Alexander Vinnik, a cybercriminal who was serving jail time in California for money laundering, returned to Russia from custody in California in February as part of the swap that saw Marc Fogel, an American teacher held for possessing medicinal cannabis, warmly greeted in the White House.
Vinnik was first arrested in Greece eight years ago on suspicion of money laundering via his cryptocurrency exchange BTC-e, and subsequently extradited to the US, where he pled guilty. The US Justice Department indictment said BTC-e was popular among criminals, including Russian state-sponsored hackers, who used it to anonymously trade bitcoin and hide billions of dollars gained through fraud and extortion.
Vinnik is exactly the kind of person Moscow wants back to boost Russia’s cyber capabilities, which are undiminished in spite of three years of international isolation over the war in Ukraine. And his return fits a pattern of the Kremlin using legal processes and the levers of state to harness criminal activity for use against Russia’s adversaries.
The Russian cyber industry once enjoyed global recognition largely through Kaspersky Lab’s cybersecurity brand, despite its close ties to the FSB, and has fully adapted to the new circumstances.
This adaptation has been costly and sometimes dramatic, but it has got the Kremlin, and Russia’s intelligence services, the results they wanted.
The transformation of Group-IB, one of the best known Russian cyber security companies and a major competitor to Kaspersky in conducting cyber investigations around the world, is a case in point.
The company was launched in 2003 by Ilya Sachkov and friends, who were students of Bauman’s Moscow State Technical University, an elite engineering school with a long history of links to the Russian military industrial complex and security services.
By the mid-2000s, the Kremlin had become a strong advocate for Group-IB, recommending its services to ministries and other government organizations. Its brand recognition skyrocketed and journalists who interviewed Sachkov in his office noted diplomas from various departments of the FSB and other agencies proudly displayed on the walls.
Sachkov was so loudly praised and promoted by the regime that there were rumors, never confirmed, that he had a high-placed relative in Putin’s administration.
Get the Latest
Sign up to receive regular emails and stay informed about CEPA’s work.
Over the next decade, Group-IB continued to grow, expanding both its operations and its client base. Sachkov, sporting a goatee beard and expensive tailored suits, loved publicity, and joined expert committees in the Foreign Ministry and State Duma.
In February 2019, he was invited to the Kremlin, where he was pictured with Putin in the hall of the Kremlin palace. The president congratulated him with the Breakout in Innovation award for “his achievements in the identification and prevention of cyber threats.”
This glittering career came to an abrupt end 18 months later, in September 2021, when Sachkov was arrested by the FSB and taken to Lefortovo prison on charges of high treason. He vehemently denied the accusations from his cell.
The reasons behind Sachkov’s arrest were never properly explained, though it was suggested the FSB had become unhappy with his plans to move the company abroad. Sachkov wrote a letter to Putin saying he was “not a traitor, not a spy, I am a Russian engineer. I have repeatedly proven my loyalty and usefulness to the Motherland with my work,” but was still sentenced to 14 years in jail.
The full-scale invasion of Ukraine in February 2022 posed a double crisis for Group-IB. It risked losing all its international clients because it was a Russian company with clear ties to the security services, while at the same time it was vulnerable in Russia because its CEO and founder was in jail.
In July 2022, it announced plans to split into two companies — one based outside Russia that kept the Group-IB brand, and another that would remain in the country under a different name — eventually dubbed F6.
As the war in Ukraine continued, connections between F6 and the FSB and other organs of the Russian state strengthened. It came under the umbrella of Positive Technologies, a cyber company under US and European sanctions for cooperating with Russian spy agencies.
Since the full-scale invasion, Positive Technologies has taken on key people in the cyber industry who remained in Russia, including former CISCO employees and the Russian part of Group-IB, and has gone to great lengths to remain beyond US reach.
For years, the other public face of Group-IB was Nikita Kislitsin, a well-spoken former hacker who frequently appeared at state-sponsored cybersecurity conferences in Moscow during the 2010s. Kislitsin was also an adventurer, and in April 2014 he went to the US Embassy in Moscow to talk to the FBI about his involvement in the Formspring, Dropbox and LinkedIn hacks.
But he was one of many Russian engineers who became uneasy after the full-scale invasion and he left for Kazakhstan. Once there he was promptly detained by local police as he was wanted by US authorities. Rather than be sent to the US, however, he was flown back to Moscow in January 2024.
Officially, he was extradited at the Kremlin’s request after being charged with illegally accessing protected data, but this was merely a pretext. Once back in Russia, Kislitsin resumed his career in the Russian branch of Group-IB, and in February this year became the technical director of F6.
Russian cyber talent of a particular kind remains in strong demand. The Kremlin will exploit every means to get the people it wants.
Andrei Soldatov and Irina Borogan are Non-resident Senior Fellows with the Center for European Policy Analysis (CEPA.) They are Russian investigative journalists and co-founders of Agentura.ru, a watchdog of Russian secret service activities.
Europe’s Edge is CEPA’s online journal covering critical topics on the foreign policy docket across Europe and North America. All opinions are those of the author and do not necessarily represent the position or views of the institutions they represent or the Center for European Policy Analysis.
Comprehensive Report
By CEPA International Leadership Council
CEPA’s International Leadership Council outlines key ideas for US and European policymakers to consider as new leadership starts to shape policy for Ukraine and beyond.
February 10, 2025
Europe’s Edge
CEPA’s online journal covering critical topics on the foreign policy docket across Europe and North America.
This post was originally published on this site be sure to check out more of their content.
