He sensed reports from just hours earlier, when a Ukrainian surveillance team said they were following Tank and had intelligence that the suspect had recently been home. None of this seemed likely.
Five people were detained in Ukraine that night, but when it comes to the Tank, for which the police were allegedly in charge of the operation, they left empty-handed. And none of the five people arrested in Ukraine remained in custody for long.
The operation in Ukraine – a two-year international effort to catch the biggest cybercriminals on the FBI radar – has gone to the sidelines. The tank escaped while under SBU surveillance, while other major players deftly avoided serious consequences for their crimes. Craig and his team were nervous.
But if the situation in Ukraine was frustrating, things were even worse in Russia, where the FBI had no one on the ground. The trust between the Americans and the Russians has never been very strong. Early in the investigation, the Russians waved the FBI off Slavik’s identity.
“They’re trying to push you away from the goal,” Craig says. “But we play those games knowing what will happen. We’re very loose with what we send them anyway, and even if you know something, try sending it to them to see if they’ll cooperate. And when they don’t – oh, that’s no surprise. “
Despite this, while the raids were taking place in Donetsk, the Americans hoped to call them from Russia in connection with the FSB raid on the Aqua residence, money laundering by Maxim Yakubets. Instead, there was silence.
The operation was a success – dozens of lower-level operators were arrested across Ukraine, the United States and the United Kingdom, including some of Tank’s personal friends who helped move stolen money outside England. But a maddening mix of corruption, rivalry and masonry left Operation Trident Breach without major goals.
“It came down to D-Day, and we got the ghost,” Craig says. “SBU tried to communicate with [the Russians]. The FBI telephoned the embassy in Moscow. It was complete silence. We ended the operation anyway, without the FSB. It was a month of silence. Nothing. ”
Not everyone drives a SBU BMW.
After the raids, some Ukrainian officials, who were dissatisfied with corruption and information leaks within the country’s security services, concluded that the raid in Donetsk in 2010 against Tank and the crew of Jabber Zeus failed due to a report by corrupt SBU officer Alexander Khodakovsky.
At the time, Khodakovsky was the head of the SBU special unit in Donetsk known as the Alpha Team. It was the same group that led the attacks on Trident Breach. He also helped coordinate law enforcement across the region, which allowed him to tell suspects in advance to prepare for a search or destroy evidence, according to a former SBU officer who spoke anonymously with the MIT Technology Review.
When Russia and Ukraine went to war in 2014, Khodakovsky defected. He became a leader in the self-proclaimed Donetsk People’s Republic, which NATO says receives financial and military assistance from Moscow.
However, the problem was not just one corrupt police officer. The Ukrainian investigation – and legal proceedings against – Tanka and his crew continued after the raids. But they were treated carefully to ensure he remained at large, a former SBU officer explains.
“Through his corrupt connections among the SBU leadership, Tank agreed that all further legal proceedings against him would be conducted by the SBU field office in Donetsk instead of the SBU headquarters in Kiev, and eventually managed to suspend the case there,” the former said. a policeman. The SBU, FBI and FSB did not respond to requests for comment.
The tank turned out to be deeply entangled with Ukrainian officials linked to the Russian government – including former Ukrainian President Viktor Yanukovych, who was ousted in 2014.
Yanukovych’s youngest son Viktor Jr. was the godfather of Tank’s daughter. Yanukovych Jr. died in 2015 when his Volkswagen minivan fell through the ice on a lake in Russia, and his father remains in exile after a Ukrainian court convicted him of treason.
When Yanukovych fled to the east, Tank moved west to Kiev, where he is believed to represent some of the former president’s interests, along with his own business ventures.
“Through this connection to the president’s family, Tank has managed to develop corrupt connections at the highest levels of the Ukrainian government, including law enforcement,” the SBU official explains.
Since Yanukovych was overthrown, Ukraine’s new leadership has turned more decisively to the West.
“The reality is that corruption is a major challenge to stop cybercrime and can climb quite high,” Passwaters says. “But after more than 10 years of working with Ukrainians in the fight against cybercrime, I can say that there are a lot of really good people in the trenches working silently on the right side of this fight. They are key. “
Warmer relations with Washington were a major catalyst for the ongoing war in eastern Ukraine. Now, as Kiev tries to join NATO, one of the conditions of membership is the elimination of corruption. The country has recently been cooperating with Americans on cybercrime investigations to an extent that would have been unthinkable in 2010. But corruption remains widespread.
“Ukraine has become increasingly active in the fight against cybercrime in recent years,” said a former SBU official. “But only when we see that criminals are really punished, I would say that the situation has basically changed. We now very often see stunts in public relations that do not result in the cessation of cybercriminals. Announcing some removals, conducting some searches, but letting everyone involved and letting them continue working is not the right way to fight cybercrime. “
And Tank’s ties to the government have not disappeared. Involved in the powerful Yanukovych family, which itself is closely connected with Russia, he remains free.
A threatening threat
On June 23, the head of the FSB was Alexander Bortnikov quoted as he said his agency would work with the Americans to find the criminal hackers. It didn’t take long for two specific Russian names to appear.
Even after raids in 2010 took away much of his business, Bogachev was still a prominent cybercrime entrepreneur. He put together a new crime chain called the Business Club; he soon grew into a behemoth, stealing more than $ 100 million shared among its members. The group went from hacking bank accounts to setting up some of the first modern ransomware, with a tool called CryptoLocker, by 2013. Once again, Bogachev was at the center the evolution of a new type of cybercrime.
At about the same time, researchers from the Dutch cybersecurity company Fox-IT, who closely observed Bogach’s malware, saw that he was not just attacking random targets. The malware also quietly sought information about military services, intelligence agencies and police in countries including Georgia, Turkey, Syria and Ukraine – Russia’s close neighbors and geopolitical rivals. It became clear that he was not only working from Russia, but also his own malware actually chasing intelligence on behalf of Moscow.