Case May Tie to Arrest of Two FSB Officials on Treason Charges
Two Russian hackers, members of a group called “Shaltay-Boltai” – Humpty Dumpty in Russian – have been sentenced to serve three years in prison, according to the Russian Legal Information Agency, or RAPSI.
See Also: Effective Cyber Threat Hunting Requires an Actor and Incident Centric Approach
Alexander Filinov, aka “Mad Hatter,” and Konstantin Teplyakov, aka “March Hare,” were arrested by the Federal Security Service, or FSB, in November 2016. They were charged with illegal access to computer information under part three of article 272 of the Russian criminal code – specifically, “unauthorized access to computer information that caused major damage and committed by an organized group by prior conspiracy or by a person using his official position.”
Shaltay-Boltai, aka Anonymous International, was founded in mid-2013 and shot to fame in Russia in recent years after it began offering for sale stolen information – including emails – from high-profile Russian officials and media personalities, in part via the group’s blog.
After initially entering a not-guilty plea, Filinov and Teplyakov pleaded guilty to some of the charges against them, according to news reports.
Filinov’s lawyer, Natalya Zemskova, said that the judge’s decision to imprison her client in a penal colony – typically reserved for only the most serious types of charges – was unduly harsh and would form the basis of her client’s appeal, private Russian news agency Interfax reports.
Teplyakova’s lawyer, Anastasia Samorukova, told Interfax she does not yet know if her client will appeal the verdict.
Some materials relating to the case were deemed as being classified, leading to the case being heard in closed court. Judge Oleg Muzychenko only read part of his decision in open court when he sentenced the men, Interfax reports.
Testimony against the two men was provided by Russian citizen Vladimir Anikeev, aka “Lewis,” who admitted in court to being the leader of Shaltay-Boltai, which is sometimes spelled Shaltay-Boltay. In October 2016, Anikeev was lured from his home in Kiev, Ukraine, to Russia, where he was arrested by the FSB.
Earlier this year, Anikeev, who’s surname is spelled Anikeyev in some news reports, pleaded guilty to a single count filed against him – unauthorized access to e-mail of Sberbank’s Yevgeny (or Evgeny) Kislyakov – according to his attorney, Ruslan Koblev. On July 6, Anikeev was sentenced to serve a two-year prison sentence – a relatively light sentence, given the charges against him, according to some Kremlin watchers.
Anikeev also testified that some of the stolen information was altered before being offered for sale, Interfax reports.
Anikeev plans to appeal his verdict, his attorney has said. Because his crime was classed as being of medium severity, however, he’s already eligible for parole, the website Crime Russia reports.
Shaltay-Boltai Marketed Stolen Emails
The FSB says it’s continuing to trace buyers of the stolen correspondence sold by Shaltay-Boltai.
Russian news agency TASS reports that the group’s victims include:
- Prime Minister Dmitry Medvedev;
- Natalia Timakova, Medvedev’s press secretary;
- Deputy Prime Minister Arkady Dvorkovich;
- Timur Prokopenko, an influential Kremlin official;
- Aram Gabrelyanov, a Russian media mogul;
- Dmitry Kiselev, CEO of RT, formerly “Russia Today”;
- Andrei Belousov, presidential aide;
- Yevgeny Kislyakov, an official at state-owned Russian bank Sberbank
For example, Shaltay-Boltay advertised Kislyakov’s emails, dated from August 2013 to February 2016, for $70,000, while it sold Morozova’s email correspondence from 2008 to 2016 – totaling 11,000 emails and 13 GB of data – for $96,000 to at least one unknown customer, Crime Russia reports.
Humpty Dumpty Gang: Six Suspects
According to news reports, a fourth suspected Shaltay-Boltai member, Alexander Glazastikov, fled abroad.
In May, Russian news agency Rosbalt reported that the FSB had identified a fifth suspected member of the group, a journalist named Andrei Nekrasov. He’d been detained in Cyprus in 2015 on a Russian arrest warrant, but the Cypriot government instead sent him to Lithuania, where he was granted political asylum.
In 2015, Nekrasov issued a thank you to his supporters, writing: “As soon as I was arrested, I was fully aware that, if I were sent back to Russia, there would be no chance that the courts would consider the trumped-up charges against me in an objective manner,” and that he’d feared spending 15 years or more in prison.
The FSB has also identified a sixth suspected member of Shaltay-Boltai, who is in hiding abroad, Interfax reports. Based on news reports, this may be Ukrainian national Irina Shevchenko, aka “Alice,” who’s the girlfriend of Anikeev, the group’s leader. She’s listed as being “wanted” by the FSB.
Case May Tie to Treason Investigation
The October 2016 arrests of the three suspected Shaltay-Boltai members have been linked in some news reports to a Russian treason investigation. On December 4, 2016, the FSB arrested Col. Sergei Mikhailov, deputy chief at the FSB’s Information Security Center – known as the CDC; and Mikhailov’s deputy, Maj. Dmitry Dokuchayev; as well as Ruslan Stoyanov, who was head of the computer incidents investigations team at Moscow-based Kaspersky Lab and who reportedly served as a liaison between the company and Russian security services.
But Russian attorney Ivan Pavlov, who’s representing one of the two FSB officials who have been charged – he’s declined to say which one – says their case has no connection to Shaltay-Boltai.
Some Kremlin watchers, however, question whether authorities have been trying to use the Shaltay-Boltai case to distract from the treason investigation. Notably, news about the suspected Shaltay-Boltai members’ arrests only came to light after the FSB officials and Kaspersky Lab employees’ arrests became public knowledge.
According to Anikeev’s attorney, Ruslan Koblev, however, his client denies knowing Mikhailov or Dokuchaev, and said their arrest – as well as the arrest of the Kaspersky Lab employee – has nothing to do with his case.