A 21-year-old tech entrepreneur and cybersecurity specialist named Timur Kilin was arrested in Moscow last week on charges of treason, marking the latest action against Russia’s own technology sector. The specific details of the case remain classified, but Russian media outlets suggest that Kilin may have provoked official scrutiny through his public criticism of the state-owned messaging application, Max, and his opposition to the government’s proposed anti-cybercrime legislation. Kilin, who had developed several security tools and established a cybersecurity startup this year, utilized his Telegram channel to voice strong disapproval of Max, labeling it “a disgusting product.” He claimed that after reporting numerous vulnerabilities to the app’s developers, he was subsequently blocked from their discussion group. A key flaw he highlighted was the app’s utilization of software libraries from what he termed “unfriendly countries,” which he argued could potentially expose Russian citizens’ data to foreign entities.
Russia’s state-backed Max app is being heavily promoted as the country’s primary domestic alternative to Western platforms; it is scheduled for pre-installation on all new smartphones sold in the country starting in 2025. While the application offers standard features like calls, chats, and payments, security experts have raised concerns that its notable lack of end-to-end encryption, combined with deep integration into government systems, grants it significant potential for surveillance. Beyond his critique of Max, Kilin also voiced opposition to a proposed anti-cyberfraud bill that aims to criminalize the disclosure of security flaws and methods of exploitation—a measure that has already drawn widespread condemnation from other experts in the field. He wrote, “I can understand banning VPNs, technology, websites. But no civilized society would ever allow a ban on global knowledge,” in criticism of the proposed law.
The entrepreneur was also reportedly involved in a legal dispute with Aeza Group, a Russian technology provider that was sanctioned this year by the U.S. and the U.K. for its alleged support of ransomware operations and online drug markets. According to Kilin, a court ordered Aeza Group to pay him compensation and a fine, though reporters have noted that the authenticity of this claim is difficult to verify. Local media sources have reported that Kilin was responsible for developing a system capable of large-scale vulnerability scanning, that he operated the TverHost hosting service, and that he recently launched his cybersecurity firm, Spide Security. His various Telegram channels were reportedly linked to him through a phone number exposed in a previous data breach, which was cited by reporters.
Kilin’s arrest adds to a growing number of prosecutions targeting Russian tech professionals and ordinary citizens for their online activities. A notable preceding case was that of Ilya Sachkov, co-founder of the prominent cybersecurity firm Group-IB, who was sentenced in 2023 to 14 years in a strict-regime colony on charges he adamantly denied. The accusations against Sachkov allegedly included sharing confidential information with U.S. authorities concerning the military intelligence-linked hacking group known as Fancy Bear. These prosecutions suggest a broad pattern of judicial action against those within the Russian tech sphere.
The penalties for online speech have been extended even to ordinary internet users, who now face severe sentences for expressing dissent. For example, a 72-year-old woman was sentenced to 5.5 years in prison last year for anti-war posts she made on VKontakte, a social media platform. In another case, a Russian citizen received a six-year sentence for posts that criticized Moscow’s invasion of Ukraine, which the court officially categorized as an act driven by “politically motivated hatred.” These arrests and sentences collectively underscore an increasingly restrictive and punitive environment for any form of public or technical criticism within the country.
Reference:
