Russia tried blackmail to hack UK visa system
November 16, 2018Russia's FSB intelligence service ordered a senior IT expert to build them a "backdoor" into the British visa network after threatening to arrest his mother and pregnant wife, Russia's The Insider outlet and Bellingcat investigative group reported on Friday.
The man, identified only by the pseudonym Vadim Mitrofanov, worked as a senior IT specialist in a private visa processing firm, TLSContact. According to the two media outlets, TLSContact is a trusted partner for diplomats of several EU countries, including the UK, with embassies and consulates outsourcing segments of visa processing work to the reputable international company.
Read more: Second Skripal suspect identified by Bellingcat
Mitrofanov reportedly worked in TLSContact's Beijing branch in 2015, when he married his wife, a national of a neighboring Asian country. Later that year, Mitrofanov was moved to a position in his native Russia and traveled there with his wife and their young daughter.
'Andrei' from FSB
However, Mitrofanov claimed to have faced unlawful bureaucratic hurdles, delays and harassment while trying to register the residency of his wife and daughter in Russia. He was not able to secure them a long-term visa in the following six months, forcing his wife and daughter to periodically leave Russia to avoid overstaying their right to stay in the country. Every time they left, the immigration authorities restarted their long-term visa application procedure. Meanwhile, immigration officials repeatedly raided his mother's home and threatened her with jail for harboring "illegal aliens."
Read more: Russia to let World Cup fans come back with no visa
Eventually, when Mitrofanov was preparing a lawsuit against the immigration authority, he received a phone call from a man who introduced himself as "Andrei" and said he was working for Russia's migration service. The man demanded Mitrofanov meet him in public to discuss the matter involving his wife and mother.
Jail 'would be uncomfortable'
During the conversation, the man asked Mitrofanov to agree to provide information to the FSB, using his position at TLSContact. He also implied he would otherwise launch criminal proceedings against Mitrofanov's mother for "harboring" her daughter-in-law and granddaughter.
"Although Andrei never made an open threat, he used phrases such as 'it would be uncomfortable if your wife needed to await deportation in jail' or 'I am distressed by the thought of opening the proceedings against such an old woman,'" Mitrofanov said in remarks published in Russian by The Insider.
Read more: Skripal private investigator: We share open-source info 'with everyone'
Mitrofanov eventually signed a form saying he "voluntarily agree[d] to provide consulting services to the FSB."
As a result, Russian authorities allowed his family to stay in the country. Later, the man identified as Andrei said Mitrofanov appeared on the FSB radar in March 2015, when he renewed his passport in Beijing.
Skipping the visa check
After agreeing to work for the FSB, Mitrofanov was told to supply Andrei with information about his employer, including the network structure, employees and their duties, as well as security measures.
Mitrofanov claims he provided his handler with distorted information and set up decoy IP-addresses. He later met with another man, identified as Alexander from the FSB's cybercrime division, who asked detailed questions about TLSContact and showed him an outdated diagram of the company's network. Mitrofanov said he had also learned that the intelligence agency had access to the CCTV inside the visa center.
In June 2016, Mitrofanov was asked if it was possible to set up visas for "a couple of guys who need to visit the UK."
"It's important that their passports are accepted and approved directly by the consulate, without any review and background checks and without leaving any trace in the visa center," the FSB handlers had told him.
Mitrofanov replied that something like that would require an insider at the UK embassy.
Connection with Skripal?
The conversation took place just months before two suspected military intelligence agents, using aliases Ruslan Boshirov and Alexander Petrov, made their first trips to the UK. The UK blames the pair for the poisoning of Russian double agent Sergei Skripal in March 2018.
It is not yet known how the two managed to circumvent the UK's strict screening process for Russian nationals. Neither Bellingcat nor The Insider, however, provided details on a possible connection between the incidents.
Mitrofanov was also asked to monitor whether senior staff of a Russian bank applied for a visa, and specifically whether notable Russian businessman Alexei Golubovich was attempting to leave for the UK. Golubovich was an important witness in a case involving now-exiled Russian tycoon Mikhail Khodorkovsky.
Back entrance to UK visa system
The Russian IT specialist also provided the two outlets with a document he found on a TLSContact server, which listed personal data of 1,500 Russian nationals who applied for a visa and then gave up their requests before receiving a decision. Names of political or public figures were marked in bold. Mitrofanov told The Insider and Bellingcat that there was no business rationale to maintain this list and that it could be an example of a file someone else was gathering for the FSB.
At the end of June 2016, Andrei and Alexander urged Mitrofanov to build them a "backdoor" to the UK visa center network. Mitrofanov agreed but told them it would take time and effort.
During his association with the FSB, Mitrofanov claimed he had attempted to get his wife and daughter out of Russia. By that time, his wife was already pregnant with their second child. However, several attempts to leave were halted by Russian immigration officials and his wife was repeatedly detained.
After reassuring his FSB contacts that he was working on creating a "backdoor" for the UK visa system, Mitrofanov convinced Andrei to allow his wife to return to her native country before giving birth to their child. The IT expert then managed to leave Russia himself via "a method we have chosen to withhold" at his request, Bellingcat writes.
Eventually, Mitrofanov and his family fled to the United States where they applied for asylum.
When contacted for comment by the Reuters news agency on Friday, the UK Embassy in Moscow said TLSContact has a purely administrative function and was "not at all involved in the decision-making process" of granting visas.