The Russia connectionAnother Steel Dossier detail appears true

Published 14 March 2019

On the final page of his 35-page dossier, former British intelligence officer Christopher Steele refers to a company, whose name is redacted, that allegedly was used to hack the Democratic party. Today, the New York Times identifies the company and its owner, Aleksej Gubarev, and says that according to a newly revealed report, the allegations against the Russian technology entrepreneur’s operations check out.

On the final page of his 35-page dossier, former British intelligence officer Christopher Steele refers to a company, whose name is redacted, that allegedly was used to hack the Democratic party. 

Today, The New York Times identifies the company and its owner, Aleksej Gubarev, and says that according to a newly revealed report, the allegations against the Russian technology entrepreneur’s operations check out.

Mr. Gubarev’s companies, the dossier claimed, used “botnets and porn traffic to transmit viruses, plant bugs, steal data and conduct ‘altering operations’ against the Democratic Party leadership.”

… A report by a former F.B.I. cyberexpert unsealed in a federal court in Miami found evidence that suggests Russian agents used networks operated by Mr. Gubarev to start their hacking operation during the 2016 presidential campaign.

His networks also appear to have been regularly used by cybercriminals and Russian agents to conduct other attacks, such as an assault on Ukraine’s power grid in 2015, the report found.

(…)

Mr. Gubarev has insisted that neither he nor his businesses knowingly took part in the Russian hacking. He backed up his denials by filing a defamation lawsuit against BuzzFeed, the first news organization to publish the dossier, which became public in January 2017. The report unsealed Thursday was commissioned by BuzzFeed to fend off Mr. Gubarev’s suit, which was dismissed in December when the court found BuzzFeed’s decision to publish protected under the law.

(…)

The report was released after months of legal wrangling by Mr. Gubarev’s lawyers, who strenuously fought to keep it under wraps, arguing that it was one-sided and would unfairly tar their client. The New York Times, acting independently of BuzzFeed and Mr. Gubarev, asked the court in October to unseal all of the evidence in the case.

(…)

The report commissioned by BuzzFeed to investigate the dossier did not set out to prove any of those accusations. It was done by FTI Consulting, a Washington-based firm, and focused solely on the accusations against Mr. Gubarev. It relied largely on analyzing internet traffic and other clues, and on digging through public records to glean insight into Mr. Gubarev’s holding company, XBT, and its many affiliates, including Webzilla. Both XBT and Webzilla were named in the dossier as being used for the hacking.

(…)

Mr. Gubarev’s “companies have provided gateways to the internet for cybercriminals and Russian state-sponsored actors to launch and control large scale malware campaigns over the past decade,” the report concluded. “Gubarev and other XBT executives do not appear to actively prevent cybercriminals from using their infrastructure.”

Gubarev’s lawyer says his client should not be liable for what others were doing on his network.  

Evan Fray-Witzer, a lawyer for Mr. Gubarev, said that hackers using a client’s servers was hardly unique for a web-hosting company, or any tech company … 

“You could say the same thing about Google’s infrastructure and Amazon’s infrastructure — and no one is accusing them of hacking anyone just because hackers used their infrastructure,” he said.

(…)

In any case, Mr. Fray-Witzer said, the dossier accused Mr. Gubarev “directly of having been involved in the hacking of the D.N.C.,” not of running networks used by thieves and criminals.

“Because they couldn’t prove the allegations that they actually made about our client,” he continued, “they pivoted to say, ‘Well, your infrastructure was used from time to time to do bad things.’”