What’s Behind the FBI Case against Russian Hackers?

fbi-russia-hackersTwo and half years ago, Yahoo! suffered one of the worst attacks in history, as hackers gained access to some 500 million accounts. In a disclosure last September,  the company indicated that data including names, email addresses, telephone numbers, birth dates, encrypted passwords and, in some cases, security questions — was compromisedby what it believed was a “state-sponsored actor.” That state-sponsored actor turned out to be Russia.

It was big news yesterday then when the FBI announced indictments against two FSB agents and two hackers, “marking the first U.S. criminal cyber charges ever against Russian government officials.”

But for many watchers, it seemed like odd timing. In the midst of multiple congressional probes into foreign interference in the 2016 elections, accusations of hacking into the DNC, among sundry other conspiracy theories surrounding Russia, this seemed like an odd case.

Was this just another way for the FBI to take action on Russian hacking without having to wade into the messier political ties? Not exactly – one of those charged, Dmitry Dokuchaev, had already been previously arrested in Moscow in December for being the handler of a hacking collective that was accused of breaking into the accounts of other Russian officials.

Typical infighting among clans and security agencies in Russia usually doesn’t end up producing foreign criminal charges, but that may be changing. Andrew Roth, writing in the Washington Post, points to an externalization of the dispute:

A Russian businessman who had specialized in spam and malware had claimed for years that Mikhailov was trading information on cybercriminals with the West. Mikhailov had reportedly testified in the case of Pavel Vrublevsky, the former head of the payment services company Chronopay, who was imprisoned in 2013 for ordering a denial of service attack on the website of Aeroflot, the Russian national airline. Vrublevsky claimed then that Mikhailov began exchanging information about Russian cybercriminals with Western intelligence agencies, including documents about Chronopay. Brian Krebs, an American journalist who investigates cybercrime and received access to Vrublevsky’s emails, wrote in January: “Based on how long Vrublevsky has been trying to sell this narrative, it seems he may have finally found a buyer.”

It will be interesting to see if this becomes a trend.