A young techie from western Siberia was only a bit player in the Russian hacking scandal roiling U.S. politics, when a powerful friend began applauding Kremlin actions to root out alleged traitors.
Now, Vladimir Fomenko has emerged as a more significant figure as the FBI examines connections between Donald Trump and a Russian campaign, possibly directed or supported by the Kremlin, to influence the 2016 presidential election.
Fomenko first made news last fall during an investigation over Russian meddling in the 2016 election. He says he didn’t know that clients routed their hacking attempts on state voting systems in Arizona and Illinois through his Bay Area servers. Those events are part of what the FBI confirmed this week is a formal investigation into Russian interference in the election and whether Trump associates were involved.
But it turns out that Fomenko is friends with a Russian internet tycoon who applauded the recent arrests of intelligence agents in a cybersecurity unit of Russia’s Federal Security Service on treason charges and who believes Russia has done too little to defend itself from charges that it harbors rogue hackers.
The political scandal in Washington and treason investigation in Moscow have pulled Fomenko, who operates from a base in Biysk, a small city in western Siberia, closer to center stage.
Registration websites show that Fomenko, while still in his teens, started a company called King Servers in November 2008. Media reports from Russia last year put his age at 26, indicating he founded his company when he was only 17 or 18.
It was an FBI amber alert on Aug. 18 that exposed the young Russian’s company. The alert listed internet identifier numbers, known as IP addresses, that were used in conducting hacking attacks in Arizona and Illinois. A Virginia cybersecurity company, ThreatConnect, said in a Sept. 2 report that six of the eight IP addresses in the FBI report belonged to Fomenko’s King Servers, suggesting “that the individuals behind the activity identified in the FBI report are Russian.”
In a months-long email dialogue with McClatchy reporters, Fomenko answered many questions, avoided many others and often played a cat-and-mouse game of revealing some information but holding back.
He insisted throughout that no U.S. investigators had contacted him.
When asked, Fomenko seemed to know important details about the now-famous intelligence dossier compiled by former British spy Christopher Steele, who was hired to look into Russian influence among Trump’s inner circle. The dossier asserted that the Russian government used its notoriously corrupt pension system to make payments to hackers.
Unfortunately, I can’t give you any more details.
Vladimir Fomenko, chief executive of King Servers
“A web money application was used, not bitcoins. Unfortunately, I can’t give you any more details,” he told McClatchy, repeating that in the form of a question. “How come the payment was not done by bitcoin, because bitcoin can’t be traced?”
The U.S. election investigation has led to arrests in Russia. In late January, Russia lodged treason charges against two intelligence officers in the cyber unit of the Federal Security Service (FSB), the successor to the KGB. Russian media reported that one of the two was believed to be feeding information that led U.S. intelligence agencies to say with “high confidence” in a declassified Jan. 6 report that Russia had attempted to sway the election in Trump’s favor.
Fomenko is Facebook friends with Russian internet tycoon, Pavel Vrublevsky, who publicly accused one of the FSB officers of leaking Russian hacking capabilities to the CIA before any trial has taken place. Vrublevsky founded an online payment company, Chronopay, and recently served a jail term for ordering a hacking attack on a competitor. One of the implicated FSB officers helped put him in jail. On the King Servers webpage, Fomenko’s company thanks Chronopay for its help.
In an email, Vrublevsky denied media reports that he had a business relationship with Fomenko, saying that he knew the Biysk entrepreneur casually and “we resumed talking a few years ago (on) Facebook.” He said he spoke by phone with Fomenko after the FBI alert, and the two shared the opinion that Russia’s image needed to be defended more forcefully.
Russian criminal meddling in U.S. affairs has taken on a new dimension this month with Comey’s testimony on Monday and a Justice Department indictment filed March 15 against two Russian intelligence officers for a massive breach of Yahoo. The indictment said the FSB commonly uses criminal hackers to conduct penetrations abroad.
An FBI spokesman said the bureau had no comment on whether Fomenko is under scrutiny as part of that investigation. The FBI is also looking at whether Russia used robotic networks to promote fake news about the campaign in favor of Trump.
Fomenko doesn’t look the part of a man of global intrigue. His Facebook page shows photos of a baby-faced millenial in front of an Apple laptop, wearing a gray hoodie, and looking at the camera, a tattoo of a mythic creature occupying much of the side of his neck. The page says he attended a high school in Kirovograd, Ukraine, and university in Aktobe, Kazakhstan. His Facebook friends are mostly young Russian millennials and a smattering of Western reporters.
From his base in western Siberia, Fomenko extended his business to the Netherlands and the United States. On its website, King Servers lists server space for sale in Fremont, Calif., and at the Serverius Data Center outside Amsterdam. There, it offers customers “placement and provision of undisturbed operation of network equipment.”
McClatchy obtained company formation documents from the Netherlands, where King Servers B.V. was incorporated on May 12, 2016. This was a month before numerous attempts to penetrate U.S. voting systems.
The company was registered by Nataliia Lysenko, a Ukrainian bookkeeper who works in the Dutch town of Leiden. Efforts to reach her failed.
The company formation documents also list a Ukrainian national, 27-year-old Pavlo Victorovych Zinkovskyi, as a 50-50 equity partner with Fomenko. Zinkovskyi has no apparent Internet footprint and could not be reached for comment.
Records obtained by McClatchy show that Zinkovskyi traveled to the United States in 2015. He arrived in New York on Oct. 15, 2015, and overstayed his visa by a month, leaving Los Angeles on May 6, 2016, 10 days before the company incorporated in the Netherlands.
Asked for details about his overseas operations and his partner, Fomenko said he was breaking off contact.
From now on I refuse to respond.
Vladimir Fomenko, a Russian high-tech entrepreneur
“From now on I refuse to respond. Your questions remind me of The New York Times. And yes, nobody (from law enforcement) contacted us. We are an international company registered in Europe,” he said Tuesday.
A day later, Fomenko said he had never been to the United States and added “we are planning further development of our business in the region.” The New York Times interviewed Fomenko last September in his Siberian hometown.
Fomenko told McClatchy that the article and the notoriety that followed had been good for business.
“Actually, we are more recognizable now, and everybody sees that this is just a media-created story,” said Fomenko, then offering another tidbit of information. “If we didn’t get in touch with The New York Times ourselves after we saw the FBI report, nobody would have known about us.”
An undated statement on the King Servers website addresses the issue of the U.S. hacking. It said the clients who rented the IP addresses from which the hacking occurred still owe the company $290. It did not identify them, saying only that the clients used “fabricated personal and identification data” to rent two servers, and that the servers had been shut down.
It went on to rebut any involvement of Russian security services in the hack, and said an analysis of the servers showed activity came from Sweden, Norway and Italy.
The statement said the firm had maintained log files and correspondence related to the clients, and would provide them to law enforcement, if asked, but that no authorities had contacted the company.
Whether King Servers was an unwitting Russian conduit or part of the plot is unclear. But one cybersecurity expert, Vitali Kremez, a cybercrime intelligence analyst at Flashpoint, a New York City cybersecurity firm, said someone from King Servers, using the alias Die$el, had been active on Russian-language cybercrime forums on the dark web, including on the now-defunct crutop.nu forum.
If nothing else, Fomenko’s history shows the ease with which foreigners – even those from the Siberian taiga – can snatch a share of U.S. internet business.
The U.S. internet is built and operated largely by private companies. Its open nature means that foreigners face virtually no barriers in playing alongside American entrepreneurs.
“At the lowest level, what it takes is a credit card and access to a computer,” said Mike Simon, chief technology officer at Critical Informatics, a Bremerton, Wash., cybersecurity firm.
It’s absolutely possible to set up the business without setting foot here.
Mike Simon, chief technology officer at Critical Informatics
“It’s absolutely possible to set up the business without setting foot here,” Simon added.
Foreign business owners often want to have their websites hosted in the United States to increase consumer confidence. Buyers of goods on the Internet may balk at addresses, for example, that end in .cn (the domain extension for China) or .ru (Russia’s country domain extension).
Continued.....
Bookmarks