Lubyanka FSB Headquarters

Russia’s FSB Cybersecurity Team Implodes

Christopher Burgess Blog, Russia

While the world was watching the United State’s election and the debate over whether or not the Russian’s hacked the DNC and influenced the election, the Russian Federation was engaged in some of their own housecleaning.


A followup report to this post has been filed 28 January 2017:   Russian FSB Cybersecurity Implosion Continues With More Arrests

The Federal Security Service of the Russian Federation (FSB; Russian: Федеральная служба безопасности Российской Федерации (ФСБ)) was cleaning house within their Information Security Centre (CDC)  – their cybersecurity team.  Western media, drawing predominantly from a Kommersant article of 25 January, “Lubyanka Consultant floating in Lefortovo” learned that two individuals, one who was the deputy director of the the FSB cybersecurity team, and another a senior manager within Kaspersky Labs, had been arrested. While the FSB has not released the charge sheet, they have noted that the two are being held on “suspicion of violation of Art. 275 of the Criminal Code ( “treason”)” and unidentified non-official sources of Kommersant, framed the investigation is looking into the allegation that the individuals received money from foreign companies.  There is more to the story.

Prevendra - Humpty DumptyIt is alleged, deputy director of the FSB CDC, Sergey Yuryevich Mikhailov, is associated with the Russian hacking group Humpty Dumpty (Шалтай-Болтай) which over the course of the past few years has been doxing (sharing personal data) of members of the Putin administration, to include Prime Minister Medvedev and Deputy Prime Minister Dvorkovich.  It is further alleged Mikhailov and a professional colleague of his Ruslan Stoyanov, a senior Kaspersky Labs employee, with whom Mikhailov regularly collaborated, feathered their nest by sharing data, which they harvested with western companies.

The FSB CDC’s director, Andrei Gerasimov, who was eligible to retire, is believed to have done so in mid-January 2017. The assumption within Russian media being, the accelerated retirement was directly related to his deputy, Mikhailov having been arrested.

Always one for drama, the FSB did not disappoint. Multiple media outlets are reporting that the arrest of Mikhailov was taken straight out of the pages of the USSR era. Mikhailov was in a staff meeting, when he was bagged (bag over his head) and dragged unceremoniously from the building.

So what’s really going on?  Whether or not the relationship to Humpty Dumpty is confirmed, Russia media is associating Humpty Dumpty with the CIA (Central Intelligence Agency), based on nothing more than, “because, who else?”

FSB's cybersecurity team upheaval - they secure #Russia elections Click To Tweet

The FSB’s Paul Wroblewski Investigation

What is clear, is that the linchpin between Stoyanov and Mikhailov is the on-again off-again investigation into ChronoPay owner, Paul Wroblewski. And during this investigation the turf war between the FSB CDC and the special communications group within the FSB (aka Military unit No. 43753). The latter group’s remit covers use of cryptographic equipment and securing Russia’s electronic voting (the irony for a reader in the US is off-the-charts).

Mikhailov is quoted as saying turf wars are handled surgically – he might be right.

[x_pullquote cite=”Sergei Mikahilov” type=”left”]“The FSB has never existed internal squabbles that would lead to criminal prosecution. There is always the possibility of elementary by change leaders, layoffs, changes in the structure of these conflicts to solve. I do not see any intrigue. When two units are unable to find a common language, it is resolved surgically and without the use of procedural measures. The FSB — the powerful power structure, where the creation of precise vertical. Inclusion of third party tools is stupid”[/x_pullquote]

Sberbank’s desire to build an all-inclusive national database of personal data and to have interviewed Mikhailov for this role, may have been a red herring, designed to elicit information from Mikhailov on the means to acquire that information which may not be readily available within the already impressive Russian government databases. One can only speculate, until the charge sheets are released, on whether or not the Sberbank discussions provided grist for this fire. 

We’ll keep an eye out for the FSB updates. We expect to see the musical chairs within the FSB’s Information Security Center to continue and additional information which may confirm or refute the existence of a “very special relationship” with Kaspersky Labs to be leaked, as the Russian media is spinning up like sharks who taste blood in the water.


Let’s meet the individuals:

Sergei Mikhailov

Prevendra - Sergei Mikhailov

Sergei Mikhailov

Sergey Yuryevich Mikhailov (Сергей Юрьевич Михайлов) the deputy head of the FSB’s CDC. The CDC oversees all of the official Russian efforts against cybercrime in Russia. This includes theft of credit and financial information, personal data leakage, and monitoring of social networks.

It is reported (Constantinople Network) that Mikhailov had been meeting with the leadership of Sberbank, to take a role reporting to Sberbank’s Herman Gref. The role at Sberbank was to create a new online service, and to build the national database of personal data. It should be noted, that Gref is considered to be a moderate within Putin’s circle.

Ruslan Stoyanov

Prevendra: Ruslan Stoyanov

Ruslan Stoyanov

Ruslan Stoyanov (Руслан Стоянов) a senior manager within Russian based “Kaspersky Lab” leads one of the departments within Kaspersky. Prior to his joining Kaspersky, Stoyanov worked as a manager within Moscow police’s cybersecurity “K-control” team. He managed the “special” technical capability of  he worked in the management of special technical activities of the Moscow police. In his role, he worked closely with the FSB and other Russian security elements.

Kaspersky Labs has emphatically distanced themselves from Ruslan Stoyanov and his arrest, Kaspersky’s PR representative, Maria Shirokov, notes the activities about which he is charged, pre-date his being hired by Kaspersky Labs; that Stoyanov is not part of the company’s leadership team, but is a department head. Russian media notes that Stoyanov worked closely with the FSB’s CDC and enjoyed the trust of the Russian Federation, having been made privy to a great many state secrets.

Stoyanov held the rank of Major within the special technical activities group of the Moscow police ( “K” control) prior to joining Kaspersky.

Andrei Gerasimov

Andrei Gerasimov, director of the FSB CDC is believed to have submitted a mid-January resignation/retirement (some call ejection) as a result of his deputy, Mikhailov’s early-December arrest.


Lubyanka and Lefortovo Prison

Prevendra: Mosco Lefortovo Prison

Moscow Lefortovo Prison

Prevendra - Lubyanka - FSB Headquarters

Lubyanka – FSB Headquarters

For now, the two are being shuttled between FSB headquarters at Lubyanka and Lefortovo Prison.

Lefortovo Prison is etched in the minds of every Russian as perhaps the most frightening locale in Russia, given its association with Stalin’s NKVD and the FSB’s predecessor, the KGB. Lefortovo Prison, was built in 1881, and is best known for its history as being the place of bloody and brutal interrogations and executions during Stalin’s Great Purge is well known. During the final years of the Soviet Union, the KGB used Lefortovo as an investigative isolator center where they detained political prisoners. The bottom line, there is no worse place to sit in Russia, than an interrogation room within Lefortovo Prison.


A followup report to this post has been filed 28 January 2017:   Russian FSB Cybersecurity Implosion Continues With More Arrests


Russian media is spinning up like sharks who taste blood in the water - FSB Cybersecurity shakeup Click To Tweet

Prevendra's Email Updates
Get the latest content first.
100% Privacy. We don't spam.