A 21-year-old tech entrepreneur and cybersecurity specialist was arrested in Moscow on treason charges late last week — the latest case targeting Russia’s own tech community.
Details of the case are classified, but Russian media say Timur Kilin may have drawn official ire after publicly criticizing the state-owned messaging app Max and the government’s anti-cybercrime legislation.
Kilin, who built several security tools and founded a cybersecurity startup this year, had used his Telegram channel to call Max “a disgusting product.” He said he reported multiple vulnerabilities to the developers, only to be blacklisted from their group chat. Among the flaws he flagged was the app’s use of software libraries from “unfriendly countries,” which he argued could expose Russians’ data to foreign actors.
Russia’s state-backed messaging app Max is being promoted as the country’s flagship alternative to Western platforms, and starting in 2025 it will be pre-installed on all new smartphones in the country. The app supports calls, chats and payments, but security experts warn that its lack of end-to-end encryption and deep integration with government systems give it significant surveillance potential.
Kilin also criticized a proposed anti-cyberfraud bill that would criminalize disclosures of security flaws and exploitation methods — a measure other experts have also opposed.
“I can understand banning VPNs, technology, websites,” Kilin wrote. “But no civilized society would ever allow a ban on global knowledge.”
The entrepreneur has also reportedly been involved in a legal dispute with Aeza Group, a Russian technology provider sanctioned this year by the U.S. and the U.K. for allegedly supporting ransomware operations and online drug markets. Kilin said a court ordered the company to pay him compensation and a fine, though the authenticity of his statement is difficult to verify.
Local outlets reported that Kilin developed a system for large-scale vulnerability scanning, operated the hosting service TverHost and recently launched a cybersecurity firm called Spide Security. Reporters were able to link his Telegram channels through a phone number exposed in a data breach.
His arrest warrant adds to a growing list of actions handed down to Russian tech professionals and ordinary internet users. In 2023, Ilya Sachkov, co-founder of cybersecurity firm Group-IB, was sentenced to 14 years in a strict-regime colony on charges he denied, including allegedly sharing information with U.S. authorities about the military intelligence-linked hacking group known as Fancy Bear.
Ordinary internet users have also faced harsh penalties for online speech. Last year, a 72-year-old woman received a 5.5-year sentence for anti-war posts on VKontakte. Another Russian citizen was sentenced to six years for posts criticizing Moscow’s invasion of Ukraine, which a court described as “politically motivated hatred.”
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.
