Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:02 PM
Connect Directly

11 Alleged Russian Secret Agents Charged

The complaints filed against the alleged spies reveal a sophisticated high-tech investigation.

In two legal complaints that read like a cold war espionage thriller, the U.S. Department of Justice on Monday charged 11 people with carrying out deep-cover intelligence-gathering missions for the Russian Federation.

The multi-year investigation by the FBI, the U.S. Attorney's Office for the Southern District of New York, and the Department of Justice's Counterespionage Section and Office of Intelligence has led to the arrest of 10 people. One defendant is still at large.

The defendants allegedly served as Russian secret agents who were living in the U.S. on long-term deep-cover assignments.

Image Gallery: Who's Who In U.S. Intelligence
(click for larger image and for full photo gallery)

A coded message allegedly sent by the SVR, the Russian foreign intelligence service, to two of the defendants was intercepted and decrypted by the FBI. It explains their mission:

"You were sent to USA for long-term service trip," the note reads, according to one of the complaints. "Your education, bank accounts, car, house etc . -- all these serve one goal: fulfill your main mission, i.e. to search and develop ties in policymaking circles in US and send intels [intelligence reports] to C[enter]."

The SVR's headquarters is known as "Moscow Center."

The Russian Foreign Ministry has called the charges baseless, according to The Washington Post, and suggested the charges arise from an anti-Russian faction in the U.S. government that seeks to prevent improved relations between the U.S. and Russia.

Beyond cracking encrypted codes, government investigators appear to have brought considerable high-tech expertise to bear in their evidence gathering. The complaints describe extensive use of court-authorized electronic surveillance, including covert microphones in defendants' residences, covert video cameras in public locations and hotel rooms, and the monitoring of defendants' phone calls and e-mails. FBI agents covertly entered some of the defendants' residences and copied electronic media and took photographs there.

The alleged conspirators likewise are said to have made use of covert communication technology, specifically steganography, in which encrypted messages are concealed inside other data, and radiograms, coded messages sent by short wave radio.

Searches of defendants' residences uncovered software, allegedly provided by the SVR, that encrypted messages and concealed them in image files. The encryption code used by the steganography software was defeated because one of the defendants had written down the 27 character password. Following the recovery of this password in a clandestine 2005 search in New Jersey, the FBI was able to access protected files. Links to other Web sites containing image files with hidden messages were discovered in an electronic address book.

A search in Boston produced computer disks with deleted messages that proved to be recoverable by computer technicians. Other searches in Boston and Seattle provided evidence that the defendants were communicating using radiograms.

Money for the operation was allegedly provided by Russian government officials in the U.S. Investigators tracked one of the defendants in 2004 via a covert GPS tracking device as he drove to bury a bag of money provided by his handlers. Investigators subsequently found a package wrapped in duct tape buried beneath five inches of dirt, photographed the package, and re-buried it.

All of the defendants are charged with acting as an unauthorized agent of a foreign government, a charge that carries a maximum penalty of five years in prison. All but two are also charged with conspiracy to launder money, which carries a maximum 20-year sentence.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.