State of Probiv. Moscow’s new crackdown on data leaks implicates namesakes of the very police staff meant to protect the information

The charge, Part 5 of Article 272.1, targets illegal data trafficking by an organised group or acts leading to what the law deems “serious consequences”. Mediazona can report this is only the second known case brought under this specific charge, following a previous arrest in Kaliningrad.

Two of the suspects, Vladimir Ignatyuk and A.R. Skribnyak, have been remanded in custody. Ignatyuk is the founder of the ITI Group, a firm providing “information and analytical services” since 1994, and was listed in leaked phone contacts as “vova fsb” (Vova being a diminutive of Vladimir, and FSB suggesting either work with the security agency or adjacent power) and “IDB Vladimir”, which may refer to the MIA’s “Integrated Data Bank”.

Little is confirmed about Skribnyak, but a similarly named man, Anatoly Skibnyak, appears in data leaks as an employee of BusinessInformSistemy, a company which also sells information services. In 2018, that company held a contract with the economic security department of Sberbank, Russia’s largest bank.

The five other suspects were all placed under house arrest. The names of four of them, Svetlana Seregina, Olesya Mechina, Yulia Krainova, and Natalia Shiman, match those of employees who have worked at the Main Information and Analytical Centre of the MIA, the very department responsible for managing the ministry’s databases.

Russia’s vast black market for personal data has recently introduced a new term to English-language reporting: probiv, slang for “punching through.” In recent years, the steady stream of leaks from both government and private databases has not only fueled numerous journalistic investigations, but also exposed ordinary Russians to widespread surveillance and abuse. As The New York Times put it in 2021, “probiv is only one of the factors that have made Russia, of all places, the most exciting place in the world for investigative journalism.”

But the same ecosystem has also enabled malicious actors. In one case reported by Mediazona in 2022, a stalker used the Ministry of Internal Affairs’ restricted “Rozysk-Magistral” system, which tracks citizens’ intercity travel, to follow his victim. The system is also one of the most crucial tools for investigative reporters. It was central to the 2020 Bellingcat and The Insider investigation which exposed the FSB agents who tailed the opposition leader Alexei Navalny before his poisoning. In the aftermath of that report, the authorities arrested at least one police officer in Samara for leaking data from this system.

Investigative reporter Andrey Zakharov, who studies the probiv market, explains that it operates on two levels: a consumer-facing public market and a more exclusive business-to-business network serving corporate security, banks, and private detectives. These B2B services rely not only on leaks but on direct access to confidential government systems, sold to them by corrupt officials.

While the state has appeared to crack down on leaks, it remains deeply entwined with the B2B data market. “Apparently, the creators of just such a B2B system have been arrested under the new [criminal] article,” writes Zakharov.

He notes that major players on this dark market include the firm Cronos, founded by KGB veterans, and Vitok-OSINT, a service from a major state surveillance contractor, Norsi-Trans, which also has roots in the security services. The latter system held a government contract with the very same MIA data centre now implicated in this new case. The service it offered was, in effect, a high-level version of the same probiv tools now being prosecuted: a system to search for citizens using everything from passport details and vehicle numbers to social media accounts and Bitcoin addresses.

Zakharov believes that while public-facing services have been shut down or forced abroad, the elite B2B providers with strong connections to the security services will likely survive by claiming to use only “publicly available” data.

In February, employees of the public-facing Eye of God service, a Telegram probiv bot, were raided. In response to the crackdown, another service, Himera, which operates using leaked databases, moved its employees out of Russia and cut off access for the Russian security services.