Bloomberg has a fascinating update on the case of Vladislav Klyushin, the guy who ran a pen-testing company for Vladimir Putin extradited to Boston on charges of insider trading last month. It states that Klyushin has (present tense) access to documents on the 2016 Russian hack and suggests he might be leveraged to share this information to get out of the lengthy insider trading sentence he faces.
According to people in Moscow who are close to the Kremlin and security services, Russian intelligence has concluded that Klyushin, 41, has access to documents relating to a Russian campaign to hack Democratic Party servers during the 2016 U.S. election. These documents, they say, establish the hacking was led by a team in Russia’s GRU military intelligence that U.S. cybersecurity companies have dubbed “Fancy Bear” or APT28. Such a cache would provide the U.S. for the first time with detailed documentary evidence of the alleged Russian efforts to influence the election, according to these people.
There’s a problem with this claim, though, at least as stated. The US already has documentary proof that GRU was behind the hack-and-leak. These documents would not be the first. And given the evidence cited in the indictment against Klyushin and Ivan Yermakov, the hacker cited in both this case and two GRU hack-and-leak cases, they collected more information from Yermakov over the last several years.
So such documents must go beyond mere confirmation of GRU’s role, if reports of Kremlin concerns are true.
Some insight about what the US might be after comes elsewhere in the story. It describes that on two earlier occasions, Western intelligence tried to recruit Klyushin.
U.S. and British intelligence tried twice to recruit Klyushin, according to Ciric, the attorney in Switzerland. U.S. intelligence attempted to engage him in summer 2019 in the south of France and British intelligence approached him in March 2020 in Edinburgh, Ciric said.
Klyushin memorialized that second meeting in a note he wrote a few weeks after the encounter and saved on his computer, according to Ciric. It took place at Edinburgh’s airport, as Klyushin was taking a flight back to Russia, according to the memo, which was submitted to the Swiss courts as part of his appeal against extradition. Klyushin wrote that the two British intelligence agents — one from MI5 and the other from MI6 — spoke to him for a few minutes in a room where he was led after a passport check.
The two Russian-speaking officers, a man and a woman, asked him if he would “cooperate” with U.K. secret services and took his phone number to set up a meeting on his next trip to London planned for May, according to the previously unreported document, which was reviewed by Bloomberg. Klyushin wrote that while he didn’t respond to the cooperation offer, he said he would be willing to see the agents again to discuss selling M-13 products to British intelligence.
It’s unclear whether Klyushin informed Russian intelligence about the U.S. and British recruitment efforts.
On top of the detail that US and British intelligence had targeted Klyushin for recruitment (and believed they had some reason to convince him to do so by summer 2019), this reveals that Klyushin has been traveling without arrest in recent years, both after the time in January 2020 that the indictment parallel constructs the investigation start date to, and well after the May 9, 2018 date when the US seems to have pinpointed Yermakov’s phone. It’s a point Klyushin himself made.
While in the Swiss prison, Klyushin told Bloomberg, through his lawyer, that he didn’t know why he was arrested in March and not before, saying that he had previously traveled freely to Europe. He blamed his detention on an “operation mounted by the U.S. in cooperation with Swiss authorities” to obtain “certain confidential information the American authorities consider” he has.
That is, it’s possible that the US waited to arrest him until they were done with their investigation, but these past interactions with western spooks suggest something else was behind the timing of his arrest. Similarly, the explanation offered by the Swiss lawyer — that the US only learned of Klyushin’s trip to Switzerland by an auspiciously timed hack of his phone — makes no sense, given the access to travel records the US would routinely have even without having someone targeted under Section 702, as Klyushin easily could have been.
The story leaves big questions about whether Klyushin wanted to be turned over or not. In addition to the open question about whether Klyushin told Russian authorities about the recruitment attempts, Bloomberg describes that Klyushin’s Swiss lawyer mailed his appeal of the extradition to the European Court of Human Rights rather than faxing it, with the result that the appeal arrived only after he had already been transferred to US custody.
But it’s hard to believe that Klyushin wanted to be extradited when he was arrested last March. That’s because his family returned to Russia at the end of their 10-day luxury vacation, which they wouldn’t have done if Klyushin had been planning to defect to the US (if one can start using the term again). So if Klyushin came to decide he wanted to be extradited over the nine months while he was held in Switzerland, he may have only come to that conclusion upon receiving more details about the charges against him, possibly including details that might expose him to the ire of the Kremlin.
It is true, however, that the Russian-speaking attorney Klyushin hired in Boston, Maksim Nemtsev, is not one of the ones (such as Igor Litvak) that Russian nationals retain when they’re refusing to cooperate; Nemtsev appears appropriate to the insider trading charges against Klyushin.
There may be a better explanation for the timing than an auspicious hack, though. As described, Klyushin’s trip to Switzerland was likely his first trip to a US extradition partner after Merrick Garland was sworn in as Attorney General on March 11, 2021, eight days before FBI obtained the arrest warrant for Klyushin.
And while the US has documentary evidence that GRU did the hack, what they hadn’t yet obtained when DOJ obtained the indictment against Yermakov and other GRU officers in 2018 was something far more important: what Russia did with two sets of data — the campaign strategy and polling information turned over from Paul Manafort and the analytics stolen from Hillary through the entire month of September. There’s certainly reason to believe DOJ knows more now than they did in 2018. Last April (so shortly after the arrest warrant for Kluyshin), Treasury stated as fact that the information Konstantin Kilimnik obtained from Manafort did get shared with Russian intelligence, even while asserting that Kilimnik was himself a spook. But how that information was shared and what happened with it has not been made public.
And those are the kinds of questions you might not raise aggressively until after Trump was gone.