Group-IB’s Ilya Sachkov arrested on treason charge

The Bell

Ilya Sachkov, founder of one of Russia’s biggest IT companies, was arrested Wednesday in Moscow. The 35-year-old businessman is accused of treason, which carries a potential 20-year prison term. As the case is classified, there is little public information and several theories are circulating about why such a prominent figure ended up behind bars.

  • Sachkov, the CEO of Group-IB, is accused of giving data that includes Russian state secrets to foreign intelligence agencies, a source told state news agency TASS. The source said the security breach involved the security services of several different countries and that counter-intelligence operatives from the Federal Security Service (FSB) were working on the investigation. Group-IB declined to answer questions, issuing nothing more than a statement protesting Sachkov’s innocence. Sachkov reportedly denies the charges.
  • The most popular theory for Sachkov’s arrest is one that links him to a high-profile treason case against Col. Sergei Mikhailov, the former deputy head of the FSB’s Information Security Center (TsIB). Mikhailov was jailed for 22 years in 2019.
  • Much about the Mikhailov case still remains unclear. But various sources told The Bell at the time that Mikhailov and three other defendants – Mikhailov’s former deputy Dmitry Dokuchayev, a senior manager at cyber-security firm Kaspersky Lab Ruslan Stoyanov and shadowy businessman Georgy Fomchenkov – identified Russian hackers implicated in the cyber-attack on the servers of the Democratic National Committee prior to the 2016 U.S. presidential election and passed this information to U.S. intelligence. In addition, Kommersant reported that Mikhailov and his co-defendants received $10 million for giving U.S. law enforcement information in a case against Pavel Vrublevsky, the founder of Russian payments company Chronopay, who was accused of cyber-crimes.
  • Sachkov was a witness for the prosecution in the Mikhailov case. According to Mikhailov’s lawyer Ruslan Golenkov, the Group-IB founder “gave false testimony that led investigators to believe Mikhailov was guilty of treason”.
  • Later, it emerged that Sachkov was indirectly involved in another U.S. cyber-crime case: that of Nikita Kislitsin, head of Group-IB department of network security. Kislitsin was indicted by a U.S. grand jury in 2014 on cyber-crime charges related to the sale of data stolen from users of the Formspring social network. Group-IB denied that its employee was involved in any hacking activities.
  • The U.S. Justice Department last year unsealed a 2014 indictment of Kislitsin and it emerged that, in order to avoid a jail sentence, Kislitsin had struck a deal with the U.S. authorities — testifying against several acquaintances (including Dokuchayev, who later featured in the Mikhailov case and, at the time, was working at the FSB). At the same time, Kislitsin stressed that Sachkov had agreed to the disclosure of this information to the FBI.
  • But there are also different explanations for Sachkov’s arrest that do not involve U.S. election hacking. A cyber-security source quoted by media outlet Forbes suggested that Sachkov was accused of treason because of information released by Group-IB to an Interpol investigation. “Someone asks you to share the results of an investigation, you hand over the data and it turns out that buried in there is something that should not be seen by others. Anyone could make a mistake like that and given the way Ilya picked fights with everyone, somebody might draw attention to that mistake,” the source said.
  • Another version for Sachkov’s arrest was given by another source quoted by Forbes  who suggested it might be part of an investigation into Vladislav Klyushin, the influential owner of cyber-security consultancy M13, who was arrested in Switzerland in March. Media reports suggested Klyushin is suspected of industrial espionage and insider trading.
  • A final theory was laid out by sources quoted by RBC who speculated the Sachkov arrest was linked to recent U.S. sanctions against the SUEX cryptocurrency exchange, which the authorities suspect of financing hackers. According to one RBC source, Sachkov has long “watched” the cyber-criminals linked to SUEX.

Why the world should care: Sachkov’s arrest is worrying news for the cyber-security sector and Russian business more broadly. Despite the myriad of different theories, it’s highly unlikely we will ever discover the details of the charges he is facing. Treason cases in Russia — particularly when they involve cyber-security issues and the FSB — tend to remain shrouded in mystery.


Support The Bell!

The Bell's Newsletter

An inside look at the Russian economy and politics. Exclusively in your inbox every week.