On the popular messaging app Telegram, cybercriminals advertise stolen government documents from around the world. Intelligence briefings from Indonesia for $5,000. Diplomatic cables from Taiwan for $10,000. The identities of Iranian spies for $3,000.
Anybody is welcome to browse these channels. They are entirely anonymous.
In November, a crime group known as Ares Leaks announced on Telegram that it was selling classified Russian intelligence documents. The group claimed that the records originated from inside the Federal Security Service, or F.S.B.
The New York Times does not pay its sources or buy stolen documents. But we do accept documents that are provided without cost or strings attached. And it is common practice for sellers like Ares Leaks to share free samples.
In this case, Ares Leaks provided snapshots of Russian intelligence documents and, most important, a complete F.S.B. counterintelligence document about China. More documents were available, the group said, for a negotiable price paid in the cryptocurrency Monero.
The sample document on China appeared to come from the security agency’s Department for Counterintelligence Operations, known as the D.K.R.O. And it offered tantalizing insight into Russia’s relationship with China, one of the most important — and least understood — alliances in modern geopolitics. It described deep concerns in Moscow about Chinese espionage, and it revealed that Russia operates a secretive program to organize and analyze data from the popular Chinese messaging app WeChat.
The document looked consistent with F.S.B. records that have previously been made public. Times reporters who have studied Russian espionage for years analyzed the material and saw nothing immediately suspicious.
We took the document to six Western intelligence agencies. All of them confirmed that it appeared authentic, based on its format and content. A few agencies told us that the content was consistent with intelligence that they had collected independently. One went so far as to say that the content was consistent with what it knew about Russia’s views on China and its penetration of Chinese communications.
The Times also confirmed some details from the document. For instance, we established — independent of the Western intelligence sources we consulted — that the Russian government had in fact been conducting “precautionary briefings” with Russians who travel to China for work.
The other samples that Ares Leaks provided were just snippets. They included warnings about handling informants, details of cyberoperations and analyses of Western operations against Russia. Without knowing the context, though, they were hard to analyze and vet.
How Ares Leaks acquired these documents is unclear. The group did not answer when asked. Russian agencies have been hacked before. Perhaps an F.S.B. officer mishandled them or had them stolen. Maybe an insider sold or leaked them, or Ares grabbed them from another criminal group.
Ares Leaks first emerged selling hacked corporate databases four years ago, according to Analyst1, a cybersecurity firm based in Virginia. Ares Leaks specializes in selling sensitive government documents and regularly posts that it is looking to buy information on militaries and governments — with Russia, China, France, Britain and Japan among its priorities.
The market for such documents is niche, with few buyers beyond intelligence agencies having a clear incentive to pay big money for this kind of insight.
However it obtained them, the crime group is advertising multiple tranches of Russian documents, including about North Korea, China, India and other countries.It offered the entire cache of Russian intelligence documents for up to $120,000.
Julian E. Barnes and Anton Troianovski contributed reporting.
Paul Sonne is an international correspondent, focusing on Russia and the varied impacts of President Vladimir V. Putin’s domestic and foreign policies, with a focus on the war against Ukraine.
The post How We Obtained and Vetted a Russian Intelligence Document appeared first on New York Times.
