Report: Tech Company In Steele Dossier May Have Been Used To Support DNC Hack
Web infrastructure owned by a Russian internet entrepreneur named in the Christopher Steele dossier may have been used to support the hack on the Democratic National Committee during the 2016 election, a private intelligence report newly unsealed in federal court alleges.
That same infrastructure may also have been used in spearfishing attempts on John Podesta, chairman of Hillary Clinton’s presidential campaign, according to the report. Thousands of Podesta’s emails, revealing campaign strategies and other sensitive material, were subsequently published by WikiLeaks in early October 2016.
The research report, by a former top-ranking FBI cyber-security agent who also directed the National Security Council’s cyber response team, found “technical evidence” suggesting the groups behind the hack used infrastructure belonging to XBT Holding, which is owned by Aleksej Gubarev.
Gubarev and his companies were named in the dossier on Russian election interference written by Steele, a former British intelligence agent, which linked them with attempts to use cyber-attacks to influence the US elections and collude with Donald Trump’s campaign. Steele’s report alleged that XBT and other companies owned by the entrepreneur had been using “botnets and porn traffic to transmit viruses, plant bugs, steal data and conduct ‘altering operations’” against the Democrats.
Gubarev filed suit against BuzzFeed News after it published the dossier in January 2017. The report unsealed today was compiled by Anthony Ferrante, a private investigator and former chief of staff for the FBI’s cyber division who works for FTI Consulting, which was retained by BuzzFeed’s defense team, and filed in federal court for the southern district of Florida.
Ferrante reported that XBT’s infrastructure had technical links to Fancy Bear — one of the two main espionage groups that US intelligence agencies have identified as conducting the attacks at the Democratic Party leadership.
In all, the report identified numerous technical connections to malicious cyber activity, including spearfishing attempts on Democratic leadership, an attack on Ukraine’s power grid and several fraudulent internet scams. Ferrante’s report also criticized efforts by XBT to police its own infrastructure as minimal and inadequate, even after it was contacted by government regulators inquiring about suspect activity.
The report does not allege that Gubarev or XBT were directly involved with the hack or the other malicious activity, as alleged in the dossier. But it concluded: “FTI’s findings illustrate a pattern that XBT infrastructure has been a resource for cybercriminals to launch attacks without fear of repercussion, including specifically cybercriminals engaging in Russian state sponsored malicious activities.
“Based on documentation produced during discovery and deposition transcripts, Gubarev and other XBT executives do not appear to actively prevent cybercriminals from using their infrastructure. Minimal, if any, investigations were performed by XBT when their infrastructure was cited in high profile government or private security firm reports.”
The report also found that Fancy Bear had used XBT servers in other cyber campaigns in the past.