03:02 PM
Connect Directly

11 Alleged Russian Secret Agents Charged

The complaints filed against the alleged spies reveal a sophisticated high-tech investigation.

In two legal complaints that read like a cold war espionage thriller, the U.S. Department of Justice on Monday charged 11 people with carrying out deep-cover intelligence-gathering missions for the Russian Federation.

The multi-year investigation by the FBI, the U.S. Attorney's Office for the Southern District of New York, and the Department of Justice's Counterespionage Section and Office of Intelligence has led to the arrest of 10 people. One defendant is still at large.

The defendants allegedly served as Russian secret agents who were living in the U.S. on long-term deep-cover assignments.

Image Gallery: Who's Who In U.S. Intelligence
(click for larger image and for full photo gallery)

A coded message allegedly sent by the SVR, the Russian foreign intelligence service, to two of the defendants was intercepted and decrypted by the FBI. It explains their mission:

"You were sent to USA for long-term service trip," the note reads, according to one of the complaints. "Your education, bank accounts, car, house etc . -- all these serve one goal: fulfill your main mission, i.e. to search and develop ties in policymaking circles in US and send intels [intelligence reports] to C[enter]."

The SVR's headquarters is known as "Moscow Center."

The Russian Foreign Ministry has called the charges baseless, according to The Washington Post, and suggested the charges arise from an anti-Russian faction in the U.S. government that seeks to prevent improved relations between the U.S. and Russia.

Beyond cracking encrypted codes, government investigators appear to have brought considerable high-tech expertise to bear in their evidence gathering. The complaints describe extensive use of court-authorized electronic surveillance, including covert microphones in defendants' residences, covert video cameras in public locations and hotel rooms, and the monitoring of defendants' phone calls and e-mails. FBI agents covertly entered some of the defendants' residences and copied electronic media and took photographs there.

The alleged conspirators likewise are said to have made use of covert communication technology, specifically steganography, in which encrypted messages are concealed inside other data, and radiograms, coded messages sent by short wave radio.

Searches of defendants' residences uncovered software, allegedly provided by the SVR, that encrypted messages and concealed them in image files. The encryption code used by the steganography software was defeated because one of the defendants had written down the 27 character password. Following the recovery of this password in a clandestine 2005 search in New Jersey, the FBI was able to access protected files. Links to other Web sites containing image files with hidden messages were discovered in an electronic address book.

A search in Boston produced computer disks with deleted messages that proved to be recoverable by computer technicians. Other searches in Boston and Seattle provided evidence that the defendants were communicating using radiograms.

Money for the operation was allegedly provided by Russian government officials in the U.S. Investigators tracked one of the defendants in 2004 via a covert GPS tracking device as he drove to bury a bag of money provided by his handlers. Investigators subsequently found a package wrapped in duct tape buried beneath five inches of dirt, photographed the package, and re-buried it.

All of the defendants are charged with acting as an unauthorized agent of a foreign government, a charge that carries a maximum penalty of five years in prison. All but two are also charged with conspiracy to launder money, which carries a maximum 20-year sentence.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: " I think Google Doodle is getting a little out of control"
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.