SIBERIAN CYBERWARRIOR?
A young Russian holds clues to the U.S. hacking attack,
BIYSK, RUSSIA— Living anonymously, down a winding road in the wilderness of western Siberia, not far from the Mongolian border, the only person implicated in the flurry of Russian hacking of the Democratic National Committee and other political sites was enjoying the moment.
“We have the information, but nobody contacted us,” said Vladimir Fomenko, a tattooed 26-year-old who snowboards in his free time and runs a business out of a rented apartment.
“It’s like nobody wants to sort this out,” he added with a sly grin.
Fomenko was recently identified by an American cybersecurity company, Threat-Connect, as the manager of an “information nexus” that was used by hackers suspected of working for Russian state security in cyberattacks on democratic processes in several countries, including Germany, Turkey and Ukraine, as well as the United States.
Rather than issuing blanket denials, Fomenko is apparently eager to discuss his case — lending another, if still cryptic, dimension to the intrigue, restricted before now to digital codes and online fingerprints.
Fomenko is owner of a server rental company called King Servers, used by hackers in an incursion on computerized election systems in Arizona and Illinois this year. Its other principal clients, he said, have been pornographers.
His response has been a blend of sarcasm, vague denials and an invitation to co-operate with the FBI, offering potentially critical evidence in the Arizona and Illinois cases, should officials reach out to him here.
“If the FBI asks, we are ready to supply the IP addresses, the logs,” he said, referring to Internet protocols, which identify a particular web page or device. “But nobody is asking. That is a big question.”
Another is just how much Fomenko knows. Attribution in cases like these is a notoriously tricky business, especially when governments route their attacks through proxy servers like his or, in many cases, outsource espionage activities to criminal groups to maintain a measure of plausible deniability.
The investigation that led here began after the hacking of the state voting systems from June until August, what cyber analysts say could be a bold bid by a resurgent Russia to undermine Americans’ faith in their electoral process. The FBI published eight internet addresses used in the attack. The bureau did not name the states, but officials in Arizona and Illinois acknowledged that their computers had been hacked.
Threat-Connect then identified six of the eight addresses as originating from servers owned by King Servers, Fomenko’s company, in Dronten, the Netherlands, and possibly elsewhere. Fomenko also owns servers in Fremont, Calif., Garden City, N.Y., and Moscow.
Russian officials have denied any involvement in the hacking, but in an interview this month, President Vladimir Putin asked Bloomberg, “Does it even matter who hacked this data?” implying that the revelations were more important than the source. “The content was given to the public.”
Democratic presidential nominee, Hillary Clinton, blamed the Russian security services for the hackings, and said Putin “could barely muster the energy to deny” Russia’s involvement. Donald Trump, the Republican nominee, has played down the prospect that Russia was involved.
Ambiguity has trailed the Russian hacking story all along. Fomenko, in an interview in a bar here called Rocks, denied having any ties to the hacking. Yet he sports a collarbone-to-jaw tattoo of what he described as a version of the theatrical mask that is the symbol of the hacking group Anonymous.
He denied any connection to the group, saying he simply liked the symbolism of the mask. “A person can be evil, or a person can be good, or a person can hide who they are,” he said.
The equivocation of responses by Putin and Fomenko is studied and deliberate, Kenneth Geers, a senior research scientist at Comodo, a cybersecurity firm, and a former cybersecurity officer with NATO, said in a telephone interview.
“You are not saying yes, you are not saying no, so it’s frustrating for the victim, and it’s intimidating,” he said. “You are suggesting there is more to come.”
The tattoo, though, “is something of a giveaway.”
Fomenko said prospective renters using the nicknames Robin Good and Dick Robin had contacted him online in May and paid through WebMoney, an online payment system.
On Sept. 15, Fomenko said in a statement that he had learned belatedly from news reports of the accusation that the hacking of the Arizona and Illinois voting systems were staged from two of his servers, and that he had shut them down.
Fomenko does not deny hackers used his servers, but does deny knowing that they did until Sept.15. He says he does not know who they are, but they are certainly not the Russian security agencies.
“The analysis of the internal data allows King Services to confidently refute any conclusions about the involvement of the Russian special services in this attack,” he said in his statement. But then, apparently striking a sarcastic tone, he said he would send a bill to Trump and Putin for server rent left unpaid by the hackers.