Hacking email accounts of former and current Russian officials, as well as their relatives, can reveal some very interesting facts to the general public. No discussions about the moral here, we are not going to bandy about their personal life. Something different is of interest here — writes Hanna Braun.
Suspicious cash inflows to a Cyprus bank account
Thus, another hacker attack reported by the Ukrainian media (https://www.dialog.ua/ukraine/257172_1660571800 ) made 5 TB archive of emails available to the public.
Many of the studied documents are of no interest, others have yet to be analyzed. Among those that have been already reviewed, the bank statement of a relative of a former high-ranking official of the Russian Federation, Valery Nikolaevich Shnyakin, is worth our attention. We got the archive letters of Oleg Vyacheslavovich Smirnov — that’s the name of the son-in-law (daughter’s husband). For moral reasons, we will not provide access to the received archive.
Valery Shnyakin is a retired businessman today. He began his career in the USSR State Security Committee, and then, at the peak of his political career, he held the position of a senator in the Federation Council Defense and Security Committee. We will not go into all the details of his biography, it is available in the public domain.
Among the letters, we managed to find information about Oleg Smirnov’s personal account at Bank of Cyprus, namely a bank statement. That’s what drew our attention. The frequency and repeatability of payments from the same company over a whole month seemed strange. Starting from October 2021, you can clearly see daily receipts to the account from Eden Springs & Law Chambers. Payments are broken into tranches, 10,000 euros each. There are 16 of them for a total amount of 160,000 euros. Then we started searching for information about Eden Springs & Law Chambers, which was not publicly available, but it became clear that this was a typical offshore company.
To check what Eden Springs & Law Chambers deals with, we used the data from several largest leaks of documents about offshore companies. The necessary information was found in The Pandora Papers leak published on October 3, 2021 by the International Consortium of Investigative Journalists (ICIJ) https://www.icij.org/investigations/pandora-papers/.
Eden Springs & Law Chambers, from which, judging by the bank statement, Oleg Smirnov received money transfers, is an offshore company located in the British Virgin Islands at the address British Virgin Islands, 24 DeCastro Street, P.O. Box 961, Road Town, Tortola.
It was found out that the company operating under the jurisdiction of the British Virgin Islands provides outsourcing services of a legal nature, and also deals with trademark registration. The list of activities is quite extensive. However, it was not possible to find any information that the company really has a staff of specialists to provide outsourcing services. But the list of its clients who receive its services sparked our interest. Among them, there are many companies registered in Africa. But the buyer of consulting services from London really stands out, that is FloLive Company, which offers solutions for network connectivity and cybersecurity for enterprises. The company specializes in the IoT (Internet of things).
According to the data found, Forensic News has carried out an exhaustive investigation about FloLive (https://forensicnews.net/the-covert-reach-of-nso-group), which shows that the company has all signs of being a cover for hackers and private spies behind Circles.
The investigation says:
«Exclusively obtained business documents from the small island show that, in 2014, Circles and FloLive’s Cyprus branch were owned by the same entity in another nation known for its corporate secrecy – the British Virgin Islands. The documents confirm that Flo Live Cy and CS – Circles Solutions were both owned by Global Seven Group LP. The strict laws in the British Virgin Islands make it next-to-impossible to determine who holds the shares of Global Seven Group, though the Limited Partnership appears in 2014 and 2015 shareholder meetings in Luxembourg alongside NSO Group officials and entities».
In this context, NSO Group is quite noteworthy, which, according to the investigation of Forensic News, is associated with FloLive. NSO Group Technologies, according to some reports (https://www.nytimes.com/2022/01/28/magazine/nso-group-israel-spyware.html ), is associated with Israeli intelligence, the Mossad.
Price of Betrayal
The obtained data seemed interesting. Is the former high-level Russian official somehow connected with the intelligence of a foreign state? For more information, we talked to our source close to the Mossad. He reported the following:
«Valery Shnyakin was really interested in cooperation. In September 2021, he visited Cyprus, where he met an old colleague in intelligence. During their rest, they agreed that Shnyakin would provide information about high-level officials close to Russian President Vladimir Putin for money. In fact, those officials were his friends. He sold phone numbers that had not been noticed anywhere before, as well as e-mail addresses and places of residence. In addition to the phone numbers, he offered MUDs and LUDs for 6 months. That’s all I can say.»
As far as we know, Valery Shnyakin really had a trip to Larnaca (Cyprus) — we managed to find out the flight number and departure date — September 15, 2021 at 7:30 a.m. flight SU-2074 from Sheremetyevo. He returned to Russia on October 6. During the same period, we managed to find a confirmation of Oleg Smirnov’s stay on the island. He stayed in Cyprus from October 1 to October 8, 2021. Judging by the bank statement, Oleg Smirnov opened an account with the Bank of Cyprus on October 4, and the first payment was received on October 8.
10,000 euros for a friend’s phone number
If we compare all the information received, it becomes clear that Valery Shnyakin sold phone numbers and other important information about Russian officials through the bank account of his son-in-law Oleg Smirnov. According to the bank statement, one such contact cost 10,000 euros. At least 16 phone numbers were sold.
In the future, these contacts could be used to recruit officials close to President Putin who were dissatisfied with the state of affairs in the country. However, it is more likely, given the specifics of NSO Group Technologies, that phone numbers were used for subsequent remote hacking using Pegasus software. According to security researchers and NSO marketing materials, Pegasus can collect social media posts, call recordings, user passwords, emails, contact lists, sound recordings, images, videos, and browsing history. And this is far from the limit of its possibilities. Pegasus can activate cameras or microphones, receive current location data and collect travel history.
It is noteworthy that the Pegasus spyware does not even require a user to click on the link to get their phone hacked. «Zero-click exploits» are used. Such vulnerabilities do not require any user involvement in order for Pegasus to infect the device. Zero-click exploits rely on vulnerabilities of popular applications such as Viber, Gmail, Facebook, Facetime, WeChat, WhatsApp, Telegram, embedded messengers, Apple mail, and others. As soon as the vulnerability is detected, Pegasus penetrates the phone using the application protocol. To get it done, the user does not need to click on the link, read the message or answer the call. The software features are covered in more detail in the material of the Organized Crime and Corruption Reporting Project Resource Center (OCCRP) https://www.occrp.org/en/the-pegasus-project/how-does-pegasus-work .
No smartphones are protected from hacking. Thus, Citizen Lab of the University of Toronto approved the methodology of the forensic medical examination of the Amnesty International Security Laboratory and on July 18, 2021 published the findings demonstrating the vulnerability (https://citizenlab.ca/2021/07/amnesty-peer-review) of iPhone 12, which called into question Apple’s reputation for superior security compared to its leading competitors.