I'm Eamonn Javers from CNBC, and this is the Crimes of Putin's Traitor. Last time, we learned about the bromance between businessman Vladislav Klyushin and his employee, hacker Ivan Irmakow. The two men and their colleagues were stealing American financial information and trading on it ahead of investors on Wall Street, and they were getting very, very rich. In this episode, we'll meet the American investigators who tracked them down, assembling an all-star team of law enforcement veterans as they tried to unravel a global conspiracy that threatened the integrity of American financial markets. The FBI team sat down with me at the Bureau's field office in Washington, DC. It's a bustling law enforcement hub in DC's East End. It's a building I've spent a lot of time at, staking out various criminal defendants on the streets outside over the years, but I've never actually been invited inside. Everybody happy? Rolling? Now, I'm getting rare access to the FBI team that tracked the Russians as they tell me of the painstaking work and long hours it took to expose the scam at the heart of the operation and reveal Ivan Irmakow's hidden identity. To make sense of it all, you need to know more about who these American officials are and how they do their work.

My name is B. J. Kang. I'm a former FBI agent at a Washington field office.

B. J. Kang is one of the FBI's most legendary financial crime investigators. He's busted some of the notorious Wall Street criminals of all time. He arrested Ponzi scheme mastermind Bernie Madoff, and perp walked Wall Street insider traitor Raj Raj Ratnam. That's why Reuters once called him the most feared man on Wall Street. In person, though, Kang is intense, but he peppers his speech with the mildest of expressions like, Holy moly, and my goodness. It all gives him the air of a straight-laced G-Man from an earlier era. Kang was one of the officials who got an initial tip from the Securities and Exchange Commission, which has spotted a pattern of unusual and suspicious activity in the stock market. They suspect insider trading. Someone is getting financial information ahead of time against the law and cashing in on Wall Street.

The information we got early on was there were a number of traitors. They were just hitting it out of the park.

Working with Kang is Stephen Frank, a veteran prosecutor who led the Varsity Blues case against rich parents who corrupted the US college admissions process. Frank began his career as a reporter in print at the Wall Street Journal and also on air at CNBC in the early days of the Internet boom, before going to law school and working his way up as a federal prosecutor. He sits perched on the edge of his seat as we talk. He's leaning forward with enthusiasm as he explains the case.

We knew that somebody was up to no good, and we knew that the scale of it was pretty big because it was happening quarter after quarter in stock after stock, and all of these different people were trading on it, and they were making a lot of money. So the brazen of it was really striking to us.

In late 2019, the investigators learned that foreign traders are targeting the biggest American companies, well-known brands like Tesla and Roku, as well as more obscure companies like the financial firm S. S. And technologies and the electronics company Avnet. Millions of dollars in illicit profits for the traders mean millions of dollars in losses for regular investors in American markets.

It's really unfair to have people sitting sitting in the comfort of their offices overseas behind a wall that they think protects them, taking advantage, stealing information, and trading on it to the detriment of investors all over the world. But at the very beginning, we were like, Are we ever really going to be able to figure this out? And even if we can figure it out, are we ever going to be able to lay hands on these people? Because they're in a country that's not going to extradite them.

At the FBI's Washington Field Office, Kang begins to assemble a group of investigators to work the case.

We put together what I consider probably one of the best teams. We brought on the best translators, the linguists. We brought on the best computer scientists that we can pull in.

One person they added to that team was cyber expert David Hitchcock.

I'm originally from Tennessee, got a degree in computer science, and so that's why I'm the nerd in the room on this team. I started out as an IT guy at the FBI doing software engineering and software development and managing contractors who did the same. From the day I walked in the door, I was very upfront about my interests and, Hey, I want to be an investigator. I didn't know that every agent wasn't 6-foot, blonde hair, blue-eyed, or of a certain cookie cutter pedigree. But I saw someone that was shorter than I was with a service weapon on their waist walking through the cafeteria one day. That's when I knew that my height wouldn't be- You have a chance. Yeah, my diminutive stashure wouldn't prevent me from being selected.

The FBI agents knew the overseas traders were making mysterious and enormous profits in the US stock market. They suspected that the explanation might be a computer intrusion, a hack. But they had to figure out where the traders were getting their information, and they knew it wasn't coming from the SEC's own website, which is known Edgar.

How could you hack this many people? If you didn't hack Edgar and you didn't hack the company, where is all this data?

Some innocent explanation that might be out there. Right.

We don't want to jump to conclusions. We don't want to assume anything, and everything's fact-driven. You're not going to get a search warrant with ideas of what happened. You have to prove these are the things that are reasonably going on.

Here's former FBI agent, BJ Kang.

We went after the IPs, the domains, whatever All the information that we got, we went after it. Supenas, court orders, search warrant. Supenas, court order, search warrant. Just wash, rinse, repeat.

A lot of those subpoenas went to Western companies that had access to the suspect's digital history. Emails, text, photos, and videos documenting their lives. The FBI was able to obtain a mountain of documentation. Buried in the data they had was one striking fact. Prosecutor Stephen Frank says the SEC reported that all of the targeted companies had one thing in common. They used the same filing agents.

Before this case started, I didn't know what a filing agent was. I've been in this business for a long time. I've worked in securities fraud. I was a financial reporter before that, and I didn't know that there was an entire industry of companies that assist publicly traded companies to file their reports, their required reports with the SEC. But they do exist. There's a number of them. What was unique here was that all of these different companies in all these different sectors were using two of these filing agents to file their quarterly earnings reports.

So that's the big light bulb moment.

That was a big light bulb moment, particularly because those two companies only had 44% of the market share of filing agents in the United States.

The two companies targeted are Donnelly Financial Solutions and Top and Merrill. I asked former FBI agent B. J. Kang about the magnitude of the information. You dealt with a lot of insider traders over the years. What would other insider traders have been able to do if they had that level of information?

If certain hedge funds had access to that information, that would be the best performing hedge fund ever. Ever? Ever. If a hedge fund had access to for that time period, had access to all of that information, oh, my goodness. The amount of money that hedge fund would have made from those traits, incredible.

Here's prosecutor Stephen Frank.

What happened next was that the FBI reached out to those companies and said, Hey, we think that you may have somebody gaining unauthorized access to your computer networks. The companies didn't know it at the time, didn't believe it at first. They said, No, we don't think so. Then they went back, and ultimately, they hired forensic experts of their own and looked deeper into their computer networks and found the telltale signs of a hack.

A spokesman for Top and Merrill told CNBC the company has since taken steps to bolster its cyber security. And said, Top and Merrill cooperates operated fully with government authorities in support of its confidential investigation. This included identifying details of the illegal cyber intrusion, which we understand the government was not otherwise aware of, and providing other forensic evidence. Donalee Financial Solutions did not respond to CNBC's request for comment. Federal prosecutor Seth Costo works alongside Stephen Frank in Boston on the case. We sat down with them both at the federal courthouse on the South Boston waterfront overlooking the Boston Harbor. Costo sees what the hackers are doing inside the filing agent's computers.

They obtain the usernames and passwords for employees at the filing agents. As a result, we're able to log in, like you or I might log in to our office accounts, and look through the confidential information of any company they wanted at any time.

Here's prosecutor Stephen Frank.

We were watching the hack play out in real-time, even as the filing agents were doing everything they could to lock out the hackers. These were sophisticated hackers, and they didn't just sit there at their computers and hack into these filing agent networks directly. They rented virtual private networks to cloak their trails so that they wouldn't leave footprints. But what we found is they got lazy, and they used this one particular network called AirVPN, We also found out that on one particular day, one of our hackers screwed up. He made a mistake. He forgot to log in to the AirVPN IP before he hacked into the filing agent. And so he literally hacked in from his own laptop directly into the filing agent. That only happened once, but once was enough to be a pretty devastating piece of evidence for us.

When they trace back that IP address, they discover exactly where the cyber attack is coming from. It's coming from Moscow. We'll be right back. Before the break, we learned investigators discover an IP address pointing them to Moscow.

Hacking is never totally anonymous. There's always some trace.

And as they dig further, they find more clues. Here's prosecutor Seth Costo.

One of the The funny parts was most of the access was happening in the middle of the night for the employees whose usernames were being used and in the middle of the day in Moscow.

So they were working regular business hours in Moscow. Exactly.

They were in the networks as they pleased and when they pleased. I think you would find that evidence of them being in on Christmas Day when no one else was, was something that told us that this wasn't legitimate use. Even though it was an employee password, you wouldn't expect to see employees on the network in the middle of the night. You wouldn't expect to see working holidays and weekends.

And the FBI team starts to get a sense of just how skilled this adversary is.

On a scale of 1-10, he's closer to the 10 in level of sophistication, but he's human. And the best hacker in the world always leaves it breadcrumb.

A tiny mistake by the hacker leads to the breakthrough they're looking for. Fbi agent B. J. Kang discovers one of the Moscow hackers uses his own IP address to log into his iTunes account just before he uses that same IP address to steal documents from a pharmaceutical company.

It's another moment, one Sunday by myself reviewing the records and identifying it, and then identifying that IP in his account, and then identifying in the logs that we got from the victim company. I was like, Holy moly. And just four minutes apart. I said, This is incredible.

The hacker registered that Apple account under his real name, and that means the FBI now knows who he is, Ivan Irmakow.

And then once we learned who this guy was, I said, Oh, my gosh, this is incredible. This is just this is amazing.

We pull on a thread and outfalls Mr. Ivan Irmakow. And what's interesting about him is because his name is known. And that is the pivotal moment where now it's not we think there is a hack, but we actually have a hacker that's in communication with people that are trading.

American law enforcement has dealt with Irmakov before. He's a veteran of the fearsome Russian GRU, military intelligence agency. In 2018, the United States indicted Irmakov, along with several other GRU hackers, for their alleged roles in the 2016 American presidential election. Irmakov and the others were charged with breaking into email accounts of Hillary Clinton presidential aides and releasing those documents to interfere with the election. Irmakoff was also indicted that same year in hacking and related disinformation campaigns targeting antidoping agencies and sporting federations. That indictment also said the GRU hackers had targeted a nuclear energy company in Pennsylvania and even hacked into a chemical lab in Switzerland that was investigating the poisoning of a former Russian spy in Britain. The GRU target list lines up exactly with the interests of the Russian government and its leader, Vladimir Putin. The FBI already has a wanted for Irmakov. In the photo, an expressionless Irmakov gaces directly into the camera. He's wearing a black suit and a black tie, his brown hair combed straight down over his forehead. The poster lists his hometown in Russia and his birth date, April 10th, 1986, making him 38 years old today. The FBI says he should be considered armed and dangerous.

I asked FBI agent David Hitchcock about this discovery.

It's pretty exciting, but we still have a lot of work to do. Because, again, is it a coincidence or is there a story that the facts will tell? We don't want to write the story. We want all of the facts that we collect throughout the investigation to tell the truth.

Prosecutor Seth Kosto says they start by learning everything they can about Irmakov, who he is and who he's working for now.

A retired or former Russian military officer with the pedigree, so to speak, having been indicted twice by the Justice Department for his role in influence campaigns, a hacker for hire.

They learn that Irmakov is young, ambitious, and he works for M13. The company is based in an obscure office complex in the Southern part of Moscow. As we explained in our first episode, the company advertises itself as a cyber security firm, and it tells potential customers that it has experts who can test a company's cyber defenses. In other words, it's a hacking company sitting in plain sight.

They said, Look, we can create teams of Black Hats who will use hacking techniques to see if they can break into your website, see if they can cover their tracks, see if they can gain access to your most sensitive data, and then we'll tell you what we were able to do so you can fix those holes in your network. But then what they did is they turned around and they used exactly the same techniques that they were advertising to hack into these filing agents in the US.

M13 works for private clients, but it's also a contractor to the Russian government. On its website, the company says it works for the office of the Russian President, Vladimir Putin. We'll be right back. Before the break, we learned M13's website says it does business for Putin. Here's where the story gets really interesting, because all of the FBI agents and federal prosecutors we spoke to were deeply reluctant to discuss anything to do with Vladimir Putin himself, even though M13 said it worked directly for his office. Putin is a figure looming large over this entire story. One thing is here. There's something very sensitive going on here. The one name we haven't talked at all about is Vladimir Putin.

There's nothing for me to say about that.

Do you think Vladimir Putin himself was aware of these guys and allowed this to happen?

I can't speculate about that.

So this is a guy who's worked for Vladimir Putin's office?

He did work for the office of the Russian President. That's as much as we can say publicly, because that's what's up on his website.

The owner of M13 is Ivan Irmakov's new boss, the young Russian oligarch Vladislav Klyushin. The digital trail has now led investigators to the boss of the operation. Klyushin is not, as far as we know, a veteran intelligence officer himself. He's a businessman and an entrepreneur, but he's well connected with Russia's elite intelligence agencies. He goes to parties with Officers of the FSB, which is a successor organization to the notorious Cold War era, Russian KGB. He even keeps a personally engraved lithograph of the FSB headquarters building. Investigators discover that Cleucian has been running a hack to trade scheme right out of the M13 office for years. He's been making millions of dollars by breaking American law. But they also learn that he's got even bigger plans than that. When they come to understand what those plans are, they realize they have to act fast because they believe Cleucian is lining up big money in Moscow to create a massive corrupt hedge fund with a secret criminal core.

He was hoping to get investors to put money in a fund that they thought would be legitimately invested, and in fact, he'd be trading on inside information.

He wanted to create Insider Trading LLC. Exactly. They're so successful, they begin to raise suspicions at Saxo Bank. That's the Danish online broker M13 is using to place its trades. The bank schedules a call with M13 to ask how exactly they're doing this. For the first time now, the M13 Gang is on the defensive, and Klyushin's solution is to tell a pack of lies.. Next time on the crimes of Putin's traitor, Vladislav Klyushin scrambles to protect his enormously profitable criminal enterprise as investigators from his bank start asking tough questions. And then the FBI and prosecutors make their move.

It's a breathless moment. You're literally holding your breath to see how this is going to play out.

The Crimes of Putin's Traitor was written, reported, and hosted by me, Eamonn Javers. The series is produced by Bria Cousins and Paige Torterelli. The podcast was edited by Candice Goldman. We had production support from Gillian Kreitzmann, Anthony Velastro, and Caroline Rojotis. Our production crew includes Sean Baldwin, Erin Black, Carlos Waters, Magdalena Petrava, and Tasia Jensen. Cnbc's Washington DC Bureau Chief Matt Cuddy, Deputy Bureau Chief, MCAP Wellens, and supervising producer of digital video, Janice Pettit, oversaw this project.