Was it some fallout from the alleged Russian hacking of the US presidential election? Were they part of a hunt for a possible mole who tipped off American intelligence agencies? Was it a power struggle within Russia’s security services?

Specifics of the case are murky, and no Russian government officials have commented publicly. Russian media have been filled with lurid, often contradictory, details that most assume are leaked by warring factions of intelligence officers.

Linking the arrests to the US vote would mean joining the dots between a series of shadowy actors in the Russian internet world.

RUSSIAN HACKING: ‘Putin supervised cyber attacks’

EXPLOSIVE DOSSIER: US intelligence reports Russian operatives hacked US election

PUTIN: Trump liars ‘worse than prostitutes’

In one of the few formal acknowledgments of the case, Ivan Pavlov, a Russian defense lawyer specialising in treason cases, confirmed to The Associated Press that at least four arrests on linked treason charges had taken place. He declined to elaborate.

US intelligence agencies alleged in early January that President Vladimir Putin ordered a campaign to influence the U.S. presidential election in favour of Donald Trump, with actions that included using a group called Fancy Bear to hack email accounts of individuals on the Democratic National Committee.

In an unclassified version of their report, the agencies did not disclose how the U.S. learned what it said it knows, and Russia has denied the accusations.

“I have long assumed there has to be some human resource for U.S. intelligence,” said Mark Galeotti, an expert on the Russian security services and a senior researcher at the Institute of International Relations in Prague.

The first arrest emerged last week with the news of the detention of Ruslan Stoyanov, an executive at Kaspersky Lab, a cybersecurity firm.

Stoyanov apparently travelled widely as the head of the company’s computer incidents investigations.
According to his LinkedIn profile, he was employed by the Russian Interior Ministry’s cybercrime unit in the early 2000s and hired by Kaspersky in 2012. Kaspersky has said the charges against Stoyanov relate to a time before he joined the company.

Multiple Russian media outlets have reported the detention of three officers working for the cybercrime division of the FSB, Russia’s domestic security agency, at around the same time as Stoyanov’s arrest in December.

Two of the men have been named in Russian media as Col. Sergei Mikhailov, deputy head of the FSB’s Information Security Center (TsIB), and a subordinate, Maj. Dmitry Dokuchayev.

Pavlov said a fourth defendant in the case was his client, but he refused to reveal his name.

TsIB is an “experienced cyberespionage outfit” that has expanded rapidly in recent years, according to Galeotti. “Their job is to hoover up everything they can.”

Reporting by Russia’s opposition newspaper Novaya Gazeta and US cybersecurity journalist Brian Krebs suggested compromising material on the FSB officers may have been a revenge operation by 26-year-old Vladimir Fomenko, revealed by US cyber firm ThreatConnect last year as the owner of servers used in hacks on election systems in Arizona and Illinois, and a Russian businessman, Pavel Vrublevsky, who was jailed for a year in 2013 for organising cyberattacks on a competitor.

Krebs said in a blog entry Saturday that Mikhailov may have passed details of Russian cyber criminals over many years to US law enforcement officers and US journalists, including a cache of information on Vrublevsky he himself received.

Another theory circulating apparently seeks to draw attention away from the US hack.

News outlets Life News and Rosbalt, which has close links to the security services, reported that the FSB officers fed sensitive information to hacking group Shaltai Boltai, or Humpty Dumpty, which used it in a complex profitmaking enterprise to blackmail dozens of Russian political figures.

A Moscow court confirmed Monday the arrest of Vladimir Anikeyev, reported to be one of the leaders of Shaltai Boltai, on hacking charges.

The arrests appear to add more weight to allegations against the Russian intelligence services that they recruited from the country’s vibrant hacking community to boost their offensive cyber capabilities.

Andrei Soldatov, who has studied the Russian security services and the internet for years, said the Moscow arrests clearly pointed to intelligence officers and criminal hackers working together to hack the Democrats.

Dokuchayev, one of the FSB officers reportedly accused of treason, has been identified by Russia media as a hacker known as “Forb,” who also worked for Hacker magazine in the 2000s before apparently joining the FSB.