News of three arrests in Moscow may explain how intelligence agencies could be so certain it was the Russians who hacked the email of Hillary Clinton’s campaign and the Democratic National Committee.

Share story

WASHINGTON — Ever since U.S. intelligence agencies accused Russia of trying to influence the American election, there have been questions about the proof they had to support the accusation.

But news from Moscow may explain how the agencies could be so certain it was the Russians who hacked the email of Hillary Clinton’s campaign and the Democratic National Committee (DNC). Two Russian intelligence officers who worked on cyberoperations and a Russian computer-security expert have been arrested and charged with treason for allegedly providing information to the United States, according to multiple Russian news reports.

Russian media reports link the charges to the disclosure of the Russian role in attacks on state election boards, including the scanning of voter rolls in Arizona and Illinois, and do not mention the parallel attacks on the DNC and the email of John Podesta, Clinton’s campaign chairman.

But one current and one former U.S. official, speaking about the classified recruitments on condition of anonymity, confirmed that sources in Russia did play a crucial role in proving who was responsible for the hacking.

The former official said the agencies were initially reluctant to disclose their certainty about the Russian role for fear of setting off a mole hunt in Moscow.

The public disclosure of the arrests and the severity of the treason charge come at a delicate moment for President Trump. He has been loath to accept intelligence agencies’ conclusion that Russia tried to help him win.

The Russian role will loom over the conversation with President Vladimir Putin that Trump is scheduled to have Saturday since it was the Russian president whom James Clapper Jr., the former director of national intelligence, told Congress ordered the hacking and leaking.

One topic of the phone conversation is likely to be the sanctions the Obama administration imposed on Russia, including ones that were imposed in December in retaliation for the election hacking.

Steven Hall, a former CIA head of Russian operations, said it was “very tempting and certainly reasonable” to connect the arrests to the U.S. intelligence findings.

But he added a cautionary note: “The rule of law doesn’t apply in Russia, and they manipulate the law to do whatever they want to do. So what they call treason may not be what we call treason.”

Mark Galeotti, a Russia expert at the Institute of International Relations in Prague, noted that the intelligence agencies’ report on the hacking found with “high confidence” that Russia had carried out the election attack, which involved fake news stories and propaganda in addition to the hacks and leaks.

“It was always pretty obvious that they had more than just the computer evidence,” Galeotti said. “The arrests are a big deal.”

The arrests, according to reports by the Russian newspaper Kommersant and Novaya Gazeta, among others, were made in early December and amounted to a purge of the cyberwing of the FSB, the main Russian intelligence and security agency.

Those arrested included Sergei Mikhailov, a deputy director of the Center for Information Security, the agency’s computer-security arm, and Ruslan Stoyanov, a senior researcher at a prominent Russian computer-security company, Kaspersky Lab.

A nationalist publication, Tsargrad, and RBC, a respected business newspaper, identified on Friday a third suspect, Dmitry Dokuchayev.

Described as a former hacker who used the online pseudonym Forb, Dokuchayev had agreed to work for the FSB to avoid prosecution for credit-card fraud, a rampant crime in Russia.

The virtually simultaneous appearance of at least four prominent news reports on the arrests, citing numerous anonymous sources, suggested the normally opaque Russian government wanted the information out, though it was unclear why.

A prominent Russian criminal-defense lawyer on Friday confirmed that authorities in Moscow are prosecuting at least one computer-security expert for treason.

The confirmation by the Russian lawyer, Ivan Pavlov, in written answers to questions from The New York Times, came the closest to a formal acknowledgment of the arrests.

Pavlov declined to identify his client or elaborate on the reason for the indictment for “betraying the state,” punishable by up to 20 years in a penal colony.

The report in Novaya Gazeta said the FSB began the internal investigation after news-media reports that a U.S. cybersecurity company, ThreatConnect, had linked the election hacking to a Siberian server company.

That company, King Servers, was otherwise used largely for criminal and marginal computer activities, such as distributing pornography and counterfeit goods, by the admission of its owner.

The report said the investigation led to Mikhailov, a senior officer involved in tracking criminal computer activity in Russia.

The Russian Foreign Ministry has denied any role in the hacking.

ThreatConnect, the cybersecurity company that released the report about King Servers, said its analysis was based on information published by the FBI.

ThreatConnect declined to comment after the arrests in Moscow.