True Story Award 2021

Author:

Светлана Рейтер, Андрей Сошников, Темур Кигурадзе – Applicant: Svetlana Soprunova

Original Language:

Russian

Region:

Europe

Topics:

Technology, Economy

First Published:

BBC Russia, Russia, 2019-10-31

Read:

English, Pусский

Jury Statement:

Show

The story of a mysterious Russian hacker involved in large-scale international fraudulent schemes and his long lasting cat-and-mouse game with a strong-willed female investigator. This true crime story lasted several years in several countries and included massive fraud with railroad tickets, a cryptocurrency investment project with a participation of a powerful Russian businessmen, creation of undercover drug-traficking online network, burnt cars, rigged car crashes, blackmail, torture and, finally, killing. This feature is a unique work of investigative journalism. In its centre we see a shocking story of a first killing organized completely through the darknet, a cryptic part of the Internet accessed through special software and actively used for different illegal and criminal purposes. The authors draw a large-scale detailed picture of close connections between corrupt Russian business and international cybercrime networks acting through the darknet — and we can feel it's only a tip of the iceberg.

A Good Man with No Limits: The Story of the Darknet’s First Contract Killing

In March, Russian investigators managed for the first time anywhere in the world to uncover a murder ordered on the darknet – an anonymous portion of the internet shielded from oversight. The BBC inquired into how the crime was arranged and who was behind it.

The fugitive

Twenty hours in the narrow gap between the ceiling and roof of a bus is a real treat. You count bumps in the road with your spine. The cramped space makes your head split. But if there’s no choice and you need to escape Istanbul for Tbilisi without attracting attention, there’s probably no other way.

The hacker Yaroslav Sumbaev didn’t have much choice.

He described his escape on the DarkMoney forum: “From downtown Istanbul, buses go from Taksim Square to Georgia. They even take people in secret compartments under the roof” (cited without alteration – BBC). The hacker had debts in Turkey, his nerves were shot, and he didn’t have a place to live. He couldn’t find legal work – a cyberfraudster with five years’ experience, Sumbaev and his accomplices proceeded from faking bank cards to stealing millions of rubles from travel agencies and found themselves subject to in an international manhunt.

Special Investigator Evgenia Shishkina waged a war against the hacker in Russia starting in 2014. Shishkina reported to her superiors that Sumbaev was a dangerous criminal, the brains of a hacker gang stealing money from Russian citizens. Unraveling the schemes used by the hacker and his henchmen to siphon money from travel agencies was the most important thing for Shishkina. She was at it day and night. One day her son, Yaroslav, forgot the keys to their apartment and spent several hours in his mother’s office. He remembered her desk covered with printouts from forums that mentioned Sumbaev.

Sumbaev, whom friends call either “a good man” or “a man who knows no limits,” considered Shishkina his personal enemy. Shishkina, ambitious and straightforward, responded in kind. He wrote hate-filled posts on forums and made threats on Telegram; the detective read these messages so many times she knew them by heart.

The cyberfraudster told a friend he loved the film Catch Me If You Can, where a detective pursues a criminal in a futile chase. After Sumbaev was placed on an international wanted list in 2015, he periodically reminded the detective of his existence, just like the film’s hero, Frank Abagnale. Once he was on the run, exchanging Russia for Montenegro, Montenegro for Turkey, and Turkey for Georgia, he called the detective from unfamiliar numbers and sent messages from anonymous accounts. Shishkina read things like: “Evgenia, you’re already becoming notorious. Soon the whole of Russia will be wise to you. Your colleagues say you’re raging hysterically, spraying saliva all over the place.”

In January 2017, the hacker used Telegram to send his girlfriend a photo of himself with the Bosporus Bridge in the background. Later he started sending interiors of Georgian cafes, complaining about surveillance, insomnia, the flu, and the millions he owed some unsavory characters. (The BBC obtained the hacker’s messages from a source close to him. The delivery method rules out fabrication. As a safety precaution, the source’s name, like the name of Sumbaev’s correspondent, has been left undisclosed.)

After his escape from Turkey to Georgia, the hacker wrote that he was “arranging a contract killing.”

From pocketbooks to tickets

Sumbaev’s friends told the BBC that the Astrakhan native had an aptitude for natural sciences from early on. His classmates thought he had talent. The future cyberfraudster used to help his wife, Iolanta, whom he met at Astrakhan State Technical University, prepare for math exams.

But Sumbaev never figured out how to put together a legal business. His friends recall that when his parents divorced, the future hacker’s personality took a turn for the worse. While he was a college student, he started snatching up any job as long as it payed.

Sumbaev’s career began on forums dedicated to shadow earnings: he sold stolen digital wallets, offered his services “breaking into” personal information, and requested loans. In 2011, he registered on the investment forum MMGP.ru under the name “Yaroslav Snezhny” and asked right away for “credit, with a return.”

He suggested his clients invest in selling bags, wallets, and belts made from exotic leathers – his infrequent investors never saw a profit. One unlucky investor who had taken a chance on python and alligator skins complained to the BBC, on condition of anonymity, of losing a sum “equal to five to seven paychecks in his area.”

Unlike most outlaw hackers, Sumbaev loved attracting attention. In 2012, he left a comment on a web page belonging to Dmitry Vinogradov, an attorney who shot six people at his company’s office: “Dmitry, it’s simply a knockout, not many can pull off something like that!”

Sumbaev was charged that same year with credit card scams: while awaiting trial, he escaped house arrest by cutting off an electronic bracelet and fled Astrakhan. That got him placed on the federal wanted list.

That was when Sumbaev met hackers Maksim Matyushev and Kirill Kulabukhov on the kriminalu.net forum. They helped come up with a scheme for breaking into ticket systems. They sent viruses to travel agency email accounts, got passwords, and then booked the most expensive train tickets they could on behalf of those companies. On paper, the ticket purchasers were their own agents, “mules” who returned them and walked away from ticket windows with cash in hand. 31 travel agencies lost a combined 17.5 million rubles.

In 2014, detective Evgenia Shishkina was involved with the case: earlier, her name had been Grigorian and she lived in Baku, but after the Armenian pogroms, she fled to Stepanakert, the capital of Nagorno-Karabakh. She got a job there as a file clerk with the Ministry of Internal Affairs (MVD). When bombing started in Karabakh, Grigorian lived in a basement for a year. At the beginning of the 90s, Shishkina moved to Russia, where she made her way from sewing in the Kimry municipal shoe factory to investigating special cases for the transportation department of the MVD’s Central Federal District. Former colleagues tell us that Shishkina was rigorous and driven.

Many thought she was arrogant.

A source in law enforcement describes the detective for the BBC: “She’s one of those ladies with balls. She was a harsh interrogator, took charge of everything herself, didn’t get sidetracked with over-interpreting.”

Impulsive, ambitious, she reacted abruptly to everything and didn’t socialize at work with anyone other than her bosses. That’s how Evgenia is described by relatives and others close to her.

“Most important, she was an honest cop. There really aren’t many. She didn’t take bribes. For me, that was even a shock. She was looking for her own kind of justice, figuratively speaking,” her son, Yaroslav, told the BBC.

Within the transportation department, Shishkina served in the section that investigated organized crime in the economic sphere. The ticket case was taken seriously there: Shishkina assembled isolated system break-ins at travel agencies into a single case, allowing her to pursue them under a weightier statute. She also counted on a promotion. Incidentally, Lieutenant Colonel Shishkina never achieved the next rank.

The case included more than 60 incidents. Shishkina’s group spent several months traveling to various locations before finding their key informant. The principal evidence against those who organized the break-ins came at the end of 2014 from one of their agents, the Petersburg “mule-driver” Roman Mikhailov, who accepted a deal with investigators.

“I took Roman on the Sapsan [high-speed rail between Petersburg and Moscow] to see the detective, we had several good conversations with Shishkina. She was very pleasant, even though she was tough,” Vladimir Pisarev, Mikhailov’s lawyer, told the BBC.

In November 2015, after Mikhailov confessed to everything, he was beaten and slashed with a “rosette,” a broken-off bottleneck, near the entryway to his own apartment building.

“Greetings from Sumbaev,” his attacker said in parting. Mikhailov repeated the phrase when he called Pisarev immediately following the attack.

Police never found the man who delivered Sumbaev’s “greeting.”

Then investigators arrested two of the group’s leaders, the hackers Maksim Matyushev and Kirill Kulabukhov. They were charged with the break-ins and with gang fraud.

While they were being interrogated, Sumbaev was already fleeing Russia. His case was flagged for separate processing, and the hacker wound up on Interpol’s database. “You got the feeling Shishkina was dead set on catching him. She wanted evil to be punished,” Pisarev told the BBC.

“Vitaly Makarov’s” adventures

Sumbaev’s comrade Vasily Margiev was the one who invited him to Georgia.

Now they hate each other, although it’s not long since they were partners.

Thirty-three-year-old Vasily Margiev was born in the Georgian city of Kareli, but he has lived most of his life in Sochi. He never studied anywhere, but had lots of know-how: he ferried cars, built websites, and in 2003 Margiev was tried on a charge of stealing jewels worth 350,000 rubles – at a time when the average paycheck in Russia, according to data from the Russian Federal Statistics Service, amounted to 5500 rubles. He met Sumbaev in 2013 on one of the forums: Margiev was building a site for a casino, the hacker was offering remote lessons in online poker.

Gocha Tediashvili, Margiev’s lawyer, told the BBC that when the cyberfraudster turned up on the wanted list, his Georgian friend helped make a fake passport registered to a Lithuanian citizen, Vitaly Makarov. The purchase might have run Sumbaev 6000 euros, the price Margiev was asking on one of the forums. Sumbaev lived under Makarov’s name in Turkey and was carrying the same document when he arrived in Georgia in 2017. Margiev also made his way to Georgia from Sochi.

Once they’d met face-to-face, they started working together: Sumbaev advanced money so his friend could buy and transfer used cars; in return, Margiev promised support from high-ranking Georgian security officials. The cyberfraudster mentioned in one of his messages that they were expected to green-light various shady deals.

Sumbaev, who boasted in conversation with Margiev about ties to narcotics labs in greater Moscow, was interested in keeping up that business and also in arms dealing. In addition, the hacker wanted to get involved in cryptocurrency mining.

The companions’ breakup was swift and irreparable – with no ties to Georgian security agencies, Margiev, according to his lawyer, passed a taxi driver friend off as the city prosecutor. At their meeting with Sumbaev in a restaurant, Margiev’s friend, Eduard Shaverdov, ate with gusto and pretended not to know Russian.

Margiev’s deception was revealed soon enough. Sumbaev says in messages to an acquaintance that after not receiving the promised support, he decided to get rid of Margiev. In January 2019, a drunken Margiev was hit by a car when, according to friends’ testimony, he “got out of a taxi to barf on the side of the road.” Margiev, in critical condition, ended up in intensive care and lost a third of his skull. He’s sure the hit-and-run was planned.

Margiev has difficulty walking to this day, and even more trouble speaking, says Gocha Tediashvili, his lawyer. Nevertheless, he was arrested in the summer on a charge of kidnapping Sumbaev: according to the hacker’s version of events, told to the BBC by Zorab Todua, his former lawyer, Margiev lured his client to Georgia under false pretenses and detained him in a house in the city of Kareli, demanding, under torture, a $40,000 ransom.

A serious man

In his messages, Sumbaev constantly refers to a business partner he worked for in Georgia by the name of Mikhail.

In respectful tones, the cyberfraudster calls him “a serious man” and writes that “Misha will help with legalization,” “will remove [me] from Interpol’s database,” and will loan money if necessary.

Tediashvili, the lawyer, tells the BBC in conversation that Margiev and Sumbaev had joint projects with Russian businessman Mikhail Babarin. An analysis of messages the hacker sent to an acquaintance points to the same thing. The BBC located a businessman by this name – he used to manage Energokapital, a large investment company (presently involved in bankruptcy proceedings). Mikhail Babarin lives abroad, does not travel to Russia, and categorically denies knowing either Sumbaev or Margiev. He calls any mention of his name in this context “bullshit, a fabrication.”

Babarin was born in Arkhangelsk province, in the restricted-access city of Mirnyi. His mother rose to be a leading authority at the Russian Federal Air Transport Agency, his father was a missile specialist and a Mirnyi deputy mayor. In 2003, someone Babarin-senior’s age with the same name received a land allotment from the Moscow provincial government in accord with allocations for military and FSB veterans.

Mikhail Babarin was able to cultivate widespread connections and administrative resources while still quite young. On entering Petersburg University of Aerospace Instrumentation (GUAP), his chosen specialty had nothing to do with space or aviation: he defended a thesis in the department of management, with distinction. Anatoly Turchak, director of the industrial holding company Leninets and President Putin’s longtime friend, was at that time professor emeritus in the department. Babarin, in his words, “is on very good terms” with Turchak even now – and remotely advises theses at his alma mater to this day. “Babarin’s statement about our association is not consistent with the truth,” Anatoly Turchak told the BBC after this article was published.

With his doctorate in economics, Babarin, still a young man, sought out various ways of making money, from trading on the stock exchange to selling real estate. In the mid-2000s, he even co-owned an obscure film company, KSK Films: when it went bankrupt, the company lost all its property, including film rights. Among other films up for sale was A Wife Under Contract, a melodrama about a businessman’s fatal relationship with a journalist. While this was happening, Babarin was supposedly working at Ganzakombank in Petersburg – Aleksey Eliseyev, a former Russian Central Bank employee and Babarin’s partner in real estate trading companies, sat on its board of directors.

Vera Putin, the President’s first cousin once removed, was also listed at Ganzakombank. She agreed at first to meet with a correspondent from the BBC, but then stopped answering phone calls and messages. In 2015, the Central Bank revoked Ganzakombank’s license because of systematic violation of the law “On combatting legalization (laundering) of profits gained by criminal means.” At the same time, Eliseyev was charged with stealing funds from construction companies. To avoid investigation, the banker fled Russia for Spain – according to one version, he was arrested in Benidorm, a Spanish resort; according to another, he went into hiding in the Dominican Republic. We were unable to confirm or disprove either version, just as we were unable to make contact with Eliseyev. Europol, Interpol, and the Spanish police did not respond to questions from the BBC about his arrest.

At the moment Ganzakombank was shut down, Babarin had already been managing Energokapital, one of St. Petersburg’s largest investment companies, for three years. In a short time, the dynamic manager attracted new clients, and his company was floating public debt securities for Sukhoi Civil Aircraft Company and the government of St. Petersburg.

In 2015, the National Association of Funds Market Affiliates named Energokapital the best broker in the Northwest. That same year, the Moscow Stock Exchange announced that the company had not settled accounts for transactions involving its clients’ shares. Of the 3 billion rubles ($50 million) on Energokapital’s books, a large portion slipped away to an unknown destination. Endless lawsuits among clients, owners, and company management have been dragging on for about four years. One contingent of clients assumes that Babarin might have siphoned the money off through companies he controlled. Others maintain that the chair of the company’s board of directors, Petersburg billionaire Aleksandr Kashin, allegedly created the hole in Energokapital’s accounts. This is the version Babarin himself subscribes to in conversation with the BBC: now he’s sorry, in his own words, he “didn’t go to the police right away when he saw a company he had invested so much effort in being artfully led into bankruptcy.”

After Energokapital collapsed, its former general director left Russia behind. His family’s property has been partially seized. A Petersburg court is looking into a case for tax evasion, with Babarin as defendant.

From Aliсante to Marbella

Tanned, trim, short, with a piercing gaze and the impenetrable expression commonly called “poker face,” Babarin is talking with BBC correspondents in the lobby of a five-star hotel in the Spanish resort of Marbella. He agrees to meet only to talk about the company he managed in St. Petersburg. Babarin replies eagerly to questions about Energokapital and reluctantly to everything else. Not far from our meeting is La Finca de Marbella, a residential development. Yaroslav Sumbaev tried selling one of the villas here, along with a stylish villa in Alicante, for bitcoin. He wrote to his girlfriend about it.

The hacker posted a sales ad on the main cryptocurrency forum, Bitcointalk.org, in 2017. The house in Marbella cost 1,750,000 euros; the one in Alicante cost 2 million.

In the ads, Sumbaev linked to Prian.ru, an electronic real estate catalog: the seller was billed as one Mikhail with an Estonian phone number; Sumbaev, according to facts supplied by a BBC source familiar with the investigation, owned and used the number. The number was out of service at the time of publication. The hacker never sold the houses.

The villa in Alicante is registered to Tatiana Krivosheyeva, Aleksey Eliseyev’s close friend and business partner. The hacker didn’t give the villa’s exact address, so it’s impossible to establish who owns it. But most homes in La Finca de Marbella give the impression of being uninhabited.

Aleksey Eliseyev owned two real estate construction companies in Marbella and Alicante until 2018. Right now, someone named Mikhail Babarin is specified in the capacity of general director.

In conversation with the BBC, Babarin states that he’s not involved in real estate, “the number given in the ad isn’t his,” and that “it’s been more than ten years since he’s seen” Aleksey Eliseyev.

He hammers it home to the BBC’s correspondents: he learned from the media about the sale of the villas, about the hacker Sumbaev; any intelligence about his possible association with Margiev is fabricated.

Margiev and Sumbaev, the lawyer Tediashvili told the BBC, were working out a cryptocurrency project with a purported investment of $250,000 from Babarin. Energokapital’s former general director insists he’s “never been involved” in cryptocurrency, although his business interests “lie in the blockchain sphere.” The BBC was unable to confirm whether Babarin actually invested in the project mentioned by Tediashvili.

Possible connections between Margiev and Babarin extend beyond this project.

In 2016, blogger Ilya Valiyev posted a text to his LiveJournal site at a friend’s request: “How to Do Business in Russia, or How I Walked in Navalny’s Shoes.” He wrote that Babarin may be guilty of bringing down Energokapital and transferring 3 billion rubles out of Russia. As evidence, he listed real estate holdings in Moscow, St. Petersburg, and at Spanish resorts that could belong to Babarin’s family.

In April 2017, someone set fire during the night to Valiyev’s car and bathhouse. By some miracle, the fire didn’t spread to the country house where the blogger was asleep.

Valiyev claims that several days later he received a photo of his burned-out car from an anonymous Facebook account. He filed a police report and, to be on the safe side, gave up publishing on LiveJournal.

In 2018, in spite of his precautions, the blogger suddenly received a message on Telegram from @Vassso1: his interlocutor opened with the line “we haven’t talked in a while” and insistently asked him to delete all archived copies of the Energokapital text from the internet. Valiyev is sure there’s a connection between his post and the arson incident, but he can’t pinpoint who’s behind it.

The BBC ascertained that Vasily Margiev could have used the account @Vassso1. The app GetContact identifies the phone number registered to the account as “Vasoi Qareli” (probably Vaso from the city of Kareli). Margiev used precisely this account while looking for credit card fraud specialists on Telegram chats, and he posted the exact same want-ads on forums without hiding his identity.

Mikhail Babarin maintains that Valiyev’s LiveJournal text does not reflect the actual facts and that he made use of exclusively lawful means to combat the blogger when he filed a libel suit against Valiyev. In 2017, the court ordered the blogger to pay Babarin 30,000 rubles in compensation. Valiyev filed an appeal and contested the suit. But the people responsible for setting his car and bathhouse on fire remain at large.

Vasily Margiev’s lawyer did not respond to the BBC’s follow-up questions.

Friends and landowners

The city of Kareli is located a few kilometers from South Ossetia. It’s less than two hours’ drive to the Russian border.

For Margiev, Kareli is his hometown. For Babarin, it’s a potential investment site. There’s an entry in the Georgian real estate registry for a parcel the size of two soccer fields purchased by someone with the Petersburg businessman’s name. The land’s previous owner was an influential Georgian family with links to Babarin, the Gogichashvilis. Tengiz Gogichashvili, the head of the family, graduated from the Leningrad Mercantile-Economic Institute and served both as a deputy in the Georgian parliament and as the director of Georgia’s only sugar factory, located right in Kareli.

His son Vakhtang is Babarin’s business partner in Georgia. Babarin tells the BBC that he was planning to put together a real-estate sales IT project with the “young Georgian.” Babarin’s and Tengiz Gogichashvili’s lots share a single enclosure. On Babarin’s, there’s a pair of dilapidated non-residential structures and a thicket of weeds; a mobile communications antenna sits directly adjacent to Gogichashvili’s.

Babarin says he doesn’t have any land in Kareli; he claims he visits Georgia for therapeutic spa treatments at the Bioli Medical Wellness Resort. Tengiz and Vakhtang Gogichashvili did not reply to the BBC’s questions.

Not far from Kareli is the city of Gori, where Sumbaev was hiding in 2018. That’s where, if his messages can be trusted, he was busy with a project for “Misha,” an Initial Coin Offering (ICO) for a company to produce cryptocurrency mining tools. The partners wanted to sell the tools for company tokens (“shares”). They were also planning on organizing a conference “with world-class speakers” and funding “the activities of research institutes.” The BBC obtained a road map of the project from a source on the cryptocurrency market. The last item consists of a single word: SKAM, which stands for a planned bankruptcy. In conversation with the BBC, Babarin, as usual, denies the project ever existed.

Parallel to the ICO, Sumbaev was on a forum looking for a technician who could “run down” an automobile using a telephone number. Later, in January 2018, someone torched the used Lexus Evgenia Shishkina had bought on credit.

In correspondence with his girlfriend, Sumbaev annotated a photograph of the burned-out automobile: “I’M MAKING LIFE HELL FOR THIS BITCH.”

When they learned about the arson attack, Shishkina’s bosses offered her a security detail, but she turned it down: as her husband explained to the BBC, she didn’t want “two strapping guys constantly at her heels.” They removed her home address from databases just in case.

Sumbaev hadn’t had a stable home address for a long time: wary of being tailed, the hacker was constantly moving from one Georgian house to another. He identified arms and narcotics trade among his basic income sources, not bothering to hide his contributions to a darknet dealer: “Everyone’s always known I’m a versatile, well-rounded man. My hacking and card fraud operations have no connection to how I handle selling other stuff. I’m even sourcing Colombian cocaine from Mexico,” Sumbaev wrote on the DarkMoney forum in 2015. The cyberfraudster openly discussed prices for transporting “pure coke” from Venezuela and reacted enthusiastically to a lucrative offer -- $12,000 per kilogram: “Boy, that’s a swanky price for delivery in neutral waters. I’ll keep it in mind.”

Miguel Morales’s network

Once a resident of Texas’s impoverished neighborhoods, Miguel Morales, ringleader of a massive narco-cartel in Mexico, is still considered one of the century’s most ruthless criminals. He has published execution videos on the internet, threatened authorities, and maintained a private army of children and adolescents who idolize him. For about two years he headed the Los Zetas narco-empire and was only captured by Mexican marines in 2013. Investigation of his crimes is ongoing.

One of the Russian-language narcotics retailers on the darknet had its own “Morales” and it, too, is called Los Zetas.

There are a little more than 30 people who make up the Russian Los Zetas: “cachemen,” who hide narcotics in cities and towns to be sold, chemists, shippers, who manage stocks, a maintenance service, deputies, and “Miguel Morales” himself. The dealer opened in 2016, during a period when the Russian Anonymous Marketplace platform (RAMP) was flourishing on the darknet. Until recently, associates communicated on closed Telegram chats, but there were also open chats, where they invited clients. The chats are now deleted, but the BBC obtained access to an archive for one of them.

Although “Miguel” had not been present on this chat since the end of 2018, his collaborators were constantly putting in a good word for him. “I will never betray Miguel,” one of his deputies confided, “Miguel once wrote… I’ve arranged the work for you guys so you’re at liberty in everything, you can always count on my protection.” According to one coworker, Miguel was constantly bribing police officers to release cachemen.

“Miguel” wrote on one of the forums that over the first year and a half, police arrested eight of his cachemen: “4 are in jail, bonehead minors (up to 22 years old) I explicitly barred from working in parks, but they just didn’t listen […] 4 more were randomly stopped and frisked on the street, everything was sorted out on the spot for 200-300k [rubles].” After 2 years, the stakes were higher: one chat noted that “Miguel” had to turn over half a million rubles for a novice cacheman’s release. The cachemen in Los Zetas were constantly turning over: one left after earning enough for a new BMW, another after saving up for an expensive suit, a third when he found out he had cancer. If one of “Miguel’s” deputies is to be trusted, all of Los Zetas’ managers have left Russia and are constantly on the move from one country to another. The island of Fiji, Spain, Georgia, and other countries are mentioned in correspondence.

“Miguel” had at least three deputies; their duties included drawing up itinerary maps for cachemen, negotiating with regional representatives, and making regular reports in Evernote, a corporate organizer. They also arranged contests: the store promoted escape rooms in various cities and asked its clients to send in their best photos on the theme: “Los Zetas blew this day wide open.” They gave away “stashes” as prizes.

At the beginning of 2017, “Miguel” learned of RAMP’s imminent shutdown, and Los Zetas was one of the first retailers to register on Hydra, a competing platform. RAMP ceased operation in July of the same year. Soon after, MVD reported on the shutdown.

In less than two years on Hydra, “Miguel’s” retail business completed more than 250,000 deals. According to data from DrugStat, a Telegram channel, Los Zetas placed eleventh in sales among all the platform’s retailers at the end of August. According to an anonymous writer on DrugStat, “A modest retailer does 600-700 thousand rubles a month net, after deducting all expenses.” The writer calculates that “Los Zetas is a massive store, so in their case you could be talking tens of millions a month.”

Apart from the standard array of stimulants and cannabis products, Los Zetas offered cocaine, an expensive rarity for Russia mentioned by Yaroslav Sumbaev on DarkMoney. By the same token, “Miguel Morales” discussed credit card scams on forums dedicated to selling narcotics.

If you enter the Estonian phone number of the person selling villas in Marbella and Alicante into Telegram, you’ll discover it belongs to “Miguel Morales.” The profile photo for the account displays the severed heads of the Mexican cartel’s competitors.

As a source familiar with the investigation’s progress told the BBC, Yaroslav Sumbaev, who owns and uses the Estonian phone number, was ipso facto “Miguel Morales” from Los Zetas, the Russian-language dealer.

Yaroslav Sumbaev has not responded to questions about his possible connection to Mikhail Babarin, about the Spanish villas, or about his contribution to Los Zetas.

Shishkina never got the chance to interrogate Sumbaev – her body, with two gunshot wounds, was found at the beginning of last October next to a parking garage in the Moscow suburb of Krasnogorsk. In March, two adolescents confessed to the murder.

Already at their first interrogation, they told about taking the hit job on the darknet, on the Hydra platform, from the owner of the narcotics retailer Los Zetas, who used the screen name “Miguel Morales.”

Lying low in Opalikha

Nineteen-year-old student Abdulaziz Abdulazizov agreed to shoot Shishkina on a tip from a friend, high school senior K. G. They were neighbors in St. Petersburg’s Kalinin district and had met on the basketball court. Seventeen-year-old G. was one of Los Zetas’ coordinators and was using everything from mephedrone to cocaine.

G. met the murder’s client on the darknet, on the Hydra platform. For “getting rid of somebody,” G. was offered a million rubles. The BBC reviewed criminal case materials stating that “Miguel Morales” dumped Shishkina’s personal information for G. on Telegram, the messaging app.

Once he received all the information, G. asked Abdulazizov for help with the job, telling him they “needed to kill a bad woman.” Abdulazizov thought it over a couple weeks and signed on.

“It’s not just the first murder arranged completely over the darknet, on top of that, it’s also the first murder arranged over the darknet to be detected,” says Igor Bederov, director of the company Internet-rozysk [Internet-Crime Detection]. Bederov’s company aggressively aided investigators tracking down Shishkina’s murderers.

Sites where you can hire a killer count as one of the darknet’s key tropes. Scammers take orders, then disappear once the bitcoin prepayment comes through. The creators of Besa Mafia, one of these sites, passed themselves off as members of Albanian criminal gangs supposedly carrying out murders for hire in the USA, Canada, and Europe. In 2017, British cyber expert Chris Monteiro found a vulnerability in the site and gained access to messages among the imaginary mafiosi: of hundreds of orders, not one had ever been fulfilled. A few years earlier, US authorities accused Ross Ulbricht, creator of the Silk Road platform, of using the platform to arrange six murders. They dropped the charges later, however.

But Abdulazizov carried out his contract in good faith.

Abdulazizov’s girlfriend calls him “the life of the party.” They’d been seeing each other just over a month: “We just hung out. He got to meet my parents, planned on introducing me to his, and then we’d rent a place together.” She had almost no dealings with G., but heard he was supposedly affiliated with a narcotics dealer on Hydra.

The transcripts from Abdulazizov’s interrogation paint an unassuming picture: the first-year medical student rode a skateboard, watched movies, bleached his hair, tried hard to look like his favorite musician, Brennan Savage.

Abdulazizov bought his outfit for killing the detective at Season, a discount store. He learned to shoot from the film Hitman. He used the app BlaBlaCar to travel from St. Petersburg to the suburb of Moscow where the detective lived. He kept an eye on Shishkina outside her building in the village of Arkhangelskoe after sensibly renting a hotel room in neighboring Opalikha. Abdulazizov reserved his room on Avito and paid his bill with a credit card.

He took the pistol and bullets in stashes. G. told him how to find them.

Abdulazizov drove up to Shishkina’s building in a Yandex-taxi on October 9, 2018. “I followed the woman from her entryway… she was sort of heading toward me from the left, kind of on a slant, I approached and sped up while I got the pistol out, at that moment the woman saw me getting the pistol and started hitting me. Dodging her, I slipped and propped myself on the ground with my left hand while I got a shot off from the hip with my right, into her stomach. After that I got up and shot her somewhere in the neck and then she was lying on the ground.” That’s what it says in the minutes from his interrogation.

His watch said 7:30am. Stepping around the body, Abdulazizov put on a new tank top without stopping, walked two more blocks, and called another Yandex-taxi.

The taxi trips would allow him to be traced.

On the day the detective was murdered, Abdulazizov took in a Brennan Savage concert and posted a video on Instagram.

Five months later he was charged with the detective’s murder and arrested. Now he could receive a life sentence.

“Miguel Morales” wrote in a closed partition of the Hydra platform that blame for the detective’s murder was specifically “being hung on his boys,” who in a one-off, “severely punished some bitches” who knocked off a certain cryptocurrency changer. The platform’s administrators showed his letter to the BBC. “Morales” did not reply to our question whether the “punitive squad” was connected to Abdulazizov and G.

The trial

Sumbaev lived for a year in Georgia. He was arrested outside his house in Gori at the beginning of November – in possession of a pistol and documents made out to “Vitaly Makarov.” Sumbaev’s wife and small daughter were waiting at home.

Georgian authorities charged the hacker with illegally obtaining a firearm and using a false passport. Sumbaev simply could not obtain a legal passport, says Ivan Norakidze, his current lawyer, and the hacker fled to Georgia in fear of “persecution by Russian spy agencies.”

After his arrest, Sumbaev asked Georgian authorities for political asylum, but was refused.

He was placed in a cell in Gldani Prison.

As fate would have it, Vasily Margiev was later delivered to the same isolation cell; the hacker’s former sidekick was charged with stealing and extorting money from Sumbaev.

For now, Sumbaev has not been charged in Shishkina’s murder; Russia demanded he be turned over in connection with the ticket case. His extradition trial began during the winter – the BBC’s correspondents attended one of Georgia’s Supreme Court sessions in May and saw the hacker for the first time in real life.

Yaroslav Sumbaev is 29. There’s nothing remarkable about his appearance: a round face, a trendy haircut given by the hacker’s cellmate, stylish glasses, jeans, a gray t-shirt. Congenial Tbilisi’s streets are full of tourists who look like that – the difference is that they rarely find themselves in the Supreme Court.

Particularly as criminal defendants.

In the grandiose courtroom, finished with stained oak and marble, Sumbaev spoke exactly one phrase: “I want to make a declaration. I will not say another word unless the session is closed.” After the judge refused, Sumbaev indeed refrained from saying another word. Half an hour later, the judge pronounced a verdict on his extradition to Russia.

“We will fight it, this extradition is a profound tragedy for us all,” Ivan Norakidze, the hacker’s lawyer, told the BBC after the session. He called Sumbaev his “brother,” stating that all accusations against the hacker were unsubstantiated. Four months later, the Georgian Ministry of Justice published an order to deport the hacker. His defense lawyers filed a complaint with the Strasbourg court the same day.

The cyberfraudster wrote to the BBC that he had nothing to do with the detective’s murder and that he ended up behind bars at the instigation of Russian spy agencies: Sumbaev claimed that in 2012-2013, FSB operatives forced him to work for them and “disrupt the economies of the USA and European states.” The hacker offered the BBC a deal in his letter: in exchange for explicit details, he would become sole author and editor of any notices regarding himself. Sumbaev asked 100 million rubles for violation of the agreement. The BBC refused his offer.

The Los Zetas dealer continued functioning after Sumbaev’s arrest. Darknet accounts and messaging apps associated with him are also working: the BBC learned that “Miguel” handed store management over to his deputies. In April 2019, in reply to a question about involvement in Evgenia Shishkina’s murder, a BBC correspondent received a laconic message from a Telegram account registered to the villa seller’s phone number: “Mixing it up with a detective’s not my thing,” wrote “Miguel” and dropped out.

After seven months in a detention center, Shishkina’s murderer, Abdulazizov, shaved his head completely, like Brennan Savage.

A year after her death, Evgenia Shishkina was awarded the Order for Bravery.

Her son, Yaroslav, started his third year at the institute. Her husband, Oleg, retired.

Mikhail Babarin, the businessman, lives abroad. He’s writing his memoirs about Energokapital in a genre he describes as “confessions of an economic murderer.” GUAP still identifies him as the teacher for several classes, although he’s not planning on returning to Russia. Babarin continues to insist he never had any association with Sumbaev, or Margiev, or any other “computer screw-ups.”

Vasily Margiev, accused by Sumbaev of theft and extortion, remains in the Gldani detention center.

On October 24, Sumbaev was led from prison, put in a car, driven to the border, and handed over to Russian authorities.

Translation: Thomas J. Kitson