In a failed cybercrime investigation by the FBI, Russia and Ukraine

He returned to reports a few hours earlier when he revealed that the Ukrainian surveillance team was monitoring the Tank and that the suspect had recently been at home. Not one seemed compelling.

Five people were arrested in Ukraine that night, but when they reached Tank, police said they were responsible for the operation, they left him empty-handed. And none of the five people arrested in Ukraine were detained for long.

Somehow, the Ukrainian operation – an international two-year effort to capture the biggest cybercriminals on the FBI radar – was sidelined. He escaped while the tank was in SBU custody, and other major players avoided serious consequences for their crimes. Craig and his team were alive.

But if the situation in Ukraine was depressing, things would get even worse in Russia because the FBI had no one on the ground. Confidence between Americans and Russians has never been very strong. Early in the investigation, the Russians ordered the FBI to identify Slavik.

“They try to push it out of the goal,” Craig says. “But we play knowing what will happen in those games. We’re very calm with what we’re sending them anyway, and even though we know something, you try to push them to see if they’ll cooperate. And when they don’t … oh, it’s not surprising.”

However, while the attacks took place in Donetsk, the Americans hoped that they would receive a call from Russia to launder money from Aqua, Maksim Yakubets, about the FSB attack on the Aqua headquarters. Instead, there was silence.

The operation was a success: dozens of lower-level operators were arrested in Ukraine, the United States and the United Kingdom, including some personal friends of Tank who helped. move the stolen money Outside England. But a mix of corruption, rivalry and stone-throwing left Operation Trident Breach without its main purpose.

“Day D came, and we became ghosts,” Craig says. “He tried to communicate with the SBU [the Russians]. The FBI was making phone calls to the Moscow embassy. There was complete silence. We ended up doing the operation, without the FSB. There was silence for months. Nothing “.

Well-connected criminals

Not everyone in the SBU drives a BMW.

After the searches, some Ukrainian officials, dissatisfied with the corruption and leaks taking place in the country’s security services, concluded that the 2010 attack on Donetsk’s Tank and Jabber Zeus crew failed due to advice from a corrupt SBU officer named Alexander Khodakovsky.

At the time, Khodakovsky was the head of an SBU SWAT unit in Donetsk called the Alpha Group. Trident Breach was the same team that led the attacks. He also helped coordinate law enforcement across the region, which allowed the suspects to prepare for searches or destroy evidence in advance, according to a former SBU official who spoke anonymously with the MIT Technology Review.

When Russia and Ukraine went to war in 2014, Khodakovsky was disbanded. He became the head of the self-proclaimed People’s Republic of Donetsk, and says NATO receives financial and military support from Moscow.

The problem was not the only corrupt officer, however. The investigation into the tank and its crew in Ukraine – and the legal proceedings against it – continued after the searches. But they were careful to make sure he was free, the former SBU official explained.

“Through the corrupt links between the SBU management, Tank organized all the legal proceedings against him to make the SBU Donetsk office replace the headquarters of the SBU in Kyiv and eventually managed to dismiss the case,” the former official says. The SBU, FBI and FSB did not respond to requests for comment.

The tank, of course, mingled with Ukrainian officials linked to the Russian government – including former Ukrainian President Viktor Yanukovych in 2014.

Yanukovych’s youngest son, Viktor Jr., was the godfather of Tank’s daughter. Yanukovych Jr. He died in 2015 when his Volkswagen minibus fell into the ice on a Russian lake, and his father is in exile there after being convicted of treason by a Ukrainian court.

When Yanukovych fled the east, Tank moved west to Kyiv, where he is believed to represent some of the former president’s interests, along with his business dealings.

“Through this link with the president’s family, Tank was able to develop corrupt ties at the top levels of the Ukrainian government, including law enforcement,” the SBU official explained.

Since Yanukovych was removed from office, Ukraine’s new leadership has moved more decisively toward the West.

“Reality is the main challenge in stopping cybercrime and it can go up quite a bit,” Passwaters says. “But after more than 10 years of fighting cybercrime with Ukrainians, I can say that there are very good people in the trenches working silently on the right side of this fight. They are the keys.”

Warmer relations with Washington were the main drivers of the ongoing war in eastern Ukraine. Now, while Kiev is trying to join NATO, one of the conditions for membership is the elimination of corruption. The country has recently been collaborating with Americans on cybercrime investigations to the extent unimaginable in 2010, but corruption is still widespread.

“Ukraine is generally more active in the fight against cybercrime in recent years,” says the former SBU official. “But only when we see criminals really punished would I say that the situation has changed at the root. Now we often see cybercriminals in public relations regattas that do not stop their activity. the right way to fight cybercrime “.

And Tank’s ties to power have not disappeared. Yanukovych is linked to a powerful family, which is closely linked to Russia, and remains free.

Nearby threat

On June 23, Alexander Bortnikov was the head of the FSB mentioned saying his agency would work with Americans to find criminal hackers. Two Russian names were not known for a long time.

Even after the 2010 network threw up a large part of his business, Bogachev continued to be a prominent cybercrime activist. He formed a new ring of crimes called the Business Club; he soon became a behemoth, stealing more than $ 100 million distributed among his members. The group went from hacking bank accounts to spreading some of the first modern ransomware, with a tool called CryptoLocker, for 2013. Again, it was Bogachev the evolution of a new type of cybercrime.

At the same time, investigators at the Dutch cybersecurity company Fox-IT found that Bogachev’s malware was being thoroughly examined and did not randomly attack the targets. Malware was also quietly looking for information on military services, intelligence agencies and the police, including countries in Georgia, Turkey, Syria and Ukraine – Russian-speaking neighbors and geopolitical rivals. It became clear that he was not working from within Russia, but rather his malware really hunt for intelligence In the name of Moscow.