He had thought of the reports a few hours earlier, when the Ukrainian surveillance team said they were following Tank and were aware that the suspect had been at home recently. None of this seemed credible.
Five people were detained in Ukraine that night, but when it came to Tank, which police said was in charge of the operation, they left empty-handed. And none of the five people arrested in Ukraine have been in custody for long.
In a way, the operation in Ukraine – a two-year international effort to capture the biggest cybercriminals on the FBI’s radar – had gone sideways. Tank had escaped while under SBU surveillance, while the other major players deftly avoided serious consequences for their crimes. Craig and his team were livid.
But if the situation in Ukraine was frustrating, things were even worse in Russia, where the FBI had no one on the ground. The trust between the Americans and the Russians had never been very strong. At the beginning of the investigation, the Russians had waved to the FBI about Slavik’s identity.
“They try to push you out of focus,” Craig says. “But we play these games knowing what will happen. We’re very loose with what we send them anyway, and even if you know something, try to push them to see if they cooperate. And when they don’t – oh, no surprise.” .
Despite this, while the raids are taking place in Donetsk, the Americans have hoped that they will receive a call from Russia for an FSB raid on the residence of Aqua, the money launderer Maksim Yakubets. Instead, there was silence.
The operation was successful – dozens of lower-level operators were arrested in Ukraine, the United States and the United Kingdom, as well as some of Tank’s personal friends who helped him. move the stolen money outside England. But an injurious mix of corruption, rivalry and scrutiny had left Operation Trident Breach without its main objectives.
“It fell on D-Day, and we were ghosted,” Craig says. “The SBU tried to communicate with me [the Russians]. The FBI made phone calls to the embassy in Moscow. It was a complete silence. We ended up doing the operation though, without the FSB. They were months of silence. Nothing. “
Not everyone in SBU drives a BMW.
Following the incursion, some Ukrainian officials, who were dissatisfied with the corruption and losses incurred in the country’s security services, concluded that the 2010 Donetsk incursion against Tank and its crew Jabber Zeus has failed because of a suggestion from a corrupt SBU officer named Alexander Khodakovsky.
At the time, Khodakovsky was the head of an SBU SWAT unit in Donetsk known as Team Alpha. It’s the same group that led the raids for Trident Breach. He also helped coordinate law enforcement across the region, which allowed him to tell suspects in advance to prepare for investigations or destroy evidence, according to the former SBU official who spoke to MIT Technology Review anonymously.
When Russia and Ukraine went to war in 2014, Khodakovsky failed. He became a leader in the self-proclaimed Donetsk People’s Republic, which NATO says receives financial and military aid from Moscow.
The problem wasn’t just a corrupt officer. The Ukrainian investigation into anti-Tank legal proceedings and his team continued after the raids. But they were treated with care to make sure he was free, explains the former SBU official.
“Through his corrupt links between the management of SBU, Tank arranged for all legal proceedings against him to be conducted by the SBU Donetsk field office instead of the SBU HQ in Kyiv, and finally managed to do so. stop the case here, ”says the former officer. The SBU, the FBI and the FSB did not respond to requests for comment.
Tank, it emerged, was deeply involved with Ukrainian officials linked to the Russian government, including former Ukrainian President Viktor Yanukovych, who was ousted in 2014.
Yanukovych’s youngest son, Viktor Jr., was the godfather of Tank’s daughter. Yanukovych Jr. he died in 2015 when his Volkswagen minivan crashed across the ice onto a lake in Russia, and his father remains in exile after being convicted of treason by a Ukrainian court.
When Yanukovych fled east, Tank moved west to Kyiv, where he is believed to represent some of the former president’s interests, including his own businesses.
“Through this partnership with the president’s family, Tank has been able to develop corrupt ties at the highest levels of the Ukrainian government, including law enforcement,” the SBU office explained.
Since Yanukovych was ousted, Ukraine’s new direction has turned more decisively toward the West.
“The reality is that corruption is a major challenge to stop cybercrime, and it can go up quite high,” Passwaters says. “But after more than 10 years working with Ukrainians to fight cybercrime, I can say that there are some really brave people in the trenches working quietly on the right side of this fight. They are key.”
Warmer relations with Washington have been a major catalyst for the ongoing war in eastern Ukraine. Now, when Kyiv seeks to join NATO, one of the conditions of accession is to eliminate corruption. Lately the country has been cooperating with Americans on cybercrime investigations to a degree that would not have been imaginable in 2010. But corruption is still widespread.
“Ukraine in general is more active in the fight against cybercrime in recent years,” says the former SBU official. “But only when we see that criminals are really punished will I say that the situation has changed at its root. Now, we very often see public relations stunts that do not lead to cybercriminals ceasing their activities. Announce some eliminations, leading to some research, but then releasing all those involved and letting it continue to operate is not a proper way to tackle cybercrime. ”
And Tank’s ties to power are not gone. Invented by the powerful Yanukovych family, which is itself closely aligned with Russia, it remains free.
An imminent threat
On June 23, Alexander Bortnikov, head of the FSB, was cited as saying his agency would work with Americans to track down criminal pirates. It didn’t take long to come up with two particular Russian names.
Even after the 2010 raids took over a large part of his business, Bogachev continued to be a major cybercrime entrepreneur. He put together a new criminal ring called Business Club; it soon became a behemoth, stealing more than $ 100 million that was shared among its members. The group moved from hacking bank accounts to distributing some of the first modern ransomware, using a tool called CryptoLocker, from 2013. Once again, Bogachev was at the center of the evolution of a new type of cybercrime.
At the same time, researchers at the Dutch cybersecurity company Fox-IT who were closely monitoring Bogachev’s malware saw that it was not just about attacking targets at random. The malware also quietly sought information on military services, intelligence agencies and the police in countries including Georgia, Turkey, Syria and Ukraine – close neighbors and geopolitical rivals in Russia. It became clear that he was working not only from Russia, but his malware actually hunted for intelligence on behalf of Moscow.