Shaltai Boltai

Shaltai Boltai

 * Meet Anonymous International, the hackers taking on the Kremlin - The Guardian, April 7, 2015
 * ''The tweeter is a member of Anonymous International, better known as Shaltai Boltai (Humpty Dumpty in Russian), arguably the most famous hacker group in the country after claiming responsibility for a series of high-profile leaks.
 * ''In the past two years, they’ve gained access to documents detailing the Russian state’s game plan for a supposedly “grassroots” demonstration in Moscow in support of its actions in Crimea; details about how the Kremlin prepared Crimea’s secessionist referendum; and private emails Russia’s prime minister Dmitry Medvedev Photograph: Astakhov Dmitry/Astakhov Dmitry/ITAR-TASS Photo/Corbisallegedly belonging to Igor Strelkov, who claims he played a key role in organising the pro-Russian insurgency in Donetsk, Ukraine.
 * ''The group also released documents about how Concord, a company owned by Kremlin-connected restaurant owner Evgeny Prigozhin, apparently coordinates an army of pro-Putin internet trolls through an outfit called the Internet Research Agency.
 * The Russian hackers taking on the Kremlin are named after Humpty Dumpty - Will Wright, Quartz, April 8, 2015
 * ''Anonymous International emerged at the end of 2013, when it published the full text of Vladimir Putin’s New Year’s national address a few hours before the speech was broadcast on television. Ever since, the group has busied itself with exposing the inner workings of certain political forces in Russia.
 * ''Anonymous International is widely known by the name that its “press office” goes by, Shaltai Boltai, which is the name nursery rhyme character Humpty Dumpty goes by in Russian.
 * ''The group publishes the leaks on its website, b0ltai.org. However, Russian media watchdog Roskomnadzor ordered access to the site blocked in July 2014, and it is accessible in Russia today only through a virtual private network or a mirror site. The group also tweets from the accounts @b0ltai, which is blocked in Russia, and @b0ltai2, a duplicate account that is still accessible in the country.
 * ''Intriguingly, Shaltai Boltai has been willing to speak about the group’s activities with journalists, although getting a face-to-face meeting often requires elaborate security measures. Meduza’s Daniil Turovsky had to travel to Thailand, for example, just to meet a Shaltai Boltai representative.
 * ''In Bangkok, one of the group’s members revealed new details about their operation to Turovsky: “You understand, Anonymous International isn’t my main job—it’s not our main job,” the member said. “We don’t do it all the time. Shaltai Boltai is a byproduct of other games. We do information technology security… Our work is gaining access [to information]. … We have a small circle of regular clients. It’s enough for us. Our prices start at around $30,000. I won’t say how high they go. We earn enough to live comfortably and to travel.”
 * Russian hacking group's 'last member at liberty' comes out of the shadows - Shaun Walker, The Guardian, February 9, 2017
 * ''Shaltai-Boltai, or Humpty Dumpty, terrorised Russian officials for nearly three years, combining hacking, leaking and extortion, while retaining an impenetrable cloak of anonymity. The group would post online samples of emails from officials they had hacked, and put the rest of the cache up for sale: the incriminating information could then either be bought back by the original sender, or snapped up by enemies.
 * ''But in mid-December, Shaltai-Boltai’s sardonic Twitter feed suddenly went quiet, and in late January Russian media claimed the group’s founder, named as Vladimir Anikeyev, had been arrested.
 * ''The case took on an extra layer of intrigue when it was reported that two of Russia’s top cybersecurity agents at the FSB had also been arrested, along with an expert from Russian cybersecurity firm Kaspersky Lab. Sources briefed Russian media outlets that the FSB security officers were accused of working for the CIA, and linked the case to Shaltai-Boltai.

Arrest of FSB officers

 * Консультант Лубянки завис в Лефортово - Kommersant, January 25, 2017
 * Центр информационной безопасности ФСБ
 * Kaspersky Lab’s top investigator reportedly arrested in treason probe - Dan Goodin, Ars Technica, January 25, 2017
 * Police Arrest Alleged U.S. Spy Working in Heart of Russian Cybersecurity - The Moscow Times, January 26, 2017
 * The ‘U.S. Spy’ Just Arrested in Russia Is Allegedly an Infamous Hacker, Too - The Moscow Times, January 26, 2017
 * ''Anonymous International has gained notoriety over the past several years for leaking private emails and other correspondence that has embarrassed public figures with ties to the Kremlin.
 * ''For more than three years now, the hacker collective Anonymous International has leaked documents embarrassing several prominent figures in Russian politics.
 * ''In December 2013, the group leaked an advance copy of Vladimir Putin’s New Year’s speech. In May the next year, it published emails revealing the political work of a company owned by Yevgeny Prigozhin, “the Kremlin’s caterer,” including evidence that he sponsors Russia’s infamous “Internet troll factory.” In September 2014, Anonymous International shared documents and emails showing how the Moscow mayor’s office frequently placed stories in the news media surreptitiously.
 * '' 2014, the group even released correspondence between Eurasianist philosopher Alexander Dugin, who heads Tsargrad TV, and Konstantin Malofeyev, the board chairman at Tsargrad TV.
 * ''In 2015, the hackers published emails and text messages stolen from Timur Prokopenko, a Kremlin official supposedly tasked with stymying the anti-Putin opposition, Alexander Zharov, the head of Russia’s state censor, and Natalya Timakova, Prime Minister Dmitry Medvedev’s press secretary. A year later, the group also targeted Dmitry Kiselyov, “the Kremlin’s chief propagandist,” and Aram Gabrelyanov, the owner of several pro-Kremlin tabloids and news outlets.
 * Russia’s FSB Cybersecurity Team Implodes - Prevendra, January 26, 2017
 * ''Let’s meet the individuals: Sergei Mikhailov, Ruslan Stoyanov, Andrei Gerasimov...
 * Top FSB Cybersecurity Specialist Arrested on Espionage and Treason Charges - nsnbc, January 26, 2017
 * ''Sergei Mikhailov, a top-cybersecurity specialist working at Russia’s Federal Security Service (FSB) was arrested on Wednesday, allegedly on suspicion of leaking information to U.S. intelligence services. Should the allegations be true, it would mean that the United States had succeeded at infiltrating the very center of Russia’s defense infrastructure.
 * String of Baffling Arrests Shakes Cyber Division of FSB - Recorded Future, January 27, 2017
 * One More FSB Agent Revealed as Notorious Hacker - nsnbc, January 27, 2017
 * ''Another one of the four Russian cyber-security experts who were arrested and charged with espionage and treason has reportedly turned out to be a notorious Russian hacker who went under the alias “Forb”.
 * A Shakeup in Russia’s Top Cybercrime Unit - KrebsOnSecurity, January 28, 2017
 * ''Both Fomenko and Vrublevsky deny this, but the accusations got me looking more deeply through my huge cache of leaked ChronoPay emails for any mention of Mikhaylov or Stoyanov — the cybercrime investigators arrested in Russia last week and charged with treason. I also looked because in phone interviews in 2011 Vrublevsky told me he suspected both men were responsible for leaking his company’s emails to me, to the FBI, and to Kimberly Zenz, a senior threat analyst who works for the security firm iDefense (now owned by Verisign).
 * ''In that conversation, Vrublevsky said he was convinced that Mikhaylov was taking information gathered by Russian government cybercrime investigators and feeding it to U.S. law enforcement and intelligence agencies and to Zenz. Vrublevsky told me then that if ever he could prove for certain Mikhaylov was involved in leaking incriminating data on ChronoPay, he would have someone “tear him a new asshole.”
 * Russia holds third man over US hack - Sorcha Faal Damien McElroy, The Sunday Times, January 29, 2017
 * ''The Kremlin has widened an apparent crackdown on high-level figures implicated in hacking the US presidential elections. Russian newspapers said last week that Dmitry Dokuchaev, a cyber-spy and former hacker, had been arrested on Kremlin orders. He was the third leading agent to be detained on treason charges since Russia’s interference in the 2016 campaign was exposed.
 * Moscow arrests third cyber spy in ongoing treason inquiry - Alexander Mercouris, The Duran, January 29, 2017
 * ''Quite possibly Mikhailov, Stoyanov and Dokuchaev are being arrested because they are named as informants in the classified 50 page report US intelligence provided to Barack Obama and Donald Trump in early January.
 * ''I have previously pointed out that because the existence of the report has been so widely publicised – so that Russian intelligence knows of its existence – and because copies of it have been so widely circulated to senior officials and other people in Washington, that all but guarantees that sooner or later Russian intelligence will get hold of a copy.
 * Russian media reports cyber spies charged with working for CIA - Alexander Mercouris, The Duran, January 31, 2017
 * Hackers In Epaulets: A Challenge To The Consensus on Russian Interference in the 2016 Election? - Paul Roderick Gregory, Forbes, March 27, 2017,

Connection to Shaltai Boltai?

 * How Russian Hackers Became a Kremlin Headache - Leonid Bershidsky, Bloomberg View, January 31, 2017
 * ''Quoting an unnamed source, Rosbalt claimed that last year, Mikhailov's unit was ordered to "work on" Shaltai Boltai. The FSB team reportedly uncovered the identities of the group's members -- but, instead of arresting and indicting them, Mikhailov's team tried to run the group, apparently for profit or political gain. According to the Rosbalt source, it was deemed that they'd gone too far after a Ukrainian website published the contents of the official mailbox that belonged to Putin adviser Vladislav Surkov. The Rosbalt leak identifies Anikeev as "Lewis," Shaltai Boltai's leader, and claims he was responsible for the Surkov hack.
 * ''The Russian leaks could be FSB red herrings. But the different pieces of evidence together point toward the Shaltai Boltai version of the arrests. That version is in line with how security agencies generally operate in Putin's Russia: Parallel to their official duties, officers often run private security operations involving blackmail and protection. If Mikhailov ran such a business out of the FSB's Information Security Center, he wouldn't stand out among his colleagues. But in the paranoid world of Putin's third presidential term, leaks of information to Ukraine and to the U.S. would have been impermissible.
 * FSB conducts special operation to take Shaltay-Boltay’s files from Ukraine - Crime Russia, June 28, 2017
 * ''The criminal case against Shaltay-Boltay founder Vladimir Anikeev has been sent to the Moscow City Court, reported Rosbalt
 * ''The investigators are currently working with two FSB officers: deputy head of the Information Security Center of the special service Sergey Mikhailov and his colleague, the senior operative of the 2nd department of Information Security Center and a former hacker Dmitry Dokuchaev. According to some reports, Mikhailov and Dokuchaev provided patronage for Shaltay-Boltay
 * ''The investigators are currently working with two FSB officers: deputy head of the Information Security Center of the special service Sergey Mikhailov and his colleague, the senior operative of the 2nd department of Information Security Center and a former hacker Dmitry Dokuchaev. According to some reports, Mikhailov and Dokuchaev provided patronage for Shaltay-Boltay

U.S. indictment

 * Most Wanted: Igor Anatolyevich Sushchin - FBI, March 15, 2017
 * Acting Assistant Attorney General Mary B. McCord Delivers Remarks at Press Conference Announcing Charges Against Russian FSB Officers and Their Criminal Conspirators for Hacking Yahoo - March 15, 2017
 * U.S. charges Russian spies, hackers in massive Yahoo hack - Reuters, March 15, 2017
 * ''The United States on Wednesday charged two Russian intelligence agents and two criminal hackers with masterminding the 2014 theft of 500 million Yahoo accounts, marking the first time the U.S. government has criminally charged Russian spies for cyber offenses.
 * ''"The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI’s point of contact in Moscow on cyber crime matters, is beyond the pale,” Acting Assistant Attorney General Mary McCord said at a press conference announcing the charges.
 * ''The indictment named the FSB officers involved as Dmitry Dokuchaev and his superior, Igor Sushchin, who are both in Russia.
 * U.S. Charges Russian Spies, Hackers in Yahoo Cyber-Attack - Fox Business, March 15, 2017
 * ''The Department of Justice said charges were filed against FSB officers Dmitry Dokuchaev and Igor Sushchin, who are accused of protecting and directing the alleged hackers behind the breach, Alexsey Belan and Karim Baratov. Belan has been on the FBI’s Cyber Most Wanted list since 2013.
 * ''“The indictment unequivocally shows the attacks on Yahoo were state-sponsored. We are deeply grateful to the FBI for investigating these crimes and the DOJ for bringing charges against those responsible,” Yahoo’s Chris Madsen, assistant general counsel and head of global law enforcement, security & safety, said Wednesday in a statement.
 * US Indicts Russian FSB Officers, Alleged Hackers for Yahoo Data Breach - Sputnik, March 15, 2017
 * ''A grand jury in the Northern District of California on Wednesday charged two officers of Russia’s FSB intelligence agency, Dmitry Dokuchaev and Igor Sushchin, and two alleged hackers Alexsey Belan and Karim Baratov, for computer hacking, economic espionage and other criminal offenses in connection with a conspiracy, beginning in January 2014, to access Yahoo’s network and the contents of webmail accounts.
 * ''The indictment marks the first US criminal cyber charges against Russian officials in history.
 * US charges two Russian spies and two hackers in Yahoo data breach - The Guardian, March 15, 2017
 * Huma Abedin Forwarded Top Secret Passwords To Yahoo Account Hacked By Russian With Odd Clinton Connection - ZeroHedge, January 2, 2017

Mueller indictment
The Mueller indictment claims the GRU hackers used the email address
 * Russian Intelligence Officers Mined Bitcoin To Fund Attacks Against U.S. Democracy - Bitcoinist, July 14, 2018
 * The tech jargon in Mueller’s Russian indictment, explained - Neel Mehta, The Journal Blog, July 14, 2018

Analysis

 * Was Yahoo a sanctioned FSB operation or a rogue operation? - Jeffrey Carr, March 16, 2017
 * The Moscow cyber-crime arrests and the Yahoo hack: was the same gang involved? - Alexander Mercouris, The Duran, March 17, 2017
 * A Brief History of the “Kremlin Trolls” - Scott Humor, The Saker, October 15, 2017
 * Why the Evidence Mueller Has for the Indicting 13 Russian Nationals is Fraudulent - George Eliason, OffGuardian, June 5, 2018
 * ''The flawed source for both investigators and journalists that know anything about the Russian troll factory in St. Petersburg, Russia is Shaltai Boltai. They are supposed to be connected to the GRU (Russian Military Intelligence).
 * Mueller Indictment Catches Ukraine - George Eliason, Washington's Blog, June 20, 2018 (mirror)
 * Fancy Bear Exposed-the People Behind the Hacking Group - George Eliason, Washington's Blog, June 12, 2018 (mirror)
 * The Daily Beast Agrees with Mueller Ukraine’s Fancy Bear Did it! - George Eliason, Washington's Blog, July 22, 2018 (mirror)
 * Cyberanalyst George Eliason Claims that the “Fancy Bear” Who Hacked the DNC Server is Ukrainian Intelligence – In League with the Atlantic Council and Crowdstrike - u/veganmark on Reddit, July 28, 2018

Alexander Glazastikov
Alexander Glazastikov is said to be the only Shaltai Boltai member not under arrest, living and giving interviews from Estonia (including interview to Sobchak, TV rain); some background also here. According to Glazastikov, the project started as political (anti-corruption, targeting goverment officials and oligarchs); however it became commercial, selling hacked information on auctions. Glazastiov earned around 100K US $ in 3 years on this project; total earnings said to be on scale of 2 millions. The project had no interests outside of Russia; however, Glazastikov is quoted saying that FSB had contacts with (presumed founder) Anikeev, telling him that they know about the group, do not plan to arrest anybody, but ask to share information before release. (Glazastikov stressed that he did not have direct contact with FSB himself). In interview to Sobchak, he cautiously suggested that perhaps their FSB contact was one of those arrested (Mikhailov?), and that perhaps this contact of theirs also did something to do with international/USA affairs, but it's just his guess based on what he read in mass media.

One of substantial leaks Glazastikov mentioned was about Prigozhin (he mentioned briefly that he had something to do with a troll factory, not really explaining; more details on their 'major scoops' were published in mass media (a bit boring, IMO) --Resup (talk) 01:12, 13 February 2017 (UTC)

Death of Oleg Erovinkin

 * Mystery death of ex-KGB chief linked to MI6 spy's dossier on Donald Trump - Robert Mendick, The Telegraph, January 27, 2017

Konstantin Kozlovskiy

 * Another Russian Hacker Claims He's The One Who Hacked The DNC - BuzzFeed, December 15, 2017
 * DNC’s Alleged Hacker’s Claims & Contradictions Raise Doubts In InfoSec Industry - Adam Carter, Disobedient Media, January 17, 2018

If this letter is his at all (text) (and faking something like this is cheap), it looks like a petty criminal trying to get transferred from a Russian prison to the one in USA/ the West. He lists stuff highly visible in the news (WADA, MH17, DNC+ atomic/hydro/steam power stations (like stuxnet virus in those in Iran's??? --he obviously has nothing to do with it) + highly topical names, Lugovoy, Magnitskiy). Actually, he explicitly claims DNC + fake news on Gorbachev death (and that was very cheap stint, just creating a fake account---like what maybe we have here. It appears to have SBU -level quality overall, or a petty criminal level maybe. There is no hint of any technical detail showing that he has skills or information he claims, only a headline-making plot line). Read it before Carter's piece and thought it's a fake; Carter adds more doubt. (Also noted, right page of the scan on buzzfeed has more text, and mentions that he was given a psychiatric evaluation 'despite adjudged sane', FWIW. ---That side is hard to read and margins are cut off so some guessing involved in reading.) --07:40, 23 January 2018 (UTC)

Arrests in Kharkov

 * Igor Mosiychuk on Telegram, December 7, 2019
 * ''⚡️⚡️⚡️ One of the current cabinet ministers of Ukraine is involved in the hacking attack on the Democratic National Committee and, in fact, in the past US presidential elections.
 * ''⚡️⚡️ It became known after yesterday's arrest of the SBU on a prompt request by the NSA of a group of hackers in Kharkiv and later during yesterday's meeting of the SBU Chairman Ivan Bakanov with a delegation of the NSA.
 * ''⚡️ Late in the evening, having waited for Vladimir Zelensky's speech to Savik Shuster, Ivan Bakanov reported to the President the current situation.
 * SBU detained those involved in hacking US Democratic Party servers - Mosiychuk - Ukraina.ru, DEcember 6, 2019
 * Ukraine SBU detains several involved in hacking the DNC servers - Scott Humor, December 9, 2019

Websites

 * https://b0ltai.org/