Cryptographers from military units: what we know about the accused Russian hackers

The Bell

An official accusation of hacking the DNC directed at alleged hackers from Russian military intelligence threatens the upcoming summit between Vladimir Putin and Donald Trump in Helsinki. 12 employees of the GRU, Russia’s most secretive intelligence service, have been indicted for hacking. We uncovered everything that is known about these 12 in Russia.

What we know about the accused

  • The GRU is one of the most secretive Russian intelligence services, and information regarding its employees it classified top secret and almost non-existent in Russian public sources.
  • It is therefore even more surprising that Robert Mueller’s team was able to uncover not only the technical details of the hack and the hackers’ pseudonyms, but also the real first and last names of the GRU agents. The Bell published at the end of last year an investigation looking into whether the former senior officer in the FSB’s center for information security, Sergey Mikhailov, might have been implicated in leaking information related to the DNC hacking attacks. Mikhailov was arrested in December 2016 on charges of treason.
  • The only one of the accused who appears in Russian databases is Viktor Borisovich Netyksho. According to the SPARK-Interfax database, a person with that name was commander of the Moscow military unit No. 26165 between 2013 and 2018. In 2003, Netyksho received his Master’s degree in technical sciences and defended his dissertation on the topic of “Mathematical and program support of computers, complexes and computer networks”.
  • A full namesake of another accused, Boris Alexseevich Antonov, holds a patent awarded in 1995 for methods or devices for processing explosives. But, this first and last name are very common.
  • There is also no official information about the military units No. 26165 and No. 74455 which have been officially accused. But, based on the scarce indirect data, these appear to be cryptographic divisions of the GRU.

More scoops and weekly analyics on Russia in The Bell newsletter. Subscribe now!

  • The military unit no. 26165 is registered at the address, Komsomolsky Prospekt 20, Moscow. In the Soviet times, the GRU decryption service was located at the same address. This service was engaged in the cryptanalysis of intercepted encrypted messages. Unit no. 26165 was also mentioned in the investigation by the Russian publication, The Insider. A GRU employee, Georgy Roshka, served in this division which was allegedly implicated in hacking French president Emmanuel Macron’s email.
  • There is even less information about military unit No. 74455. The only thing that The Bell was able to learn was that the head of one of the unit’s divisions is a professor of the Faculty of Special IT of the Academy of Military-Airborne Forces, Mikhail Eremeev. Eremeev is the co-author of a book on cryptography and the author of scientific publications about encryption algorithms.

The Russian reaction

The Kremlin still has not officially commented on the indictments. But one and a half hours after the charges were announced, Vladimir Putin’s foreign policy advisor, Yury Ushakov, while speaking with journalists about the details of the summit, casually declared that there is unlikely to be a joint statement from the two presidents at the end of the summit. Of course, Ushakov didn’t tie this to the U.S. indictments. This means that the formal outcome of the summit will be even less important than the outcome of the meeting between Trump and Kim Jong-un — after their summit, a joint statement was published.

Peter Mironenko, Anastasia Yakoreva


The Bell's Newsletter

An inside look at the Russian economy and politics. Exclusively in your inbox every week.