Over the past year, cases of pressure from the Security Service of Ukraine (SBU) and searches of IT companies have increased. Their founders have been charged with distributing pornography, copyright infringement, tax evasion, and even supporting separatists and terrorists. During these searches, often conducted by SBU officers, all the companies' equipment was indiscriminately seized and often never returned to their owners.
However, according to statistics in the court records, not a single verdict has been issued against IT company employees. Business owners who fell victim to the SBU's arbitrary actions claim that the security forces simply wanted to seize their businesses, or that the SBU was simply fulfilling orders from competitors. The latest high-profile scandal in the IT market concerns the company "Adamant." SBU officers, along with the "Alpha" unit, staged a sham performance at the company's central office. The pretext for the forcible takeover was far-fetched: an Adamant-Telecom client is allegedly suspected of participating in an international hacker group. Meanwhile, security forces attempted to remove all of the company's equipment. The company, which also services many government agencies, including the Presidential Administration, the Prosecutor General's Office, and even the State Special Communications Service, could have had any effect. One can only guess at the consequences of shutting down and confiscating such equipment. Sources claim that the odious SBU officers Nikolai Valerievich Kuleshov and Pavel Nikolaevich Lavrik are behind the "Adamant" story.
The IT services market has been in turmoil for the past year. There are regular reports of SBU officers and other law enforcement agencies raiding companies, often without even a warrant or an open criminal case. SBU officers typically seize company equipment under the ostensible pretext of obtaining customer information. According to Dmitry Gadomsky, a lawyer and partner in the IT and media law practice at Juscutum, he hasn't found a single verdict against IT company employees in the court records. As the lawyer put it, law enforcement agencies are attempting to profit from a business sector that generates income for its owners.
Even open-source information shows that IT services company owners are being vigorously shaken down. For example, SBU officers seized servers at the 24nonstop payment terminal network. The reason for the search was a court ruling based on an open criminal case for terrorist financing. The network of 7,5 terminals stopped working, and 20 million hryvnias of user funds were frozen. According to official information, the network's terminals allegedly operated in the "DPR" and "LPR" after the National Bank of Ukraine (NBU) banned operations in the occupied territories. Company CEO Oleh Tsymbal denies this information. He claims that IT Finance dealers were indeed providing illegal financial services in the "republics" without the network's permission. However, as soon as SBU officers reported this violation, they were immediately disconnected from the system. Meanwhile, the criminal case dates back to July 4, 2014, while the official NBU ban cited by security officials dates back only to August 6. This means that at the time the criminal case was opened, even if the network's terminals were operating in the "republics," the company was legally in compliance. Tsymbal noted that the SBU still has the servers; they could simply verify the information that the company hasn't operated in the occupied territories for over a year and hasn't received any money from there. He claimed the SBU is engaging in lawlessness.
"If IT companies continue to be shaken like this, there will be no IT market left," Tsymbal noted in a media interview.
Another incident, resulting in the confiscation of 111 pieces of equipment and even employees' personal belongings, occurred at companies under the Lucky Labs brand. Their client was identified as Forex Trend, a company allegedly involved in tax evasion. However, at the time of the search, the company itself had been inactive for a year. Lucky Labs representatives, however, claim they have no connection to Forex Trend. According to the company's management, the searches and seizure of equipment are a blow to the company and its business. It's possible that a competitor ordered the search.
Another egregious incident occurred in Kharkiv. Last April, SBU officers seized servers from the provider SteepHost. The officers didn't even have a formal basis for the search. According to company owner Andrey Kiselev, a criminal case was opened after the search, based on a report from Ivan Borysenko, deputy head of the regional cybercrime department. The case file doesn't even list a victim. SteepHost employees were never called in for questioning. Kiselev claims that SBU officers had previously wanted to confiscate his business and extorted a $25 bribe. The company owner also notes that he received threats on his life. He later managed to get some of the seized equipment back, but it turned out that the SBU had been copying materials on the company's clients, their personal data, and correspondence. For six months, Kiselev tried to get the prosecutor's office to open a criminal case against the SBU. He succeeded only thanks to the courts.
The latest instance of abuse in the IT services market was a hoax staged by SBU officers and the Alpha unit at the Adamant office. The company's founder, Ivan Petukhov, admits that the searches may be related to his refusal to cooperate with the KZhS enterprise, which receives a share of the market participants' money. "I know that both the SBU and the KZhS enterprise have a grudge against us (the captain of the SBU's Kyiv and regional branch of the Criminal Investigation Department visited Adamant last year and threatened violence if the company did not sign a contract with KZhS," Petukhov said.
According to sources, the searches at Adamant may be carried out by notorious SBU officers: Nikolai Valerievich Kuleshov, Deputy Head of the Department for Counterintelligence Protection of State Interests in Information Security, and Pavel Nikolaevich Lavrik, Head of the Second Directorate of the Department for Counterintelligence and Information Security.
In 2009, Nikolai Kuleshov was purged from his operational position for "protecting" the illegal termination of international traffic of foreign telecom operators in Ukraine. According to sources in the SBU, he revived this operation after returning to his post in 2015.
Read more: Lustration in DKIB
https://ord-ua.com/2014/10/21/lyustratsiya-v-dkib/
Here's one comment from an IT company representative: "Funny. Kuleshov also came to our operator. He brought a list of numbers and asked us not to disconnect them. He said he was personally documenting a group of refilers. We didn't disconnect these numbers for two weeks, and then we gave the list to the Security Service. The Security Service drew up reports, and we disconnected them. They say Kuleshov then told the Security Service outright, 'Why are you disconnecting my numbers?' How important is this? Is the Deputy Head of the Service Department personally handling this? Or does he really have a vested interest and a connection to the Karpenkos? Should he release the list of numbers? Will Internal Security handle this? Or, judging by the first article, does Nikolai have everything under control?" "As of today, Nikolai Kuleshov believes that over 500 illegal communication channels are supposedly completely undetectable to operators."
According to sources, Nikolai Valerievich Kuleshov was behind the scandalous search of the Adamant office. Moreover, following the scandal, the Prosecutor General's Office opened a criminal case against Nikolai Kuleshov and Pavel Lavrik for... extortion.
Last year, Nikolai Kuleshov made a public appearance by appealing to the Internet Association of Ukraine to block access to maidan.ru; antimaidan.com; polemika.com; rusmir.in.ua, and other websites, as they were disseminating information that promoted war. However, the Internet Association refused Kuleshov's request, citing the legal procedure of initiating a criminal investigation, conducting a state review of the content, and filing a lawsuit. Shutting down websites without trial or investigation based on a single complaint is bad practice, the Internet Association noted. Tatyana Popova, Chair of the Board of the Internet Association of Ukraine, suggested that this could indicate provocation by law enforcement agencies and the National Commission for the Protection of Public Morality, as well as a desire by some officials to curry favor, or even simple incompetence.
The well-known patriotic publication "Censor.NET" was also subjected to pressure from the Ministry of Internal Affairs "based on information from a reliable source"—at the instigation of the SBU.
According to sources, Mr. Kuleshov regularly and frequently travels to the United States, ostensibly to exchange "expertise." His most recent trip took place just a couple of months ago. During these trips, he repeatedly left the delegation to hold off-the-record meetings with employees of the US Secret Service. In the context of this information, it seems extremely odd that during the search initiated by Kuleshov, an SBU task force attempted to seize all equipment from the Adamant company, including government servers from the Presidential Administration, the Prosecutor General's Office, and the State Special Communications Service. They were then transferred, ostensibly as part of international legal assistance, to US officials.
As a result of pressure on IT businesses, providers across Ukraine will shut down internet services on February 3, 11-12, and 20. Providers were forced to take this decision because their monopoly on the market prevents them from operating normally.
Igor Ivanov, for ORD
Subscribe to our channels in Telegram, Facebook, Twitter, VC — Only new faces from the section CRYPT!