The Assassin That Was Tricked by a Spoofed CLI

Have you ever been fooled into answering a call because the caller ID looked familiar? Have you then spoken to a fraudster who stole your money by successfully continuing their deception? Do not feel bad, because anybody can be duped using methods like this. Even a government assassin who specializes in lethal poisons can be taken in by an imposter using a spoofed number.

Alexei Navalny is a politician who describes the ruling United Russia party as ‘crooks and thieves’, who has been arrested multiple times, and who most famously was poisoned using the Novichok nerve agent. This week Navalny was arrested again after returning to Russia for the first time since his poisoning, and then made further news by releasing a video investigation of the financial affairs of Vladimir Putin that was watched 40 million times within its first two days on YouTube. Navalny places himself in the middle of lots of trouble, but at least he is still alive. On 20th August 2020 Navalny was on a four-hour flight from Tomsk in central Russia to Moscow when the symptoms of his Novichok poisoning became evident. The pilot reacted quickly to the discovery, diverting to nearby Omsk where medics saved Navalny’s life. Navalny was flown to a German hospital two days later, where it was confirmed he had been exposed to Novichok. But how did Navalny’s enemies transmit the poison to him? Was it in the tea he drank that morning? Navalny wanted to find out, so he called Konstantin Kudryavtsev, one of the team of government agents who monitored Navalny’s movements and cleaned up after the assassination attempt.

Kudryavtsev’s role in the operation had been determined by Belingcat, the ingenious collective of investigators and researchers who piece together information from many sources in order to shine new light on to conspiracies and other wrongdoing. Belingcat had previously distinguished themselves by identifying one of the agents who traveled to the UK to poison Sergey and Yulia Skripal with Novichok in 2018. But how could anyone persuade Kudryavtsev to reveal the secrets of the Navalny hit? Navalny worked out how to do it: he changed his CLI to match a phone number used by the head office of the FSB, the Russian security agency, and pretended to be a senior officer, commanding Kudryavtsev to report urgently on the reasons the mission failed. The deception worked, and Kudryavtsev explained how he was responsible for cleaning the seams of Navalny’s underpants to remove any trace of the poison. You can listen to the incredible recording below.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.