Collusion_Secret Meetings, Dirty Money, and How Russia Helped Donald Trump Win
Page 9
The group’s founder, Vladimir Anikeev, however, had bigger ambitions. Instead of leaking material online for free, why not sell it to anybody who might pay? Anikeev had previously worked for an agency in St. Petersburg that specialized in “black PR.” Shaltai-Boltai began targeting the personal electronic secrets of influential people—Kremlin insiders, Russian deputies, and rich businessmen. Shaltai-Boltai posted a sample of the hacked material online.
The victim could pay and the compromising material would vanish. If they didn’t, everything would come out. Alternatively, someone else could buy the leaked emails. According to Alexander, Anikeev was no master hacker himself. He subcontracted via Web forums to other hackers, who obtained passwords to the email accounts of senior Russian officials. This was a lucrative underground enterprise—turning over “$1–2m” in three years. Payment was via bitcoin. No questions asked.
Shaltai-Boltai, then, would offer stuff to the highest bidder. In summer 2014, The Guardian’s Shaun Walker met one of its representatives in a European capital. The encounter took place at a little-used boat club on the outskirts of the city. The man—in his forties, floral shirt, tubby—was either cautious or paranoid, depending on one’s perspective. He sailed a boat into the middle of the river and spoke only when he had turned on loud music in the cabin to prevent anyone from listening in. He used a burner—a throwaway cell phone.
The representative identified himself as Shaltai. He told Walker Shaltai-Boltai had a stunning archive. It included records of every meal Putin had eaten, as well as thousands of emails sent by the president’s inner circle. Reading these internal documents, he said, gave him a rare insight into how Russia was actually run. Putin was a man “without human emotions.” And a genuine patriot who believed that his rule was in Russia’s best interests, Shaltai said.
“I think he has been in power too long,” Shaltai told Walker. “He has grown detached. He really is like a tsar. Below him are people fighting amongst themselves, but they are too scared to disagree with him. He does not have friends in the normal sense. There may be people he likes, but he is extremely paranoid.”
Afterward, Shaltai invited Walker to go drinking with him back on land and to meet some women, an offer the journalist declined. It seemed evident Shaltai-Boltai would sell to anyone. Might that anyone include representatives of British or American intelligence?
According to one version, Mikhailov, the FSB chief, made contact with Shaltai-Boltai in early 2016. He offered the hackers a deal: the group could carry on its activities on the condition the FSB had a right of veto over future publications. And use Shaltai-Boltai as an outlet for FSB leaks. A second version said Mikhailov set up the group. A third said that he was its krysha, or roof—the patron or protecting power inside Russian state bureaucracy.
Whichever version was correct, it was clear the wall between state assets and criminal hackers was paper-thin. Russia’s foreign intelligence agency, the SVR, also used hackers for delicate foreign operations, according to Western cyber experts.
By the second decade of the twenty-first century the cyber world looked like the high seas of long ago. The hackers who sailed on it might be likened to privateers. Sometimes they acted for the “state,” sometimes against it.
There were no clear rules or treaties; the Internet was an unregulated pre-sovereign space where it was comparatively easy to carry out raids and escape afterward while covering your tracks. Employing outside parties helped with deniability. Modern states have not yet decided what laws should regulate cyberspace, so anything goes. According to Steele, Russian intelligence frequently co-opted hackers. It gave them little choice but to cooperate. The FSB “uses coercion and blackmail to recruit [the] most capable cyber operatives in Russia into its state-sponsored programmes,” Steele wrote in his July 2016 memo, his second to Fusion.
Steele’s dossier summarized what was known about Russian cyber operations, both official and criminal ones. Moscow had an “extensive” program of state-sponsored cyber operations, he wrote. The Kremlin had had limited success against major foreign targets: G7 governments, big corporations, banks. It got better results with “second-tier ones.” These included private Western banks and smaller states, such as Latvia.
According to Steele, the FSB was the “lead organization within the Russian state apparatus for cyber operations.” It had four main targets: Western governments; foreign corporations, especially banks; the domestic elite; and “political opponents both at home and abroad.” Its successes typically came through “IT back doors.” That meant, for example, exploiting the devices of visiting Americans and Russian émigrés when they went to Moscow.
Steele said his sources were “a number of Russian figures with a detailed knowledge of national cyber crime, both state-sponsored and otherwise.” One of them was described as “an FSB cyber operative.”
With or without Mikhailov’s help, it was clear that by autumn 2016 Shaltai-Boltai had overreached itself. Its newest victim was Deputy Prime Minister Arkady Dvorkovich. Dvorkovich refused to pay. The hackers had been living like outlaws, hanging out in Thailand, and generally operating from outside Russia. In May Anikeev was persuaded to return to Moscow to meet with an FSB official. In November he came back again and was arrested.
The group’s Twitter feed—complete with Alice in Wonderland wallpaper and a yellow-and-green-striped Humpty Dumpty—went dark in December. Tsargrad said that the hackers were a front organization for the CIA.
Russia’s foremost cyber expert, Andrei Soldatov, disagrees. He believes the leaks about Shaltai-Boltai indicate “a hastily made cover-up,” to distract from Russia’s role in hacking the U.S. election. Mikhailov and Stoyanov might have known the informal actors who carried out the DNC hack, Soldatov said. If they had passed information to the Americans on this, that would explain the treason charge. Soldatov is skeptical that the FSB dragged Mikhailov off with a bag on his head.
Meanwhile, Mikhailov, Stoyanov, and Dokuchaev were being held at Lefortovo, the FSB’s pretrial detention and interrogation center. Lefortovo was a place I knew. In 2007 the FSB ordered me to Lefortovo after The Guardian published an interview with Berezovsky. The oligarch had claimed from London—without offering evidence—that he was “plotting a revolution against Putin.” The story displeased the Kremlin. The FSB investigated. I was summoned as a witness.
Lefortovo was a dispiriting place: I entered via the front door and found myself in a barren reception room, devoid of chairs. The officer on duty could see me through a silvered mirror; I couldn’t see him. I handed over my passport and phone. A hairy hand took it. We—my lawyer, Gari Mirzoyan, and I—went down a long corridor and past a cagelike elevator that descended to Lefortovo’s K-shaped prison below. Alexander Litvinenko had once been kept there. On the walls I noticed old-fashioned KGB cameras recording our movement. If anything had changed since Soviet times, I was at a loss to identify it. The corridors were soundless. A worn red-green carpet led to a series of boxlike offices.
The interview with Major Andrei Kuzmin—a young, blond-haired FSB officer—was perfunctory. He asked a few questions about the Berezovsky interview, tossing me a color photocopy of the Guardian’s front page.
On the table in front of me was a bottle of fizzy water and glasses. The glasses were engraved with four sets of initials: Cheka, OGPU, KGB, FSB. These were the various incarnations of the Kremlin’s secret police. After fifty-five minutes Kuzmin announced that our interview was over. I signed a witness statement. I was happy to leave.
Mikhailov, Stoyanov, and Dokuchaev were in a gloomy place indeed. They were fortunate in one respect.
They were alive.
—
The car parked near Kitai-Gorod was a company vehicle, a Lexus 460—a sleek, black, official-looking sedan. It was 11:50 a.m. The area is in Moscow’s historic center. The Kremlin and its cathedral square are nearby; head south and you reach the embankment and the Moskva River, gray at this late time of year and encrusted with thick
plates of ice.
Around the corner is the old palace where Nikita Romanovich, a nobleman, had lived in the sixteenth century. In 1547 Romanov’s sister, Anastasia, married Ivan the Terrible. After her death in 1560, Ivan began his reign of terror. He suspected Nikita Romanov and other aristocrats may have poisoned her and were forming a parallel and subversive group. His answer was a new secret police force—the oprichniki. Its mission was to terrorize the tsar’s enemies.
The vehicle had halted in Kitaigorodsky Proyezd—a street devoid of pedestrians and home to government buildings and an unfinished office block. It was three weeks after Mikhailov’s arrest, Monday, December 26. At number 9 there is a military academy named after Peter the Great. Guards turn back any errant drivers who try to enter the courtyard.
Sitting in the backseat of the Lexus was a man. He wasn’t moving; in fact, he was dead. The man’s name was Oleg Erovinkin. He was sixty-one years old. According to Russian press reports, Erovinkin’s driver called the emergency services. When the doctors arrived, they established there was nothing they could do. Soon after, unidentified officers turned up and removed Erovinkin’s body to the FSB’s morgue.
Erovinkin was someone who understood the state’s private affairs. In the late Soviet Union he attended the KGB’s Higher School, named after Dzerzhinsky. He graduated in 1980 and spent well over a decade working in intelligence. Then under Yeltsin he got a new and sensitive post with the presidential administration. He became the man in charge of official secrets. His job was to keep them safe.
Erovinkin was close to Igor Sechin. When Sechin became deputy prime minister in May 2008, Erovinkin joined him in the government as chief of staff. And when Sechin left government in 2012 to head Rosneft, Erovinkin went with him. He ran Sechin’s secretariat, later moving to other duties. According to the Russian news channel RBK, Erovinkin was responsible for secret documents, their transmission and reception. He was the linkman between Rosneft and the Kremlin. It was a trusted position. He prepared the boss’s annual declarations about income and property, sending them to the government via secret post.
Rosneft was keen to stress that there was nothing suspicious about Erovinkin’s sudden death. “According to provisional information, he died of a heart attack,” a company spokesman said. The FSB was carrying out tests. After all, Erovinkin was an FSB general, so this was standard practice. The street where he was found has no shops or cafés; my attempts to make inquiries there got nowhere.
None of this damped down the obvious speculation: that Erovinkin had been murdered. There were two apparent scenarios. One, that Erovinkin was Steele’s source deep inside Rosneft—someone sufficiently trusted and senior to have known of the alleged brokerage offer to Carter Page. Two, that he wasn’t Steele’s mystery insider but had nonetheless been deemed culpable for the embarrassing loss of secret information. Someone had blabbed. British spies had been able to penetrate the company. Erovinkin had paid the price.
Steele was adamant that Erovinkin wasn’t his source and “not one of ours.”
As a person close to Steele put it to me: “Sometimes people just die.”
The person admitted, however, that in the wake of the dossier the Kremlin did appear to be wiping out some kind of American or Western espionage network.
“If there are operations being rolled up, they are CIA operations, not his [Steele’s],” the person said. “For the Russians there is no separation between Chris, CIA, and SIS.”
It certainly looked that way. In the period before Steele’s report was published, and in the weeks afterward, other Russian government insiders dropped dead. There was no obvious pattern: the deaths took place in Europe, Moscow, the United States, South Asia. On the day of the U.S. election, November 8, a Russian national called Sergei Krivov was found dead in the Russian consulate in New York. Initial reports said he fell from the roof. Consular officials later claimed a heart attack.
According to BuzzFeed, Krivov was a consular duty commander. That meant it was his job to stop U.S. intelligence from penetrating the building. He would have had access to the consulate’s crypto card—the secret code breaker used to encrypt and decrypt messages to and from Moscow Center. It was his job to handle secret cables. Like Erovinkin, might he have failed, and could this channel have been compromised?
Other Russian diplomats met mysterious ends. They included Petr Polshikov, chief adviser to the Russian foreign ministry’s Latin American section (shot dead in December in his Moscow apartment). And Andrey Malanin, the Russian consul in Athens, Greece (found dead in January at home). Also, Alexander Kadakin, Russia’s ambassador to India (heart attack in Delhi; Kadakin, at least, was ill).
The most high-profile sudden death was that of Vitaly Churkin, Russia’s longtime representative to the UN. Churkin’s death at the relatively young age of sixty-four was ascribed to a heart attack. The New York City police said there had been no foul play. Whatever Churkin knew about Trump—they had first met in 1986—was no more.
—
Three days after Erovinkin’s death in late December 2016, at a country mansion a ninety-minute drive from Washington, there were signs of frantic activity. Russian operatives were packing up boxes, ripping out communications networks, driving at speed past TV crews waiting at the boundary of the property. They looked like people who were not coming back.
Pioneer Point in Maryland is a pleasant waterfront estate. Bought by Moscow in the 1970s, it belonged to the Russian government. On the weekends Russian diplomats would drop by. There are tennis courts, a swimming pool, and a garden. Close your eyes and you might just imagine you were back in greater Moscow, with its summer dachas, resin-scented pine forests, and cool swimming lakes.
The idyll had ended. The Obama administration announced it was shutting the property, together with another Russian-owned compound, Norwich House, on Long Island in New York. The Georgian-style Maryland mansion wasn’t only a diplomatic retreat, U.S. officials said. It was used for spying.
Three weeks previously Obama had directed the intelligence community to conduct a thorough review of what had happened during the election. That morning the White House had published some conclusions. They came in the form of a thirteen-page document written largely for information technology professionals and titled: “GRIZZLY STEPPE—Russian Malicious Cyber Activity.”
Hostile Russian cyber espionage groups were given “bear” cover terms. The ones in this case were nicknamed Fancy Bear and Cozy Bear. Fancy Bear was GRU; Cozy Bear FSB. There were plenty of others, from previous attacks. They include Venomous Bear, Voodoo Bear, Energetic Bear, Berserk Bear, and Team Bear. Hence, Grizzly Steppe, a continuation of this ursine theme.
The report by the Department of Homeland Security and FBI was damning. Citing “technical indicators,” it said that two separate Russian espionage groups had successfully hacked into a U.S. political party. It wasn’t named but was understood to be the Democrats. The first group, Cozy Bear, known as Advanced Persistent Threat or APT29, broke into the party’s systems in December 2015. The other, Fancy Bear, or APT28, entered the same systems in spring 2016.
According to the report, the groups were made up of seasoned operatives. They had previously targeted government organizations, think tanks, universities, and corporations around the world. Their operation to hack the Democratic Party involved “targeted spear-phishing campaigns.” These included Web links to a “malicious dropper” and “shortened URLs.” The Russian cyber attackers hid their tracks. Or as the report put it, “obfuscated their source infrastructure and host domains.”
For those who struggled with the technical detail there was a helpful graphic. It showed a faceless hacker in a hoodie against a red background. The hoodie-hackers used tunnels and implants—shown by skull-and-crossbones icons—to break into computers or “targeted systems.” They were then able to “silently exfiltrate data.”
The report may have been dry reading, but it left no doubt as to the operation’s remarkable success. C
ozy Bear sent emails containing a malicious link to over a thousand recipients. There were “multiple U.S. government victims.” The group “successfully compromised a political party.” In spring 2016 Fancy Bear compromised the Democrats again, this time persuading victims to change their passwords. The hackers were able to steal information from “multiple senior party members.”
“The U.S. government assesses that information was leaked to the press and publicly disclosed,” the report said.
It was this leaking that made Russia’s DNC hack different. As General Mike Hayden, the former NSA and CIA director, said, stealing your opponent’s emails was simply “honorable international espionage.” Everybody did that, including the United States, the United Kingdom, the French, the Germans, and other Western nations. “It’s accepted international practice. If I could have broken into Russian servers, I would have done it,” he said.
What made this hack different was what happened afterward, Hayden suggested—the fact that Russia “weaponized this data” and “shoved it into U.S. space.” An army of Russian trolls tweeted the information and made it trend. The result was a covert influence campaign designed to sow confusion and mess with the heads of U.S. voters, he said, many of them already skeptical about Clinton.
Hayden believed that Trump was still the legitimate U.S. president since it was impossible to know if the Russian meddling set out in the report—“putting their finger on the scale”—had influenced the result. Nonetheless, he evaluated it as “the most successful covert influence campaign in history. It took a mature Western democracy. It turned it on its head,” the general said.
Obama’s response to all this was sweeping. In a statement issued from Hawaii, where he was on vacation with his family, the president said he was unveiling tough new sanctions on Moscow. They included the expulsion of thirty-five Russian diplomats. Those expelled, U.S. officials indicated, were spies. The Kremlin’s official espionage network was being summarily rolled up. It was unclear to what extent these individual diplomats had plotted the hacking.