Humpty Dumpty fell off. History and implications (updated)

Published on January 31, 2017

Humpty Dumpty fell off. History and implications (updated)

    Logo of the Anonymous International or Humpty Dumpty group

    Last week, on January 25, the media reported that the FSB had arrested the head of the Central Security Bureau of the FSB, Sergei Mikhailov, and the top manager of Kaspersky Lab, Ruslan Stoyanov. Both are accused of treason.
    Article 275 of the Criminal Code of the Russian Federation, High treason High

    treason, that is, espionage committed by a citizen of the Russian Federation, extradition to a foreign state, international or foreign organization or their representatives information constituting a state secret, trusted to a person or made known to him cases provided for by the legislation of the Russian Federation, or the provision of financial, logistical, consulting or other assistance to a foreign state, international or a foreign organization or their representatives in activities against the security of the Russian Federation ...
    According to the text of the criminal code, Mikhailov and Stoyanov face imprisonment from twelve to twenty years. At the same time, the representatives of the FSB openly said that Mikhailov “... is the best in his business. We can say that the CIB is Mikhailov. ”

    On Saturday, information appeared about the arrest of the head of the Anonymous International group (known as “Humpty Dumpty”), which was involved in distributing compromising materials to officials and their correspondence.

    And these two detentions are directly related.

    Restoring chronology

    Information about the arrests began to appear in doses and in order of priority: the detention of a top manager of a large company specializing in information security and a high-ranking FSB officer. At that moment, parallels were actively drawn between Mikhailov and the corporate sector, with which his department (CIB - Information Security Center) closely interacts.

    It seemed, obviously, how “sideways” Stoyanov, the top manager of Kaspersky Lab, appeared in this matter. Work with the corporate sector, accusations of state treason and the rhetoric that has begun against Microsoft and Cisco on the part of the authorities on the fact that the structure of the companies founded by RAEC is opposingThe adoption of the law “On the Security of the Critical Information Infrastructure of the Russian Federation,” better known as the Law on Cyber ​​Attacks, suggested that lobbying for the interests of the corporate sector by Mikhailov for a certain reward.

    However, information about the arrest of the leader of the Anonymous International Vladimir "Lewis" Anikeev and his testimony made it clear that everything is much more complicated.

    According to one version, Vladimir Anikeev was detained during a special operation by the FSB at the airport of St. Petersburg at the end of October 2016. According to another, “Lewis” was caught while trying to enter the territory of the Russian Federation from the Republic of Belarus. Later he was transported to Moscow, where, according to representatives of the FSB, “literally during the second interrogation” he began to actively testify and cooperate with counterintelligence agents.

    It was Anikeev who gave the FSB a tip to Mikhailov, who was detained in December 2016. Together with the head of the CIB FSB, the top manager of Kaspersky Lab was also detained.

    According to , FSB officers found servers of the Humpty Dumpty group in the south-east of Ukraine. They managed to find encrypted archives of data on the activities of the group, part of the stolen information files, as well as schemes for future developments of cybercriminals. One of the members of the Humpty Dumpty group admitted that the south-east of Ukraine was chosen as a territory poorly controlled by the country's special services, thanks to which the group planned to hide from the Ukrainian authorities for as long as possible. All discovered and removed servers have already been delivered to the FSB laboratory for examination.

    Vladimir "Lewis" Anikeev


    The biography of the head of Anonymous International was published yesterday by Rosbalt, which was the first to report the arrest of Lewis.

    Before becoming the founder of “Humpty Dumpty”, Anikeev worked for a long time as a journalist, had extensive contacts in various departments and his own informants. He entered a new level in 2001 when he met a group of St. Petersburg PR people. It was then that, for the first time, Anikeev began collecting information and compromising information about officials and either passed on the collected information to interested parties, or blackmailed his goals and demanded a ransom for silence.

    In 2002-2003, Anikeev began to "expand" and, in addition to the already existing channels for extracting information, began practicing hacking e-mails to representatives of government agencies and entrepreneurs. “Vladimir, through his channels, found the personal mailboxes of the“ objects ”and transferred them to various St. Petersburg hackers. Who of them was the first to “break” the mail, he received a good reward. The work was carried out simply with the help of phishing, ”own sources told Rosbalt. In the middle of the “zero” Anikeev broke a solid jackpot in the form of a serious Petersburg official's correspondence. The latter paid a large amount so that his data did not get into the Network. Over time, the activity Anikeeva came to the federal level.

    After the founding of “Humpty Dumpty” and setting up work to put information on the stream, Anikeev left the Russian Federation and tried to appear as little as possible in the country. "Anonymous International" was housed in Ukraine and Estonia, from where he conducted his activities, also Anikeev often visited Thailand. However, the largest rewards for plums or vice versa, for the preservation of information, were paid in cash in Moscow or St. Petersburg and Anikeev had to visit the capitals from time to time.

    The main reason for the failure of Anikeev "Rosbalt" refers to the fact that his publications have become politically biased based on the preferences of the leader of Humpty Dumpty himself. Anikeev also behaved too greedily and did not enlist the support of a single major political group of the Russian Federation, constantly changing the “camp”, or even “oathing allegiance” at the same time to several of them.

    As a result, in 2016, the FSB became interested in the activities of the “black PR man” and the TSIB FSB was instructed to “process” the grouping “Anonymous International”.

    Sergey Mikhailov

    The FSB FSB, headed by Sergei Mikhailov, deals with cybercrime, including in the field of e-commerce and the illegal dissemination of personal data. The activities of Anonymous International were precisely in their area of ​​responsibility.

    Sergei Mikhailov did not differ much disgust or intelligibility in the methods of doing business. Back in 2007, he was seen in excess of official authority. Then, for his signature in the direction of the founder of Yuri Synodov, a request was received for disclosing personal data of one of the site users. History repeated itself in 2011, which forced Synodov to appeal to the Prosecutor General’s Office of the Russian Federation. According to the results of the proceedings, the supervisory authority concluded that the FSB had violated the law “On the operational-search activity”. The CIB was pointed out that such actions were unacceptable, as outlined in the document published by the Synods on Roem.


    “I, perhaps, would not write about it - well, to hell with him, to contact the FSB. But, first, I believe that a public analysis of these events will help in the future to avoid such weakly motivated attacks, and secondly, the scale of the phenomenon, it seems to me, is too large and affects any Internet business, ”wrote the Synods in 2011 .

    In 2013, Mikhailov appeared in court in the case of a DDoS attack on the payment system Assist, as a result of which it was impossible to pay for the tickets on the website of its main partner, Aeroflot. Then it turned out that Mikhailov was personally acquainted with the defendant, the founder of the Chronopay service, Pavel Vrublevsky, who accused Mikhailov of slander and forging personal accounts with him. Then the FSB officer did not deny acquaintance with Wroblewski.

    Treason and criminal collusion or internal disassembly of the FSB?

    After receiving the order for the “processing” of the “Shaltai-Boltai” group, Mikhailov began operational work through a dummy agent - his subordinate and the “right hand” of Dmitry Dokuchaev (who was also detained by counterintelligence officers). According to the FSB, Mikhailov, instead of suppressing the activities of the group, became its “supervisor” and engaged in coordinating actions to find targets and extract information for subsequent sale.

    It was after Mikhailov and his unit got involved in the work of Anonymous International that the most serious “plums” of information followed. The main one is the publication of correspondence by the assistant to the President of the Russian Federation, Vladislav Surkov.

    After the appearance of information about the detention of Anikeev and his cooperation with the FSB, this was considered to be the main reason for the detention of the colonel and the top manager of Kaspersky Lab. In total, six people were detained in the Humpty Dumpty case.

    On the other hand, there is a version that the arrest of Mikhailov and his assistant with an accusation of high treason is the internal disassembly of the FSB, which resulted in “light”.

    In addition to the CIB, in the structure of the FSB, there is a duplicate subdivision “Center for the Protection of Information and Special Communications of the FSB” (legally it is military unit No. 43753) under the leadership of Andrey Ivashko. However, the FSB notes that both of these structures, although they have overlapping areas of interest, have a different focus of their activities: the FSB FSC under the guidance of Mikhailov focuses on external activities, while the Center for Information Protection deals with issues within the state. For example, it provided protection of communication channels for transmission of information by the CEC during elections. In this case, the partial duplication of structures within the FSB is called normal practice:

    “Duplication is purely pragmatic, there is no competition here. Subdivisions have different functions, but very often they intersect in some sectors. At the same time, any intersection is to a certain extent an increase in the level of information reliability, ” retired Major General of the FSB, former head of the Public Relations Center of the Special Services Alexander Mikhailov , said in a conversation with RBC . “Full duplication in the special services never happens. One unit may be engaged in operational work, and the second - counterintelligence . They can intersect only at the level of the FSB Director, ”added retired FSB Major General Valery Malevanny.

    Major General in the remainder, Alexander Mikhailov, doesn’t believe in the version of “showdowns” between Sergey Mikhailov and Andrei Ivashko:

    “The FSB has never had an internal showdown that would lead to criminal prosecution. It is always possible to solve these conflicts by changing managers, dismissing, changing the structure. I do not see any intrigue here. When two units cannot find a common language, this is allowed surgically and without using procedural measures. The FSB is a powerful force structure, where a clear vertical is built. Connecting third-party tools is stupid, ”he stressed.

    Implications for the IT sector

    The FSB FSB under the leadership of Mikhailov closely interacted with representatives of the country's IT sector. As acknowledged by the FSB employees themselves, Mikhailov became so closely integrated into the structure of the CIB that many people put an equal sign between him and the center. The colonel almost completely “tied up” all the work on interaction with IT companies and was the unofficial “curator of the Internet” in Russia.

    If Mikhailov’s guilt in treason, overseeing the “Humpty Dumpty” group and draining the information of high-ranking officials of the state will be proved, it will compromise all the existing connections between business and government that were built by him.

    For example, with Mikhailov’s arrest, the Federal Security Service ’s claims to countering the adoption of the draft law “On Cyber ​​Attacks” coincided with RAEC .

    “Do you remember the founders of RAEC (Russian Association of Electronic Communications)? I can call - the company Microsoft, the company Cisco. Similar legislation was adopted in the Federal Republic of Germany, Austria, and the United States, but for some reason, these corporations consider it necessary to implement these laws in that territory and not to implement them here. We believe that the wave of criticism is caused by just this, ”said Nikolai Murashov, deputy head of the FSB core center, during the discussion of the draft law by the State Duma committee.

    According to representatives of the law enforcement agency, the failure to adopt the draft law of the Ministry of Communications and Mass Media on the critical infrastructure of the Russian Internet by foreign companies is associated with the reluctance to bear the cost of compliance.

    RAEC, a structure founded by Cisco and Microsoft and uniting more than a hundred IT companies operating in the Russian Federation, actively opposed the adoption of the aforementioned law. Thus, in the conclusion of the RAEC expert commission, it was stated that the law is technically and practically incorrect: “the Internet is not divided into“ segments ”on any“ national ”basis, especially in connection with an arbitrary set of domain names.”

    In addition, the shadow fell on Kaspersky Lab, which for many years has been actively cooperating with security agencies and law enforcement agencies on information security issues.


    The journalist of the edition, Ekaterina Vinokurova, cites the following data on the Humpty Dumpty case:

    Now filed a case of treason. My source close to the investigation says that new arrests are expected in the case. Firstly, there is a development of people connected with the arrested head of the Central Security Council of the Federal Security Service Sergey Mikhailov, in particular in the Moscow department of the Federal Security Service. Secondly, the investigation is trying to establish a channel through which information received by hackers and transmitted to Mikhailov through Kaspersky Lab's employee Ruslan Stoyanov, was passed through third hands to Western intelligence agencies (this is the version of the investigation). “Perhaps, for these purposes, third parties were used who traveled abroad as part of official delegations,” my interlocutor, who is familiar with the course of the investigation, said. He also explained how the hackers of the Humpty Dumpty group were calculated: other hackers who helped the security forces helped to track them down.

    In addition, it is expected that officials will be dismissed, who voluntarily decided to cooperate with hackers to publish compromising materials on representatives of competing departments. Such facts are also discovered, the source says.

    But the official position, they say, has changed again today. The basic version, which will be retransmitted - Mikhailov and Dokuchaev collaborated with the CIA and transmitted secret data. In total, four people were arrested in the case, and up to eight people were involved as accomplices. Four will be held as witnesses.

    The themes of hacker attacks and betrayals seem to overlap each other in the case, but do not overlap. The whole group was connected with the fact that they were familiar with each other and related to IT-technologies and the field of information security.

    At the same time, Mikhailov, apparently, is not considered as the main one in this chain.