Russian cybersecurity expert convicted of charges in $90M hack-to-trade case

A Russian national accused of hacking into two U.S. firms that prepare filings for publicly traded companies, and then trading on information before it was public, was found guilty by a federal jury in Boston Tuesday.

Vladislav Klyushin, 42, the owner of cybersecurity firm M-13 in Moscow, was found guilty of conspiracy to obtain unauthorized access to computers, wire fraud and securities fraud.

“We are disappointed but respect the jury’s verdict,” Maksim Nemtsev, Klyushin’s attorney, told CyberScoop. “We intend to appeal the various issues including the admissibility of prejudicial statistical evidence, as well as the novel theories of stock fraud and venue that have never before been reviewed or adopted by the First Circuit or the Supreme Court.”

Klyushin was originally arrested in Switzerland on March 21, 2021, and extradited to the U.S. on Dec. 18, 2021. Federal prosecutors accused Klyushin and four co-defendants of various roles in the scheme that the Securities and Exchange Commission alleged netted the group $82.5 million between January 2018 and September 2020.

One of Klyushin’s co-defendants, Ivan Yermakov, was previously indicted as one of the 12 Russian nationals named as part of Special Counsel Robert Mueller’s investigation into Russian interference in the 2016 U.S. election as part of a Russian military intelligence (GRU) hacking unit. He’d also been indicted for his alleged role in hacking various anti-doping agencies, sporting federations, and anti-doping officials.

Yermakov and the other defendants — Nikolai Rumiantcev, Mikhail Irzak and Igor Sladkov — were never arrested.

M-13 offers a variety of services including penetration testing, advanced persistent threat (APT) emulation, consulting, social media monitoring and cybersecurity audits, according to the company’s website. The company also claims its products are used by “the Presidential Administration of the Russian Federation, the Government of the Russian Federation,” other government agencies and private companies.

In a statement issued shortly after the jury’s decision, United States Attorney Rachael s. Rollins said: “This case demonstrates the Department of Justice’s commitment to protecting our financial markets and computer networks by aggressively pursuing those who seek to profit unfairly through intrusive cyber-attacks.”

She added: “My office and our law enforcement partners will continue our work to identify, prosecute and hold accountable criminals like Klyushin regardless of where they reside or the manner in which they try to conceal their illegal activities. Cybercriminals be warned: we will use every tool at our disposal to track you down and you will end up as a defendant in a courtroom.”

Oliver Ciric, a Swiss lawyer who fought Klyushin’s extradition, told NBC News in December 2021 that Klyushin had rebuffed approaches by U.S. and British intelligence agencies while traveling in Europe. The charges, Ciric said at the time, were “disingenuous” and that given Klyushin’s percieved connections to the Russian government through M-13, Klyushin “was perceived by U.S. intelligence as someone who may have confidential information or state secrets.”

Nemtsev told CyberScoop in April 2022 that the foreign intelligence assertions “were not something that’s come up in our case.”