Documents unsealed Thursday in a South Florida court case provide the most convincing evidence yet that Russian spies piggybacked on a Russian-tied foreign tech company with offices in Florida and Texas to hack the Democratic National Committee and party leaders.
The documents were unsealed in the aftermath of a failed defamation lawsuit brought against online news company BuzzFeed by XBT Holding and its founder, Aleksej Gubarev. BuzzFeed had identified him and his company when it published in January 2017 the so-called Trump dossier, compiled by former British spy Christopher Steele.
The research that made up the dossier was mostly paid for by political opponents of Donald Trump from both major parties during his 2016 campaign, and among its explosive allegations were that XBT's internet platform was used to launch cyberwarfare that interfered in the U.S. elections.
XBT and Gubarev are based in Cyprus but boast web-hosting operations globally and XBT operates servers in Russia. In a series of stories, McClatchy had reported how Russian-linked hackers used the little-known XBT and Webzilla infrastructure to help spread the Methbot and Gozi viruses, giving more credibility to the dossier's assertions. McClatchy also discovered that another alleged bad actor named in the dossier was a twice-convicted pedophile with cyber expertise.
Those stories helped fill in blanks about the company named in a document that became part of the basis for special counsel Robert Mueller III's investigation into Russian election meddling. But the technical details of how the hack happened and efforts to trick people into opening fake documents -- called spear phishing -- remained relatively murky.
That was until Thursday, when an expert's report entered into the court record by a former top National Security Council cyber leader was unsealed, giving more clarity to the technical mechanisms deployed to hack the DNC and party leaders back in 2016.
"Technical evidence suggests that Russian cyber espionage groups used XBT infrastructure to support malicious spear phishing campaigns against the Democratic Party leadership, which resulted in the theft of emails from a senior member of the Hillary Clinton presidential campaign," said the report prepared by Anthony J. Ferrante, who beyond his NSC role had also served as chief of staff of the FBI's cyber division.
Among Ferrante's conclusions:
-- A Russian cyber espionage group linked to the DNC hack has used an XBT-owned IP address in the past. IP addresses are a computer's unique identifier when connected to the internet.
-- Technical evidence points to XBT-owned infrastructure used to support malicious cyber campaigns.