The Downfall of a Top Russian Cyber Spy

The dramatic arrest in Moscow of a top intelligence official raises questions about who knew what, and when, about the hack of the U.S. elections.

Photo Illustration by Alex Brook Lynn/The Daily Beast

MOSCOW—In Russia’s toughest prisons, guards used to put bags over the heads of serial killers, rapists, and terrorists so they couldn’t see the lay of the land outside their cells and plot an escape. In the Black Dolphin prison, which is for lifers, a favorite practice used to be to cover the convicts’ heads and push them through a gauntlet of security officers and guard dogs.

After prison reforms in 2009 the bags were replaced with blindfolds, or in many cases done away with, even at the most remote penal colonies across Russia.

But, apparently, word didn’t reach the Federal Security Service, the FSB, at its headquarters on Lubyanka Square right in the heart of Moscow.

For the first time in decades Muscovites in recent days heard that Russia’s most secret law enforcement agency had arrested one of its own top officers, and it happened in the middle of an official meeting. Like a scene out of some Brian de Palma movie, FSB officers grabbed their colleague and put a bag over his head—and afterward made little or no effort to keep what they had done a secret.

Sergei Markov, a member of the Public Chamber in the Russian parliament and adviser to the Kremlin, confirmed the incident to The Daily Beast.

“In early December, FSB Colonel Sergei Mikhailov, who was responsible for cyberwars and cyberattacks… was arrested by the FSB; yes, with a bag over his head,” he said.

The twisted intrigues behind that dramatic event appear to be a tale of spy and counter-spy that may well stretch from Lubyanka Square to CIA headquarters at Langley, the FBI, and, yes, the White House.

Were these and other officials recently arrested in Russia responsible for the hacking that helped Donald Trump win the presidency of the United States? Or were they moles inside the FSB who gave the U.S. Central Intelligence Agency the hard information allowing it to finger Russian President Vladimir Putin definitively as the man behind the conspiracy to disrupt America’s electoral process? Were they attackers and informants at the same time? Or is this case (implausibly) not related to those issues at all?

Such detailed questions, thus far, are unanswerable. But on Tuesday, according to the news agency Interfax, Mikhailov and his deputy, Dmitry Dokuchayev, were officially accused of state treason for passing confidential information to the CIA.

“There were more than four suspects in this case, and I am defending some of them but cannot talk about their names before Thursday,” Ivan Pavlov, a defense lawyer specializing in treason cases, told The Daily Beast.

Initial stories about the case had made a connection between Mikhailov and a shadowy group of hackers in Ukraine and Thailand known as Shaltay Boltay, which means Humpty Dumpty.

That organization, reportedly affiliated with Anonymous International, is most famous for hijacking the official Twitter account of Russian Prime Minister Dmitry Medvedev in 2014 and posting a tweet that read: “I’m resigning. I am ashamed of this government’s actions. Forgive me.”

Get The Beast In Your Inbox!

Daily Digest

Start and finish your day with the top stories from The Daily Beast.

Cheat Sheet

A speedy, smart summary of all the news you need to know (and nothing you don't).

By clicking “Subscribe,” you agree to have read the Terms of Use and Privacy Policy
Thank You!
You are now subscribed to the Daily Digest and Cheat Sheet. We will not share your email with anyone for any reason.

But its mischief didn’t end there, and its activities are worth noting, not least, because Putin and the FSB may have seen them as provocations in the years before the American elections.

According to a 2015 report by Daniil Turovsky for the Meduza website that was published by The Guardian, when Putin was carving Crimea out of Ukraine in 2014 the Humpty Dumpty hackers had gotten hold of documents exposing the Russian government’s plans for “grassroots” demonstrations in Moscow to support the annexation. Humpty Dumpty also exposed some of the chicanery behind Crimea’s referendum setting the stage for its return to Russia, and it allegedly hacked into the emails of Igor Strelkov, one of the early leaders of the secessionist movement in eastern Ukraine.

So it’s not surprising that the name of Shaltay Boltay-Humpty Dumpty would be invoked in leaks about this case, perhaps as a message to those in the West presumed to be behind the organization.

Kremlin adviser Markov told The Daily Beast that Col. Mikhailov “definitely controlled Shaltay Boltay,” which “cooperated with the Ukrainian SBU [security service], which is the same as working for the CIA; he worked with them, which is obviously treason.”

But the defense lawyer, Pavlov, said that according to the information he has received so far the case has nothing to do with Shaltay Boltay hackers. The suspects were accused of cooperating directly with foreign companies and foreign intelligence agencies, and some of that cooperation allegedly dates back to 2012.

A source quoted by, an online publication, suggested that Shaltay Boltay was just a distraction meant to confuse everybody in classic FSB style.

As more details come out, the story continues to grow. The news agency Interfax reported that in addition to the four individuals accused, eight more have been identified as accomplices in the treason case.

Meanwhile, searches on Tuesday reportedly resulted in the discovery of $12 million at Mikhailov’s private residence.

But nothing is simple in this case, connected as it is to the shadowland of hackers and special services cooperating with some Russian officials behind the backs of other Russian officials.

So it’s the bizarre style of the arrest of Col. Mikhailov, deputy chief of the Information Security Center (ISC) at the FSB, that has been the talk of the town.

“A bag over a detainee’s head is a significant abuse,” lawyer Oleg Khabibrakhmanov told The Daily Beast, and, ironically, “FSB officers are the most vulnerable people, as they are inside the FSB system.

“We defended the rights of FSB officers in the Nizhny Novgorod region,” said Khabibrakhmanov, one of the founders of the Russian lawyers’ group Committee for the Prevention of Torture. “One of them, Col. Oleg Yefremov, was beaten to death in prison in 2011. His murderers told the court that they had killed the colonel on FSB orders.”

Why would the Kremlin want to leak the information about December’s sinister arrest at the FSB in mid-January, just after the inauguration of President Trump and before Trump spoke with Putin on the phone?

“The leak happened now as a result of internal tensions between the clans in power,” Markov told The Daily Beast. “It is public knowledge that top FSB managers do not get along with each other.”

But to use the bag?

“The FSB is the most secretive and precise law enforcement agency in Russia when it comes to using repressive methods,” said Anton Naumlyuk, a journalist who has covered more than three dozen FSB arrests of Muslims and alleged Ukrainian “saboteurs.” “If they leaked the information about Mikhailov’s arrest, it was done with only one purpose: to threaten everybody.”

On Jan. 12, the FSB allegedly fired Mikhailov’s boss, Andrei Gerasimov, the head of the ISC, who was responsible for investigating high-profile computer crimes and apparently also controlled Russia’s leading hackers and cyberwarriors.

Ruslan Stoyanov, a cybercrime investigator from Kaspersky Lab, an internationally famous Russian web security company, was arrested at the same time as Mikhailov.

Stoyanov allegedly was also accused of treason and of receiving money from foreign organizations involved in cyberwars.

Another open question is how they were caught. Who revealed their connections to the CIA, if such connections exist?

According to the U.S. intelligence community, the Russians funneled embarrassing material about Hillary Clinton and the Democratic Party to WikiLeaks, where it was picked up and used relentlessly by Trump.

But for months he refused to concede there had been any Russian hacking. Even after Trump began to receive top secret briefings on Nov. 15, he publicly expressed his doubts, goading the CIA and other agencies to reveal publicly more and more about the sources of their information on the hacking issue. Then, finally, in the second week of January, barely 10 days before his inauguration, Trump grudgingly conceded that the Russians had set out to influence the election.

By then, if the chronology of the arrests in Moscow leaked so far is accurate, the men allegedly cooperating with the CIA were already under arrest.

On Jan. 28, Trump called Moscow and spoke with Putin about the importance of fighting terrorism. If they discussed the hacking issue and spying arrests, that has not been reported.

Markov said he believes the arrest of the alleged spies will have little or no negative impact on the emerging friendship between the Russian and American leaders.

“The arrest of Mikhailov is a good example for Trump,” Markov told The Daily Beast. “He will totally understand that we cannot tolerate traitors in our security service agency, just like he cannot in the CIA.”