Russia sends warning to cyber security sector with arrest of Ilya Sachkov
Ilya Sachkov did not hold back, even though Russia’s prime minister was watching him on a panel starring the heads of the country’s top tech companies.
The 35-year-old co-founder of Group-IB, which specialises in investigating cyber crimes such as hacking and online fraud, poured scorn on the Kremlin for turning a blind eye to the epidemic of ransomware attacks emanating from Russia.
“No Russian state organ . . . is responding to this at all . . . believe me, this affects the image of Russian companies that export information security,” Sachkov said. “What’s going on in the country if the whole world is telling you there’s criminality?”
In his speech, he pointed to Maksim Yakubets, the head of the Evil Corp hacking group, who the US has accused of masterminding a decade-long crime spree that has cost banks hundreds of millions of dollars.
Yakubets has been spotted driving around Moscow in a fluorescent camouflage Lamborghini, with a custom licence plate that reads “THIEF”. He also “provides direct assistance to the Russian government’s malicious cyber efforts”, according to US Treasury sanctions against him.
Sachkov’s criticism of the Kremlin’s apparent tolerance of some online criminals continued until late September, when he was arrested by the FSB, Russia’s intelligence agency, and charged with treason.
The detail of the charges against him are classified, but his arrest and the 20-year sentence he faces if found guilty have reverberated around Russia’s cyber security community.
Three people in the community said the Kremlin was signalling that it did not want to co-operate with the west on cyber crime — and would punish those who stepped out of line.
“It looks like a totally hostile action against the Americans,” one of the people said. “He was the only person who loudly accused people of ransomware activity, where hackers lock up computers until a ransom is paid.”
Dmitry Volkov, the Group-IB co-founder who took over as chief executive after Sachkov’s arrest, said the company did not know what he had been charged with and was convinced he was innocent.
“All the materials of the case are classified, which provides fertile ground for rumours and speculations. Without access to these materials, making any assumptions or promoting any versions would be wrong,” Volkov said.
US president Joe Biden and his Russian counterpart Vladimir Putin restarted bilateral cyber security talks earlier this year for the first time since the annexation of Crimea in 2014. In late September, the US deported convicted hacker Alexei Burkov to Russia, a move the Kremlin welcomed as “a rather positive development” in the countries’ strained relationship.
However, the two sides are yet to make tangible progress on Russia’s apparent reluctance to tackle ransomware gangs, which US officials have said operate with the tacit encouragement, or even direction, of the security services.
Washington is currently seeking to extradite Vladislav Klyushin, a Kremlin cyber security contractor, from Switzerland on insider trading charges. Last month, the US sanctioned Suex, a cryptocurrency exchange it accuses of laundering the proceeds from ransomware attacks, which researchers have linked to people and offices in Russia.
Sachkov’s arrest while people like Yakubets remain at large is a “big signal the Russian government is sending to its international partners”, said Thomas Rid, professor of strategic studies at Johns Hopkins University. “Are they serious about cyber crime, or are they arresting more cyber security executives than ransomware criminals?”
Group-IB, which Sachkov started in 2003 while he was a student at Bauman Moscow State Technical University, has attempted to build a global business while remaining on the good side of the Russian government. Sachkov has met Putin at least twice and Group-IB worked with the Russian police to catch a growing array of online fraudsters and card scammers.
At the same time, the company has moved its headquarters to Singapore, added an array of international clients and eyed a $1bn initial public offering. Group-IB has also partnered with Interpol on criminal investigations and Sachkov has lent his expertise to the OSCE and Council of Europe.
Trying to tread the line between the two sides proved to be difficult. The US and UK banned products by Kaspersky Lab, Russia’s largest cyber security company, from government systems after suspicions over the company’s ties to the FSB. Positive Technologies, a software company, was sanctioned by the US in April for allegedly supporting the FSB and hosting recruiting events for the security services.
Any co-operation with western law enforcement meant risking repeating the fate of former senior Kaspersky Lab employee Ruslan Stoyanov, who in 2019 was sentenced to 14 years in prison on treason charges alongside Sergei Mikhailov, who was formerly the FSB’s top cyber security official.
Sachkov gave evidence for the prosecution in the closed trial, where the two men were reportedly accused of passing on classified information about an alleged cyber criminal to the FBI.
Mikhailov’s lawyer told Russian news outlet RBC that Sachkov had given “false evidence that allowed the investigators to conclude [Mikhailov] was involved in state treason”.
In an open letter to Putin published in Russia’s version of Forbes last week, Sachkov’s mother Lyudmila suggested that her son had stepped on the toes of powerful special interests.
“With all due respect to the FSB, everyone remembers how many highly respected people, the pride of the nation, were ruined for being ‘enemies of the people’ [during Stalin’s purges]. Is history repeating itself?” Lyudmila Sachkova wrote. “Ilya could not have betrayed the Motherland. Nobody believes he is guilty. Only the hackers are gladly crowing about this!”
Group-IB’s international focus also ran the risk of triggering the FSB’s concerns that US intelligence would have a way to access the company’s data, according to two of the people in Russia’s cyber security industry.
“In cyber security, you can have access to very sensitive data. And the Kremlin clearly considers it a key strategic sector,” said Julien Nocetti, an associate fellow at the French Institute of International Relations.
“The message is: don’t speak up about it, don’t internationalise it without FSB prior approval and, especially, localise your clients’ data on Russian soil.”
Volkov said that Group-IB has “never had access to any classified information, state secrets or whatsoever” and that its customer data retention had not been affected by Sachkov’s arrest.
He added that “our global strategy of entering new markets and strengthening Group-IB’s posture on existing ones will not change” and said the company would “continue working as usual” in Russia.