A veteran cybersecurity investigator has buttressed claims made in the Christopher Steele dossier that Internet infrastructure owned by Russian entrepreneur Aleksej Gubarev was used by Russian intelligence to subvert Hilary Clinton’s 2016 presidential bid, Buzzfeed reports.
Gubarev’s infrastructure was also allegedly used to disperse the Gozi virus, which the US Attorney’s Office of the District of Southern New York has dubbed, “One of the most financially destructive computer viruses in history.”
Between 2007-2011, Gozi was reportedly used to infect more than a million computers worldwide in order to steal personal banking information and millions of dollars. It has also been utilized to abscond with cryptocurrency.
Gubarev’s infrastructure also allegedly carried “Rig exploit” Trojan malware used to disperse botnet viruses and ransomware. The kit reportedly infected hundreds of users per day.
These claims are included in a report prepared by Anthony J Ferrante, Senior Managing Director and Global Head of Cybersecurity at FTI Consulting.
According to Buzzfeed, Ferrante is a former, “top-ranking FBI cybersecurity agent who also directed the National Security Council’s cyber-response team.”
Ferrante was contracted to conduct the investigation by Buzzfeed to help defend the media outlet in a case of libel brought against it by Gubarev and his company, XBT.
Gubarev is suing Buzzfeed for publishing the Christopher Steele dossier, in which he is named.
Christopher Steele is a former British Intelligence officer who alleged in 2016 that Gubarev and his companies were aiding cyberattacks waged against the Hilary Clinton presidential campaign and the DNC.
According to Buzzfeed, Gubarev company infrastructure:
“…may also have been used in spearfishing attempts on John Podesta, chair of Hillary Clinton’s presidential campaign…Thousands of Podesta’s emails, revealing campaign strategies and other sensitive material, were subsequently published by WikiLeaks in early October 2016.”
Steele’s dossier also reportedly alleged that XBT and other companies owned by Gubarev were being used to proliferate, “botnets and porn traffic to transmit viruses, plant bugs, steal data and conduct ‘altering operations’” against the American Democrats.
“Gubarev and his attorneys have adamantly denied that XBT or any of its subsidiaries had any role in election interference and say that they are not responsible for the actions of third parties — including hackers — who use its infrastructure.”
During the course of libel proceedings against Buzzfeed, Gubarev’s lawyers apparently fought to keep the Ferrante report sealed.
The New York Times, however, succeeded in petitioning to have the Ferrante report and other documents pertaining to the case released to the public, and they were unsealed by a Florida judge on Thursday, March 14th.
After researching for nine months, Ferrante has now presented “technical evidence” that:
“XBT and its affiliated web hosting companies have provided gateways to the internet for cybercriminals and Russian state sponsored actors to launch and control large scale malware campaigns over the past decade.”
The report also claims that “(XBT) infrastructure was used to support the malicious spear phishing attack of Democratic Party leadership in 2016 which resulted in the theft and subsequent publication of highly sensitive information related to the Hillary Clinton presidential campaign.”
Ferrante also reportedly finds ties between XBT and Fancy Bear, one of two Russian intelligence groups that US intelligence believes orchestrated attacks against the American Democratic Party.
Ferrante’s report also links XBT to cyber attacks on the Ukrainian power grid and several Internet-borne fraud schemes.