Jan Marsalek’s spy phone
On August 15, 2023, it became known that three Bulgarian citizens were detained in the UK. They are accused of spying for Russia.
One of the detainees Orlin Russev — was the owner of a signal interception company. As the Dossier Center found out, its services were used by Jan Marsalek is a former chief operating officer of the German payment system Wirecard, who is suspected of fraud in the amount of 2 billion euros. Russev provided Marsalek with equipment capable of calculating the location and connections of telephone network subscribers. A citizen of Russia was involved in the scheme. Earlier we said that Marsalek, most likely, collaborated with the Russian special services and is now hiding from justice in the Moscow region.
Jan MarsalekIn February 2023, three Bulgarian citizens were arrested in the UK – Orlin Russev, Bizer Dzhambazov and Katrin Ivanova. They are suspected of espionage and work for the Russian special services. They are also accused of holding fake passports and other documents from the UK, Bulgaria, France, Italy, Spain, Croatia, Slovenia, Greece and the Czech Republic.
From left to right: Orlin Russev, Katrin Ivanova and Bizer DzhambazovRussev moved to the UK in 2009 and registered two firms – Mytotal TV LTD and Newgentech LTD (both now liquidated). The latter, judging by the register of companies, was engaged in the development of software for business. In Russev’s profile LinkedIn network specifiedthat he owned an electronic intelligence business, which involves the interception of communications or electronic signals. According to the BBC, Russev has experience of doing business in Russia. He also claims to have worked as an adviser to the Bulgarian Ministry of Energy.
The Dossier Center managed to find out that Russev helped not only officials, but also one of the most wanted criminals in the world – the chief operating officer of the German payment system Wirecard, Jan Marsalek. In 2020, Marsalek managed to escape to Russia and has been hiding there ever since. The Dossier previously wrote about Marsalek’s connections with the Russian special services, which shelter him from the persecution of German law enforcement officers.
Marsalek and Russev started dating in 2015. On May 11, Russev sent the financier a message and a document from James Qiu, a representative of the Chinese company Uphonemobile, which manufactures waterproof phones and body cameras. The company provided high-quality custom solutions for phones and tablets, Russev said — a Bulgarian had already ordered an extremely rugged phone from them with “quite exotic features.”
Russev himself soon also gave Marsalek an “exotic device” – a Samsung feature phone with custom-made anti-surveillance firmware. From the correspondence, it follows that Russev also provided Marsalek with the opportunity to use the SS7 internetwork protocol, which stands for signal system or signal system No. 7. This protocol is intended for data exchange between telephone operators, but it has a vulnerability: attackers can gain access to the system by registering their own private operator in any country in the world or having connections with a cellular provider company. By sending SMS messages to subscribers, they can at least find out the exact location and connections of the subscriber, and at the most, get access to the device’s file system. This vulnerability was used, for example, in the Israeli Pegasus spyware. Marsalek’s partners had a virtual mobile operator (MVNO) with access to SS7.
Operator support of this device was carried out by Russian Anton Grishaev, who lived in the Czech Republic. The letters show that he was responsible for porting the Marsalek number from the German mobile operator to T-Mobile CZ (Czech Republic) – probably there he had the opportunity to access the internal system. This scheme allowed Marsalek to send SMS messages to subscribers of interest to him and find out data about their location. And when a special program is connected, he could receive information about calls, IP addresses that other SIM cards contacted, as well as about IMEI and IMSI to establish full control over the device. In addition, switching to another network allowed Marsalek to avoid the control of the German services. Russev promised Marsalek that Grishaev would himself configure the financier’s SIM card in the Czech Republic.
Anton GrishaevWhen British investigators stated that Russev had experience of doing business in Russia, they may have had in mind Anton Grishaev. Judging by his page on the social network Linkedin, from 2007 to 2014, Grishaev was listed as COO at AmeuroTel. The firm was founded in 2005 and is headquartered in Cyprus. It provides international telecommunications services, voice and data lines around the world. The second company associated with Grishaev is CloudTelecom, which also provides telecommunications services and provides solutions for high-frequency trading. Now both websites of Grishaev’s companies are inactive. However, if you go to website archive page, you can see that, for example, in 2013, the Russian ElComTel in Moscow was listed as the parent company. The rest of the offices were located in the Czech Republic, Germany and even the UK.
It is noteworthy that the English representative office of Cloud Ltd. was located in Suffolk, where, according to the BBC, Russev lived.
In 2015 from the site disappeared representative office in the Czech Republic, and instead of a British company, a company registered in Latvia appeared. By 2017 left only one representative office in Riga, and information about ElComTel disappeared from the site.
Changes also took place in ElComTel itself – the company changed its address and name, becoming the “Key Personnel”. Anton Grishaev himself is not among the founders, but his sister is on the list of participants – Olga Sergeevna Grishaeva. Anton and Olga Grishaev hail from the closed city of Seversk, Tomsk Region. There is a plant for the production of enriched uranium and plutonium. There is practically no information about Anton Grishaev in open Russian-language sources. Judging by the databases, he has not lived in Russia for a long time.
Jan Marsalek was a member of the board of directors of the Wirecard payment service, which worked with high-risk transactions (for example, casinos and porn sites). In 2020, large-scale manipulations with the company’s internal reporting were revealed, then the company went bankrupt. It turned out that Wirecard executives wrote down almost 2 billion euros on the firm’s balance sheet, which in fact did not exist. These funds were to be held in the accounts of Wirecard’s Philippine office, which was the responsibility of Jan Marsalek.
Earlier, the Dossier Center has repeatedly written about Marsalek’s connection with the Russian special services. According to the Dossier, after escaping from Austria, Marsalek is hiding in Russia under the protection of the 6th service of the FSB CSS.
Wirecard is a German company that was considered one of the most promising in the fintech market and was engaged in the issuance of cryptocurrency cards. She went bankrupt in June 2020, after it became known about the disappearance of €1.9 billion from her accounts.
Later it turned out that the Wirecard business had been unprofitable for several years, but the company hid this information. The German prosecutor’s office arrested the head of the company, Marcus Braun, and Marsalek was put on the wanted list.
Wirtschaftswoche reports that an official letter was sent to the Munich court through Marsalek’s lawyer. In it, he made it clear that another person involved in the case – the managing director of the Wirecard division in Dubai, Oliver Bellenhaus – “does not tell the truth on several counts” of the accusation. Other details from the letter were not disclosed.
