You are here

Russian techie says the FBI still hasn’t called, and now he’s back in the news | Miami Herald

March 23, 2017 2:11 PM Russian techie says the FBI still hasn’t called, and now he’s back in the news Vladimir Fomenko says he has IP addresses of hackers who attacked the election systems of Illinois and Arizona. Facebook Vladimir Fomenko, an entrepreneur in remote Siberia, finds himself linked to both a hacking scandal in Washington and a shakeup at the federal security bureau in Moscow. Facebook
By Kevin G. Hall and Tim Johnson
khall@mcclatchydc.com
A young techie from western Siberia was only a bit player in the Russian hacking scandal roiling U.S. politics, when a powerful friend began applauding Kremlin actions to root out alleged traitors.
Now, Vladimir Fomenko has emerged as a more significant figure as the FBI examines connections between Donald Trump and a Russian campaign, possibly directed or supported by the Kremlin, to influence the 2016 presidential election.
Fomenko first made news last fall during an investigation over Russian meddling in the 2016 election. He says he didn’t know that clients routed their hacking attempts on state voting systems in Arizona and Illinois through his Bay Area servers. Those events are part of what the FBI confirmed this week is a formal investigation into Russian interference in the election and whether Trump associates were involved.
But it turns out that Fomenko is friends with a Russian internet tycoon who applauded the recent arrests of intelligence agents in a cybersecurity unit of Russia’s Federal Security Service on treason charges and who believes Russia has done too little to defend itself from charges that it harbors rogue hackers.
The political scandal in Washington and treason investigation in Moscow have pulled Fomenko, who operates from a base in Biysk, a small city in western Siberia, closer to center stage.
Registration websites show that Fomenko, while still in his teens, started a company called King Servers in November 2008. Media reports from Russia last year put his age at 26, indicating he founded his company when he was only 17 or 18.
It was an FBI amber alert on Aug. 18 that exposed the young Russian’s company. The alert listed internet identifier numbers, known as IP addresses, that were used in conducting hacking attacks in Arizona and Illinois. A Virginia cybersecurity company, ThreatConnect, said in a Sept. 2 report that six of the eight IP addresses in the FBI report belonged to Fomenko’s King Servers, suggesting “that the individuals behind the activity identified in the FBI report are Russian.”
The office of the Arizona Secretary of State confirmed to McClatchy on Thursday that a hacker managed in late June 2016 to get into the Gila County voter registration system through the compromised account of an employee. The hacker or hackers tried but failed to get into the state’s voter registration database.
“We’ve implemented new security procedures for further protection of the state’s registration database,” said Matt Roberts, a spokesman for Secretary of State Michele Reagan.
In a months-long email dialogue with McClatchy reporters, Fomenko answered many questions, avoided many others and often played a cat-and-mouse game of revealing some information but holding back.
He insisted throughout that no U.S. investigators had contacted him.
When asked, Fomenko seemed to know important details about the now-famous intelligence dossier compiled by former British spy Christopher Steele, who was hired to look into Russian influence among Trump’s inner circle. The dossier asserted that the Russian government used its notoriously corrupt pension system to make payments to hackers.
Unfortunately, I can’t give you any more details.
Vladimir Fomenko, chief executive of King Servers
“A web money application was used, not bitcoins. Unfortunately, I can’t give you any more details,” he told McClatchy, repeating that in the form of a question. “How come the payment was not done by bitcoin, because bitcoin can’t be traced?”
The U.S. election investigation has led to arrests in Russia. In late January, Russia lodged treason charges against two intelligence officers in the cyber unit of the Federal Security Service (FSB), the successor to the KGB. Russian media reported that one of the two was believed to be feeding information that led U.S. intelligence agencies to say with “high confidence” in a declassified Jan. 6 report that Russia had attempted to sway the election in Trump’s favor.
Fomenko is Facebook friends with Russian internet tycoon, Pavel Vrublevsky, who publicly accused one of the FSB officers of leaking Russian hacking capabilities to the CIA before any trial has taken place. Vrublevsky founded an online payment company, Chronopay, and recently served a jail term for ordering a hacking attack on a competitor. One of the implicated FSB officers helped put him in jail. On the King Servers webpage, Fomenko’s company thanks Chronopay for its help.
In an email, Vrublevsky denied media reports that he had a business relationship with Fomenko, saying that he knew the Biysk entrepreneur casually and “we resumed talking a few years ago (on) Facebook.” He said he spoke by phone with Fomenko after the FBI alert, and the two shared the opinion that Russia’s image needed to be defended more forcefully.
Russian criminal meddling in U.S. affairs has taken on a new dimension this month with Comey’s testimony on Monday and a Justice Department indictment filed March 15 against two Russian intelligence officers for a massive breach of Yahoo . The indictment said the FSB commonly uses criminal hackers to conduct penetrations abroad.
An FBI spokesman said the bureau had no comment on whether Fomenko is under scrutiny as part of that investigation. The FBI is also looking at whether Russia used robotic networks to promote fake news about the campaign in favor of Trump.
Fomenko doesn’t look the part of a man of global intrigue. His Facebook page shows photos of a baby-faced millenial in front of an Apple laptop, wearing a gray hoodie, and looking at the camera, a tattoo of a mythic creature occupying much of the side of his neck. The page says he attended a high school in Kirovograd, Ukraine, and university in Aktobe, Kazakhstan. His Facebook friends are mostly young Russian millennials and a smattering of Western reporters.
From his base in western Siberia, Fomenko extended his business to the Netherlands and the United States. On its website, King Servers lists server space for sale in Fremont, Calif., and at the Serverius Data Center outside Amsterdam. There, it offers customers “placement and provision of undisturbed operation of network equipment.”
McClatchy obtained company formation documents from the Netherlands, where King Servers B.V. was incorporated on May 12, 2016. This was a month before numerous attempts to penetrate U.S. voting systems.
The company was registered by Nataliia Lysenko, a Ukrainian bookkeeper who works in the Dutch town of Leiden. Efforts to reach her failed.
The company formation documents also list a Ukrainian national, 27-year-old Pavlo Victorovych Zinkovskyi, as a 50-50 equity partner with Fomenko. Zinkovskyi has no apparent Internet footprint and could not be reached for comment.
Records obtained by McClatchy show that Zinkovskyi traveled to the United States in 2015. He arrived in New York on Oct. 15, 2015, and overstayed his visa by a month, leaving Los Angeles on May 6, 2016, 10 days before the company incorporated in the Netherlands.
Asked for details about his overseas operations and his partner, Fomenko said he was breaking off contact.
From now on I refuse to respond.
Vladimir Fomenko, a Russian high-tech entrepreneur
“From now on I refuse to respond. Your questions remind me of The New York Times. And yes, nobody (from law enforcement) contacted us. We are an international company registered in Europe,” he said Tuesday.
A day later, Fomenko said he had never been to the United States and added “we are planning further development of our business in the region.” The New York Times interviewed Fomenko last September in his Siberian hometown.
Fomenko told McClatchy that the article and the notoriety that followed had been good for business.
“Actually, we are more recognizable now, and everybody sees that this is just a media-created story,” said Fomenko, then offering another tidbit of information. “If we didn’t get in touch with The New York Times ourselves after we saw the FBI report, nobody would have known about us.”
An undated statement on the King Servers website addresses the issue of the U.S. hacking. It said the clients who rented the IP addresses from which the hacking occurred still owe the company $290. It did not identify them, saying only that the clients used “fabricated personal and identification data” to rent two servers, and that the servers had been shut down.
It went on to rebut any involvement of Russian security services in the hack, and said an analysis of the servers showed activity came from Sweden, Norway and Italy.
The statement said the firm had maintained log files and correspondence related to the clients, and would provide them to law enforcement, if asked, but that no authorities had contacted the company.
Whether King Servers was an unwitting Russian conduit or part of the plot is unclear. But one cybersecurity expert, Vitali Kremez, a cybercrime intelligence analyst at Flashpoint, a New York City cybersecurity firm, said someone from King Servers, using the alias Die$el, had been active on Russian-language cybercrime forums on the dark web, including on the now-defunct crutop.nu forum.
If nothing else, Fomenko’s history shows the ease with which foreigners – even those from the Siberian taiga – can snatch a share of U.S. internet business.
The U.S. internet is built and operated largely by private companies. Its open nature means that foreigners face virtually no barriers in playing alongside American entrepreneurs.
“At the lowest level, what it takes is a credit card and access to a computer,” said Mike Simon, chief technology officer at Critical Informatics , a Bremerton, Wash., cybersecurity firm.
It’s absolutely possible to set up the business without setting foot here.
Mike Simon, chief technology officer at Critical Informatics
“It’s absolutely possible to set up the business without setting foot here,” Simon added.
Foreign business owners often want to have their websites hosted in the United States to increase consumer confidence. Buyers of goods on the Internet may balk at addresses, for example, that end in .cn (the domain extension for China) or .ru (Russia’s country domain extension).
“You don’t want to be an .ru domain, especially if it’s a (website) where you are going to type in a credit card name,” Simon said.
Hackers often route their penetrations through servers in multiple foreign countries, putting as much of a digital zigzag as possible between themselves and their targets.
“You’re talking about $5 a month, or $10 a month” to rent an IP address, said Carl Brooks, an analyst of cloud computing and service providers at 451 Research, a Boston consultancy.
Brooks said his company tracks about 600 distinct server hosts, and that it estimates there may be 10,000 host companies worldwide, and about 1,000 of those in the United States.
Fomenko leased server space from companies with operations in Fremont, Calif., and Garden City, N.Y.
An executive at the Fremont company, Hurricane Electric Internet Services , said the firm would not confirm or deny details on any of its clients.
I don’t even know if these guys are a client of ours.
Benny Ng, infrastructure director at Hurricane Electric Internet Services
“I’m saying, I don’t even know if these guys are a client of ours,” infrastructure director Benny Ng said in an email.
Presented with a link from Fomenko’s website showing the entrance to Ng’s building and a visual tour of the premises, he answered, “Ahhh, that is news to me.”
EDITORS: STORY CAN END HERE
Fomenko is not the only Russian-origin Internet executive caught in the U.S. hacking storm. The former British spy’s dossier said, without substantiation, that Aleksej Gubarev, the Cyprus-based founder of Internet service providers XBT Holdings and Webzilla, was effectively a conduit for the Russian hackers.
Gubarev denies that and has sued BuzzFeed , which published the dossier without redacting his name and without seeking his comment.
“I know Aleksej and I know that he owns XBT, but I don’t know him personally. I know of him,” said Fomenko. “I have seen already that BuzzFeed apologized to him, and I have nothing to add.”
Their Facebook pages show that Fomenko and Gubarev have friended each other.
“I know Fomenko, he has some hosting business in Europe, but not personally, just Facebook friends. Not any business,” Gubarev told McClatchy, confirming that like Fomenko, he has not been contacted by any law enforcement agency from the United States or Europe.
London-based online investigative news site Bellingcat contributed to this report.

Related posts

Leave a Comment