Ukrainian IT specialist faces criminal charges after exposing Security Service corruption
Less than two months after a raid by the SBU [Security Service] on Ukraine’s main investment bank aroused huge furor, the SBU has again positioned itself firmly in the firing line. They stand accused of corruption and lying, and have only added to the negative publicity by declaring one of those making the allegations on the wanted list, claiming falsely that he has fled to Russia. Although the formal announcement of charges against Mykailo Yakhymovych and Volodymyr Vyazmitin came a few weeks after Yakhymovych’s allegations of SBU corruption, the SBU has had its eye on him and his company since the second half of 2016.
Yakhymovych founded Stakhanovets in Donetsk in 2009. Since 2014, Stakhanovets has become a separate Russian-based company, while Yakhymovych is fully in charge of the Ukraine-based company Mirobase. According to the latter’s official website, “Mirobase analyses activity and determines staff’s efficiency, detects business risks and blocks confidential information leakage”. It is the Ukrainian equivalent of the American ObserveIT, an insider threat management software company, whose services include employee and user activity monitoring, behavioural analytics and other.
The SBU has decided that this constitutes a ‘special technical means’, with the sale or use of such supposedly illicit devices, etc. for intercepting or obtaining information having been criminalized in 2010. On September 22, 2017, Ukraine’s Cabinet of Ministers adopted a resolution which makes it possible to classify software as a ‘special technical means’.
In August-September 2016, Yakhymovych himself and the Mirobase offices were subjected to a search, with criminal proceedings being launched under Article 359 § 2 of the Ukrainian Criminal Code (on the use of special technical means). Yakhymovych says that he visited the SBU a couple of times, explaining why the accusation was wrong, and why his product provides only internal monitoring, authorized by the client with no information able to be leaked or passed to any third party. He has since posted copies of independent assessments from reputable institutions which confirm that the SBU’s accusations are unwarranted, and has explained in detail how even the SBU’s own analysis effectively backs the key principle that there is no way information can be passed to unauthorized computers.
He says that nothing more was heard until the high-profile raids on a number of companies in Kyiv on April 26, 2017, including Dragon Capital, one of Ukraine’s largest investment banks. The news of that raid was reported by Reuters, and Ukraine’s Prime Minister Volodymyr Groysman made his consternation known, stating that such measures “do not help the investment climate”. Probably as a result, the SBU did not take equipment away, though Dragon Capital stated that the warrant had been to remove equipment, allegedly over the illegal use of software with links to the Russian Security Service [FSB] and Intelligence Service.
The following day, Oleksandr Tkachuk from the SBU claimed that the searches in 8 companies, including Dragon Capital, had uncovered “illegal Russian-produced spyware”, namely the Stakhanovets program. He asserted that Stakhanovets enabled remote control of all computers where it is installed without the client’s knowledge, and called on Ukrainians to reject all such programs. He claimed that such software was passing on information to the FSB.
Yakhymovych immediately issued a denial and blistering attack on the SBU. He said that no information is passed outside the specific network of computers in a given company and that all information is kept in a safely encrypted database.
He suggested that the claims about the FSB were a devious attempt to excuse the fiasco of the SBU’s raids on the largest Ukrainian investment bank and biggest gas company, and said that he would be suing Tkachuk for defamation.
He has since posted a three-part expose of the SBU’s actions. The first, if indeed true, is disturbing, and involves a former volunteer fighter, renowned for his courage at Ilovaisk and help hostage by the Kremlin-backed militants in Donetsk. Maxim Avramenko was an IT-specialist before he joined the volunteer Donetsk Battalion, and after his release, Yakhymovych offered him work. It was he who was sent to an apparent new client who supposedly needed a consultant when setting up the Mirobase software on newly purchased computers. Avramenko arrived to find the computers still unpacked. He was told that he needed to set them up himself and then install the software. He explained that he could not do this since the software must be installed by those who have purchased the licence and will have control over the network. He also phoned Yakhymovych, quietly telling him that the people felt to him like undercover Security Service officials. Yakhymovych writes that he instructed Avramenko to leave, after telling the men that the money already paid for the software would be returned. The men, including the person who had originally arranged the purchase and identified himself only as Roman, refused to let Avramenko go until he did what they asked.
The entire story was clearly an SBU set-up, to obtain so-called evidence. It is significant that Roman had asked for Stakhanovets software, under the brand in Russia, although the same software was available in Ukraine under the tradename Mirobase. Avramenko, a war hero, who had spent four months in militant captivity was effectively held prisoner for 8 hours by Ukraine’s SBU. Yakhymovych has posted part of Avramenko’s testimony with the entire account, he says, to be provided in court.
After a second part in which Yakhymovych demolishes the SBU’s allegations regarding ‘special technical means’ and demonstrates assessments which confirm this, a third section was posted on May 17. This gives an account of the history behind the appearance of Article 359 of the Criminal Code, with Yakhymovych suggesting that the criminalization of so-called ‘special technical means’ opened huge possibilities for SBU corruption. Any cheap Chinese pendant or trinket with a microphone, or video, any GPS tracker can be labelled a special technical means and treated as illegal. It is the SBU who make a final decision as to whether a device is a specific technical means, with the method by which they decide classified as secret.
Since punishment ranges from a fine to seven years’ imprisonment, the sheer threat of such criminal prosecutions provided rich pickings for corrupt officials. Nor is it only Yakhymovych who reports such illicit dealings, although the expose on the Miribase site is specific in naming names, such as Roman Yatskevych and Oleksandr Klymchuk. Their role in the specific department under ex-President Viktor Yanukovych has not proven an impediment to their career advancement under the new administration.
Article 359 may be the root of the problem, he adds, but it is an instrument which is made use of by specific people working in their own interests. His May 17 article puts forward three possible explanations as to who is behind the latest attacks.
The announcement that Yakhymovych and Vyazmitin had been placed on the wanted list was made on June 12. It was claimed that both men were in Russia, under the protection of the FSB. Yakhymovych has dismissed this as a lie, and says that he in Georgia where he is developing his business, though he certainly acknowledges that he left Ukraine because of the pressure being placed on him and his business.
Yakhymovych’s frustration is easy to understand. He was running a flourishing business with the only Ukrainian product surviving in a highly competitive market. There are clearly clients for such internationally accepted products. The western equivalents, like ObserveIT are significantly more expensive, with Russian products inappropriate, he says himself, “for reasons that are clear”. It is doubtless no accident that a Ukrainian company has been working independently since 2014, the first year of Russia’s openly military aggression. It is a company, incidentally, with staff like Maxim Avramenko, whose patriotism and sacrifice for Ukraine no one would question.
Yakhymovych’s assessment is chillingly blunt: “The SBU use the wording “links with the FSB” to get court search warrants. The SBU’s main business is in searches. You can remove a lot during searches, a lot that’s valuable for companies and for people. Then you bargain and extract money to get the things back”.
Yakhymovych is in no doubt that the new accusations arose because he exposed corrupt dealings. It takes only a matter of minutes on Google to find that he is not alone in alleging widespread abuse of Article 359 and corrupt dealings in general. Try looking under Служба Брелков Украины – the initials are also SBU, but instead of the Security Service of Ukraine, it is dubbed the Trinket Service, with these having provided a steady source of illicit income for corrupt officials. It is especially frustrating that the Cabinet of Ministers should have gone along with this and helped the SBU to criminalize software at its own discretion and for its own questionable motives.