prisoner of Thor

The story of the detention of a Moscow mathematics teacher Dmitry Bogatov on charges of two serious crimes shook not only the Russian IT crowd, but also many foreign geeks and supporters of open source software. According to the investigation, Dima under the account “Ayrat Bashirov” posted messages on the site sysadmins.ru calling for the implementation of terrorist activities and aimed at organizing mass riots. Dima denies writing these messages. When the wife and mother of the arrested person turned to RosKomSvoboda with a request to help, we, of course, could not refuse them and immediately joined in the work on his defense.

On April 20, our lawyer Sarkis Darbinyan met with Dima in “Matrosk”, took part in investigative actions and found out all the details of the case to work out an effective protection strategy. The unjustified restriction of his freedom, like the entire IT community, is very worrisome. He not only used open source software and was an adherent of the ideas of free distribution of information, but also tried his best to make his personal contribution to the development of open technologies.
')
So he first became the manager (coordinator) of the Debian project, the operating system from the Linux family, hoping to become a developer someday, and in 2015 he opened his own Tor relay, the so-called “exit node”. It is the output node that allows users of the Tor network to access the global network after the chain of connections between the machines inside the system and is the most vulnerable, since it uses the IP address of the latest machine to access specific sites and content on the Internet.

Why "be a Tor node"?

After Bogatov’s arrest, many ask why he even opened the Tor exit node at home. Didn’t he himself realize that it was dangerous?

Dima explains this by the fact that he was always interested in programming and was particularly attracted to the technology of the second generation onion router. At one point he simply wondered if he could lift his own knot. And he did it. In 2015, its node began to be reflected on the Atlas map ( atlas.torproject.org ) as a constantly working output node. In general, according to Tor, 37 “weekend nodes” are working in Russia today. Of course, it is possible to suspect all administrators of such nodes either in the absence of critical thinking, or in direct involvement in a chain of dubious digital transactions, which are increasingly being carried out by special services of different countries to compromise the network. But, of course, everything works wrong.

Tor is a non-profit, decentralized project. The system is administered by the volunteer participants themselves, who provide their computing power for free to work on the network by all other Tor users. Especially, those groups of users who need it so much - in countries with repressive regimes and rigid censorship. In terms of its contribution to the work of the Tor network, Russia ranks 10th in the world.

Of course, Dima heard about the few cases when in America and Europe, law enforcement agencies asked questions to exit-node owners in cases when nodes were used to commit some criminal acts on the network. However, in all such cases, it was usually either about the interrogation of the owner of the node as a witness, or about the temporary seizure of equipment. Undoubtedly, Dima would be ready to provide information and his computer, in case of a corresponding request from the bodies that carry out operational search activities.

But he never, like any of us, could imagine that the contents of Tor’s “exit node” and the purely technical participation of his computer in the information exchange chain on the Internet could lead to real arrest and accusation of committing such serious crimes as organizing mass riots and calls for terrorism.

Naturally, this is not the first time that Tor has become interested in law enforcement in Russia. But this is the first time that the pre-investigation check related to Tor immediately turned into a criminal case. On one of the Russian sites, we found a message two years ago one of the administrators of the exit node, who reported that people in uniform were inviting him for a conversation due to the fact that a letter was sent to Vnukovo airport using his IP address, with a message about the pledged explosive device. The case then dealt with the FSB. After checking the computer, nothing interesting could be found there, in connection with which all claims were removed from the administrator node, and his computer was returned. Unfortunately, Dima became a participant in a completely different scenario. Investigators broke into his house at night, without any explanation of the reasons, carried everything out, and took the suspect himself into custody at the second attempt.

IP Charge

Initially, mathematics was accused of calling for riots (part 3 of article 212 of the Criminal Code of the Russian Federation). After retraining a crime, the investigation accuses Dima Bogatov of trying to organize mass riots (part 1 of article 30, part 1 of article 212 of the Criminal Code of the Russian Federation) and public calls for terrorism (part 2 of article 205.2 of the Criminal Code of the Russian Federation).

The entire accusation is based only on the fact that, according to logs received from the site owner, on the day of publication of the “dangerous” messages that were posted via the “Ayrat Bashirov” account (ID135558), this account was entered from the IP address owned by dima. Based on these data, the investigation concludes that, once the input was made from this IP address, the other publications of “Ayrat Bashirov” were made by Dima Bogatov.

At the same time, the investigation completely ignores the fact that “Ayrat Bashirov” accessed the site on that day not only from Dima’s Moscow IP address, but from five different places, including Vladivostok, Japan, Holland, Great Britain and Podolsk near Moscow, Dima himself has an iron alibi. At the time of publication, he was with his wife in the gym, as evidenced by the video provided by the security of the fitness center.

In fact, apart from the IP address for bringing such a serious accusation, there is nothing. At present, computer technical expertise has been appointed at the EKC of the Ministry of Internal Affairs of the Russian Federation and linguistic expertise at the Russian Academy of Sciences. In addition to questions about the presence of traces of extremist materials on the seized computers, the investigation of course wants to know much more. Were there any “pirated” materials on the computer, child pornography, were it logged in to sites from Roskomnadzor registries, etc.

At present, the preliminary investigation of the case is continuing as part of an investigative group of three persons at the Main Investigation Department of the Investigative Committee of the Russian Federation in Moscow, headed by investigator for particularly important cases Felix Sabanov.

The elusive “Ayrat”

After the arrest of Dima, the person hiding under the nickname “Ayrat Bashirov” (in honor of the eponymous system administrator from Ufa) continued to post on the site sysadmins.ru, where the controversial publications were posted. Journalists have already managed to talk to him and find out some details. In a comment to Mediasone, he confirmed that he really used Tor and that he was ready to help the defense get Dima out of the criminal case.

In a private conversation, “Ayrat Bashirov” admits that he regrets that because of his virtual “tomfoolery” an innocent person really suffered. Therefore, it promises that it will try to help with all its might. Of course, the best help in this case would be a confession in accordance with Article 142 of the Code of Criminal Procedure, but the interlocutor is not ready for that. We are currently negotiating with him in order to understand what real help he can provide in presenting written evidence of Bogatov’s innocence.

On Tuesday, April 25, in the Moscow City Court, the appeal will be heard as the restraint in the form of taking into custody.

Sarkis Darbinyan, lawyer Dima Bogatov, leading lawyer of Roskomsvoboda , head of the Center for the Protection of Digital Rights :

“The grounds for the prosecution are as ridiculous as the reasons for the arrest of Dima Bogatov during the preliminary investigation. The whole accusation is based only on the fact that one of the IP addresses from which a certain “Ayrat Bashirov” got access to the account on the site where, according to the investigation, calls to terrorism were posted belonged to Dima. Indeed, for two years, Bogatov worked for Tor's “exit node” (exit-node), and he never hid it. Having a Tor exit node at home is legal. Investigators persistently ignore the fact that the entrance to the site on this day was carried out not only from IP belonging to Dima, but also from five different places, from Japan to Podolsk. The investigators are also not confused by either the 100% alibi or the fact that after the arrest of Dima Bogatov, “Ayrat Bashirov” continued to publish publications on the site.

We hope that the appellate court will show more attention to detail and will see that Dima Bogatov does not pose any social threat and never intended to leave his native city. Taking Dima into custody is clearly a disproportionate measure of restraint. We will also demand a complete cessation of the case against Dima on rehabilitating grounds in view of the non-participation of our client in the commission of the alleged crimes. And we will certainly prove it. ”

If Dima Bogatov is convicted, it will mean that a criminal case can be opened against any owner of unprotected or compromised Wi-Fi for committing cybercrime, as well as crimes related to the dissemination of information on the Internet. This will mean that even a person whose computer has become infected and used in criminal botnets without the knowledge of the computer owner can be held accountable.

But we will do our best to prevent this from happening.

UPD.1
On a special page dedicated to information about the process of the process over Bogatov ( FreeBogatov.org ), there is a list of how you can personally support Dima:

1. Spread information about the case
The more attention is attracted, the greater the chance that Dmitry will be released.

2. Participate in fundraising
Dmitri's family needs help with legal fees and other expenses.
Translate into BTC: 1DAQicntXrUquSytKrobL5j6NzpgjeFWXo

3. Write him a letter with the words of support
Dmitry is in a pre-trial detention center, access to information from him is limited. Letters are practically his only connection with the outside world and it is important for him to know that he is supported. You can do this on the site of the project RosUznik (expenses are paid by RosUznik) or independently, using the service of the Federal Penitentiary Service ( LETTER) (you will have to pay a small fee). The recipient is Bogatov Dmitry Olegovich, 1992 year of birth, Moscow, SIZO-1 Sailor’s silence.

4. Start Tor relay with a nickname containing Bogatov or KAction.
Instructions are posted on the Tor Project website . You can run the relay at home (In this case, it is recommended not to exit it as a relay, then it will only participate as the first or second in the chain and there will be no negative activity from your IP address. You can also limit the speed if you do not want to give full channel.) or by renting a server.
Here is a list of hosters whose activists tried to launch a relay.

UPD.2
Dmitry Bogatov left under arrest - Moscow City Court rejected the appeal