One article of faith of “Russiagate” propagandists is that DOJ couldn’t convict any of the hackers involved in the 2016 Russian operation if one happened to wander into a friendly jurisdiction and get arrested.
Today in Boston, a jury convicted Vladislav Klyushin, the co-conspirator and boss of one of the men charged in the 2016 hack of the DNC. Klyushin was arrested and extradited from Switzerland two years ago.
The jury found Klyushin guilty on charges of hacking, wire fraud, securities fraud, and a conspiracy to hack.
Here’s how I described the hack-and-insider trade scheme after Klyushin’s extradition.
The insider trader scheme works like this: Klyushin (the guy in US custody) and Yermakov (a key person involved in the 2016 DNC hack, described in DOJ’s press release as a “former” GRU officer), along with one other guy from M-13, are accused of hacking at least two US filing agents to obtain earnings reports before they were officially released. They conducted trades for a handful of clients — along with Borodaev and Uryadov, Boris Varshavskiy is mentioned. Klyushin also conducted trades for himself.
As noted, one guy the jury found that Klyushin conspired with — in fact, the guy who hacked two US filing companies to obtain the information to use in insider trading — is Ivan Yermakov [Ermakov]. Before he went to work for Klyushin, he worked for Russian military intelligence, where he is alleged to have phished Democratic targets in 2016 and then exfiltrated data. Among other things, Mueller accused Yermakov of being one of two people who stole John Podesta’s emails.
According to court filings, the FBI didn’t get involved in this case until one of the filing companies that were targeted reported a hack in 2020. But the investigation relied on information that dated back years earlier.
Of particular note, Yermakov got a smart phone update on May 9, 2018 at the same IP address used to steal some earnings reports used in the insider trading scheme on that same day.
Based on a review of records obtained from a U.S.-based technology company (the “Tech Company”), I have learned that on or about May 9, 2018, at 3:44 a.m. (ET), an account linked to ERMAKOV received an update for three native applications associated to the Tech Company. Records show that the May 9, 2018 application updates were associated to IP address 126.96.36.199 (the “119 IP Address”).
Based on my review of a log file from FA 2, I learned that on or about that same day, May 9, 2018, starting at 3:46 a.m. (ET)–approximately two minutes after ERMAKOV received application updates from the Tech Company–the FA 2 employee’s compromised login credentials were used to gain unauthorized access to FA 2’s system from the same 119 IP Address, and to view and/or download earnings-related files of four companies: Cytomx Therapeutics, Horizon Therapeutics, Puma Biotechnology, and Synaptics.7 All four companies reported their quarterly earnings later that day.
Two months later, in July 2018, Mueller would charge Yermakov and others in the DNC hack.
Three months after that, on October 24, 2018, the co-conspirators targeted Tesla’s earnings announcement.
Klyushin bragged about knowing that Tesla would spike in value after its earnings statement. “Pay attention to shares of Tesla now and tomorrow after 16:30 and on how much they go up,” Klyushin advised some guys he let in on the racket. After the earning statement came out, Klyushin noted,
It was 288 but after the close it was already 308, and tomorrow will most likely hit 330 that’s 10. And with a shoulder 2-3 times its almost 25. But such deals don’t happen often in a quarter.
In precisely that time period, Elon Musk was consolidating his 20% ownership stake in Tesla. He bought $30 million in Tesla stock in the days and weeks after Klyushin and his co-conspirators front-loaded Tesla.
The following year, Klyushin and Yermakov would joke about how much cash they were accumulating by insider trading on companies like Tesla.
Below are photographs that the defendant shared with his co-defendant and employee, Ermakov, in August 2019. The pictures, taken at different times, show a single safe containing an increasing amount of U.S. one hundred dollar bills. Based on the amount of currency in the safe on the right, and a comment that the defendant made to Ermakov that the amount in the safe is about “3,” investigators believe that safe—whose exact location is unknown—may have contained as much as $3 million in cash
To add insult to injury, these are the cars that Klyushin and Yermkov bought with the proceeds they made from from insider trading on Tesla and other companies.
The picture was submitted at trial to prove the tie between Yermakov and Klyushin, demonstrated by the reference to their company incorporated into the vanity plates.
It’s absolutely the case that Ivan Yermakov is not going to arrive for prosecution in the United States any time soon. In fact, prosecutors found both WhatsApp chats between the two men, in 2019, describing Yermakov’s inability to leave Russia — and Klyushin’s promises to try to help — as well as a screen shot of the FBI wanted poster for Yermakov, taken in October 2020.
But a guy just convicted of conspiring with him did. And a jury found him guilty of hacking US targets.