On Russian Treason

Yesterday, several reports revealed that a top Kaspersky employee, Ruslan Stoyanov, had been arrested in December on treason charges, along with a top FSB officer. The news has led many people to assume — as Paul Rosenzweig did here that Stoyanov was a source for the dossier on Donald Trump. And the timing of Stoyanov’s arrest — reportedly some time in December — may coincide with the suspicious death of another person who might be tied to the dossier, Oleg Erovinkin.

That may well be the case. But perhaps not in an obvious way. Kaspersky, at least, claims that Stoyanov is under investigation for things that pre-date his start at Kaspersky, so 2012 or earlier.

This case is not related to Kaspersky Lab. Ruslan Stoyanov is under investigation for a period predating his employment at Kaspersky Lab. We do not possess details of the investigation. The work of Kaspersky Lab’s Computer Incidents Investigation Team is unaffected by these developments.

Moreover, there’s not anyone in the dossier that obviously fits the description of Stoyanov.

That said, there is a tie between Kaspersky and what is assumed to be the DNC hack. On January 8, Shadow Brokers — the entity that dumped a bunch of NSA hacking tools and targets on the web — announced it would sell a bunch of tools targeting Windows. On January 12, it dumped a subset of Windows tools. It claimed, in doing so, it was just dumping the tools identified by Kaspersky. But in fact, not all of them were detected at that point by Kaspersky.

They claim they only dumped the 58 tools that were detected by Kaspersky AV, but the dump contained 61 files.  A little anonymous birdie told me that Kaspersky only detects 43 of these files as of mid-day on the 12th. I don’t like Russian software on my machines so I can’t confirm whether or not that’s true.

At the time, a lot of US security people believed that Kaspersky was part of this plot. But it seemed to me, at the time, that this dump instead targeted Kaspersky for allowing vulnerabilities in Windows they knew about to remain unaddressed by the anti-virus (and perhaps by whatever other services they offered in Russia). The tools are dated, so they definitely could date to the period when Stoyanov was still at FSB.

Mind you, even if this connection explains why Stoyanov was arrested, it doesn’t explain several other things, such as why Russia would arrest Stoyanov before any of these Windows tools were released. Nor does it explain who Shadow Brokers is, and why he’d be targeting Kaspersky.

But it is a known tie between events believed to be related to the DNC hack and Kaspersky.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

26 replies
  1. Sherman says:

    Shadow Brokers may not be a single person, especially if whomever is using the moniker got it from a source that may not be too evident to anyone who doesn’t paly video games.

    When I first heard the name of the group dropping the hacking tools my mind went here immediately and I think it’s a correct assumption: http://masseffect.wikia.com/wiki/Shadow_Broker

  2. Bob In Portland says:

    I would suspect that Chalupa, Alperovitch et al may very well have had someone on the inside of the Russian intelligence unit to help facilitate this. In fact, I’d be shocked if they didn’t.

    Also, I could have sworn I saw that some other Russian was just arrested for spying today. Clean up.

    • Phil Perspective says:

      I would suspect that Chalupa, Alperovitch et al may very well have had someone on the inside of the Russian intelligence unit to help facilitate this.

       

      Aren’t they Ukrainian?  If so, why would anyone in Russia government help them?

  3. Bob In Portland says:

    Phil, Alperovitch describes himself as Russian, but he’s clearly working against Russia’s best interests. Chalupa is Ukrainian. I suspect that, like in just about every other country in the world, the US has people within the Russian intelligence community. If people in Russia are being arrested for treason it could be that they’ve been treasonous.

  4. bevin says:

    Chalupa is Ukrainian and, like Alperovitch, works for the DNC. And the neo-Nazi regime in Kiev- they both do. Which is why their claims are generally salted before ingestion. Unless, of course, you are obsessed with the idea that the Russian government just put its man in the White House. It is an idea that might last out the month but will be regarded as incredible by St Valentine’s Day.

  5. John Casper says:

    bevin,

    When is Trump giving Ukraine back to Russia?

    “Analysts on Ukraine actively discuss the possibility of a deal between Russia and the United States to establish new spheres of influence, under which Trump would give Russian leader Vladimir Putin a free hand in places like Syria and Ukraine, in exchange for Moscow’s withdrawal of support for Iran.”

    http://www.eurasianet.org/node/82106

  6. maybe ryan says:

    The dossier, if believable, suggests that Jill Stein was at least open to being feted by Russian operatives.

      • maybe ryan says:

        From p. 15 of the dossier (Buzzfeed documentcloud version):
        >This had involved the Kremlin supporting various US political figures, including funding indirectly their recent visits to Moscow. S/he named a delegation from Lyndon presidential candidateiill STEIN of the Green Party; TRUMP foreign policy adviser

        I’m not trying to put any significance on it.  As I re-read it now, I realize that if the passage is even true, it doesn’t even imply that Stein knew she was getting Kremlin funding.  It’s just an interesting snippet. By the way, the weird omissions are not caused by my cut-and-paste. They’re from the dossier (ie, “ill” instead of Jill and “Lyndon” seeming to leave out something, maybe Larouche- is that guy even still alive?)

  7. Mitchell says:

    Arrested for releasing hacking tools? For real — not for a rationale for busting him for crimes against Trump? Russian leadership wouldn’t lie about an arrest, right? Fascists never lie. And if so, the FSB’s #2’s involvement in releasing the tools was… what? Please.

  8. Bob In Portland says:

    Just to keep up to date, has there been any proof that Russia, Russian intelligence or Putin personally hacked the DNC?

    Hello?

    • Mitchell says:

      It’s more complex than that. Thanks for oversimplifying the issue to meaningless.

      Like any fascist state, the state and private interests are intertwined.

      But here, I’ll make the whole issue simple: Look at Russian policies and see how helpful they are to making the world a better place (clue: You don’t counter neoliberalism with corporatist policies and, again, fascism), then decide whether any Russian involvement in the election was a concern.

      Of course, the corporate media here was just gobs of oil on a spark.

      And while I’m sliming Russian apologists: Great to see Comey concerned about a email system regarding which harms should have been discerned, at the least, years ago, and ignore a foreign state interfering in a presidential election. The kind of discerning judgment that helped him keep his job — when he has proven that the better course is to fire his ass.

  9. maybe ryan says:

    New articles (CNBC, Daily Beast) suggest that the arrests of Stoyanov and Mikhailov took place in early December, FYI. Sourced to Kommersant. Who know how credible.

    Mikhailov has been linked to a tip to American intelligence about King Servers. I hadn’t seen before this morning the idea that King Servers is linked to the election server hack (rather than the DNC hack.)

  10. Kim says:

    I think there is a possibility that the FBI put out information that led to a blown cover for a CIA asset.

     

  11. Evangelista says:

    “The news has led many people to assume”…

    “And the timing… may coincide”…

    “That may well be”…

    “another person who might be tied”…

    “But perhaps not”…

    “That said, there is a tie between Kaspersky and what is assumed to be the DNC hack”: …

    “Shadow Brokers — the entity that dumped a bunch of NSA hacking tools and targets on the web…”dumped”…”tools identified by Kaspersky”…

    ” a lot of US security people believe”…

    “But it seemed”…

    “But it is a known tie between events believed to be related to the DNC hack and Kaspersky.”

    “events believed”…

    Speculation on speculation on speculation.  All directed to enhancing, if not supporting, a speculation.  A speculation based on a foundationing speculation that in Russia there can be no grounds for alleging Treason except involvements by the alleged traitors in “American Election Related Affairs” that happen to be in current American focus and currently obsessions among American speculator-pundits and speculation experts.

    There is something missing here.  It starts with ‘R’, ends with ‘Y’ and contains the letters ‘ATIONALIT’ between, and with facts is requisite to ground speculation.

    • John Casper says:

      Evangelista,
      Your comments don’t reach “speculation on speculation on speculation.”
      WRT the vast majority of your comments, “There is something missing….”
      How appropriate, you misspelled “rationality.”

      Back on January 19th you claimed “In fact, a large number of homosexuals are Republicans.”
      https://www.emptywheel.net/2017/01/18/ask-uncle-ed/
      The comments on that thread are closed. How did you come by that information? Please leave your response here.

  12. bevin says:

    “When is Trump giving Ukraine back to Russia?”
    That is a peculiar question. Russia has not had Ukraine for a long time.
    Let us go through this very slowly, so that even Mr Casper can understand: the elected Ukrainian government was overthrown in a US supported coup, just a few months before elections were due. That was in 2014. Since then most of Ukraine has been ruled by neo-nazis, whose first act on taking power was to ban the Russian language which is used by more than half the population. This gave rise to separatist movements in the Donbas, which was particularly opposed to the Galician fascist movement which had carried out the coup. In Crimea a referendum was held and a large majority of the population indicated an intention to return to Russia, of which until 1954 it was a part and had been since the 1720s.
    In the past three years, during which time proscriptions, beatings, killings and election bans have been used to suppress dissent in a country whose economy is rapidly disintegrating and in which millions have seen their living standards melt into famine. Despite agreements reached at Minsk with a view to re-unifying the country, which has only ever existed as a Soviet Republic or a completely independent state since 1990, the Kiev government has refused to implement key conditions required to conciliate the people of the Donbas.
    You can defend Ukraine if you wish, it is the centre of Naziism in modern Europe.

    • John Casper says:

      bevin,

      You wrote, “Russia has not had Ukraine for a long time.”

      1. If that’s the case, why does “more than half the population” speak “Russian?”

      2. When did Russia last control the Ukraine?

      3. Why did you ignore my original question, “When is Trump giving Ukraine back to Russia?

      4. When will POTUS take action to ameliorate the “proscriptions, beatings, killings and election bans?”

      4.1 Isn’t Monsanto/Bayer a prime mover of western policies towards Ukraine, because they want the rich agriculture?

      “US crop producers eye Ukraine market”

      https://www.ft.com/content/d5af6efa-3570-11e2-bf77-00144feabdc0

      4.2 Isn’t the battle also between western oligarchs and Russian oligarchs to control

      Ukraine’s natural gas deposits?

      “Joe Biden, His Son and the Case Against a Ukrainian Oligarch”

      https://www.nytimes.com/2015/12/09/world/europe/corruption-ukraine-joe-biden-son-hunter-biden-ties.html?_r=0

      Did I “go through” that “slowly” enough “so that even” you “can understand?”

Comments are closed.