Notice: Undefined variable: user in /home/forensic/public_html/wp-content/themes/fnpro2021/header.php on line 46
TikTok Logo

X

Forensic News is entirely reader-funded.

Please consider supporting independent, paywall-free investigative journalism:

(this helps us the most!)



New to Forensic News? Learn more about us here.

 

Russian Cybersecurity Firm Draws U.S. Federal Scrutiny, Concern from National Security Experts

January 20, 2022 2:22 pm By

A Russian cybersecurity company placed on a U.S. Commerce Department export ban list for having “enabled the activities of malicious Russian cyber actors” has maintained an active U.S. presence that has attracted the scrutiny of federal investigators, a Forensic News investigation can reveal.

Open Joint Stock Company Information Technology and Communication Systems, a/k/a/ “Infotecs”, produces encryption tools and other cybersecurity products meant to safeguard critical information for businesses and organizations. 

The company was founded in 1991 by Andrey Chapchaev, a shadowy engineer and businessman who spent a decade in the KGB’s research department before starting Infotecs, where he remains the company’s largest shareholder.

The company has active licenses with a plethora of Russian government entities, including Russia’s domestic intelligence agency, the FSB. These licenses allow Russia’s spies to use Infotecs products to “protect state secrets.

Though the bulk of their business comes from Russia and elsewhere overseas, the company has maintained multiple corporate entities in the United States for over two decades. 

According to at least one Infotecs employee, major U.S. clients have included Cigna, Rutgers University, and Hackensack University Medical Center.

National security experts publicly and privately have expressed concerns about the U.S. operations of Infotecs given its direct ties to Russia’s intelligence agencies. 

Over the course of six months, Forensic News has gathered corporate documents from multiple jurisdictions in the US and overseas, spoken with numerous sources familiar with Infotecs, and consulted with national and cyber security experts to show how a company deeply embedded into the Russian intelligence community has operated freely in the U.S.


Forensic News believes in transparency in the journalism process. Go behind-the-scenes to see how this story was created with the Stone video bibliography:


Infotecs’ Cozy Relationship with Russian Intelligence

Infotecs was founded in the early 1990s by Andrey Chapchaev, a senior KGB engineer who spent a decade in the intelligence community before starting Infotecs as his first private venture. 

Many details about Chapchaev remain shrouded in mystery, but Russian government customers quickly began purchasing Infotecs’ network security and Virtual Private Network (VPN) tools after the company was founded.

According to Infotecs, the Russian government banking behemoth Sberbank became a customer in 1993, and business records show that Infotecs currently supplies equipment for numerous Russian government bodies including Russian Railways, Rostelecom, and the country’s state pension fund. 

Current government contracts for Infotecs total nearly 1.5 billion rubles or approximately $20 million, constituting a significant portion of the company’s yearly revenue.

Infotecs’ relationship with Russia’s intelligence services is even more substantial. 

The Russian webpage of the Infotecs website lists multiple licenses from the FSB, and FSTEC, the government agency responsible for the military’s informational security. Each license allows Infotecs to provide encryption and digital security tools to protect sensitive, confidential Russian state secrets. 

One of Infotecs’ licenses with the FSB.

The English webpage inconspicuously does not list these licenses.

Prior to the Forensic News investigation, Infotecs claimed on the English website that the company was, “the official supplier for United Nations.” A spokesperson for the UN, however, refuted those claims. 

Infotecs website before Forensic News contacted the UN.

Infotecs website before Forensic News contacted the UN.

“Infotecs Americas Inc. has been registered in UN Global Market Vendor Database since 2013. However, it has not registered any Contracts, Procurement Offers or Bid invitations,” Farhan Aziz Haq, Deputy Spokesman for the UN Secretary-General said. “They are registered in our system but we don’t appear to have done any business with them.

Shortly after that statement was given, the Infotecs website removed their claims of being a UN partner.

Infotecs website after Forensic News contacted the UN

Infotecs website after Forensic News contacted the UN

Suspicions about the very core of Infotecs’ business—cryptography—have been documented by security researchers who have concerns that Infotecs’ encryption may have a backdoor for malicious cyber actors to exploit.

Motherboard previously reported that cryptographic experts found what appeared to be a flaw in Streebog and Kuznyechik, two Russian-made algorithms that are central in encrypting confidential or privileged information. Those algorithms were designed by Infotecs in conjunction with one of Russia’s intelligence agencies. 

According to Motherboard, Streebog “is used to hash information; that is, create a hopefully irreversible and secure cryptographic representation of it. Kuznyechik is used for encrypting text, which could include communications.”

What the security researchers found was that the designer of Streebog and Kuznyechik, Infotecs, insisted that a crucial function used by both algorithms was derived randomly, but that did not jibe with the researchers’ analysis. 

The authors of Kuznyechik and Streebog repeated multiple times (including in writing) that they used a random process, i.e. that this function was obtained doing an equivalent of flipping coins,” according to Leo Perrin, a French security researcher at the National Institute for Research in Digital Science and Technology (INRIA) who first found the flaw. 

What I found in 2019 with my colleagues is that this function had an extremely strong mathematical structure. Then, we showed that the probability of obtaining *any* structure as simple as this one was utterly negligible,” Perrin said, referring to the mathematical research.

Still, Infotecs insisted that the function was obtained via a random process. The researchers, however, found that “the likelihood of this being correct is lower than the probability of getting 1000 heads when tossing an unbiased coin 1000 times.

That it was not derived randomly but instead used a strong mathematical structure raises the question of the presence of a backdoor, a potential hidden master key that would allow its owners to view the supposedly secure communications.

The authors of Streebog lied about their design process by hiding key features from their main component, and to this day insist that it is a mere coincidence despite overwhelming evidence of the opposite,” Perrin told Forensic News

Infotecs moves into the Americas

In 2013, Infotecs expanded into the U.S., incorporating a company in Delaware and a branch in Manhattan. Chapchaev, the former veteran KGB officer, was listed as the company’s CEO on Delaware corporate records obtained by Forensic News

Infotecs corporate document in Delaware

Infotecs corporate document in Delaware

From 2013 to 2018, Chapchaev remained on the paperwork before being replaced by the current CEO of Infotecs Americas, Alexander Tkachev. 

According to Infotecs Americas’ former Senior Business Development/Intelligence Manager, the company generates more than $4 million annually and has “key accounts” with Rutgers University and Hackensack University Medical. The largest consumer appears to be the health insurance giant Cigna.

I won the largest group purchasing organization (GPO) contract in Infotecs’ history and am currently working through Cigna’s GPO to implement the ViPNet solution at over 400+ hospitals across the nation,” the Infotecs Americas executive posted on his LinkedIn account. 

Neither Cigna’s media relations department nor Hackensack University Medical center responded to numerous attempts via email and phone to explain their relationship with Infotecs. 

Forensic News filed a Freedom of Information request with Rutgers University for any contracts with Infotecs but a university review of the request “did not yield a contract with Infotecs/VipNet nor any purchase orders.” “The University has determined that neither Infotecs nor VipNet is not an active supplier in our system,” the University Custodian of Records said.

According to other former employees in the U.S. who spoke with Forensic News on the condition of anonymity, Infotecs partnered with multiple distributors in the U.S. to sell their encryption and security software to prospective clients, which may explain why a client like Rutgers University may not have records of dealing with Infotecs directly. 

One such distributor listed by Infotecs is Evanston Technology Partners, a Chicago-based cybersecurity firm that works closely with health care companies. One of the former Infotecs employees told Forensic News that while s/he did not have direct knowledge of any Infotecs dealings with Cigna, it was likely that Evanston would be the reseller.

When asked if he would discuss Evanston’s business relationship with Infotecs Americas, Evanston’s CEO Emmanuel Jackson said, “I’m not interested.

George Oneid, President of Care Global, another alleged Infotecs reseller in the U.S., responded to a request for comment by asking for questions via email but then never responded once the questions were sent.

The Commerce Department Action and FBI Interest

In September 2018, the United States Commerce Department’s Bureau of Industry and Security (BIS) placed 14 companies, including Infotecs in Russia, on an export ban list. “These fourteen entities have been determined by the U.S. Government to be acting contrary to the national security or foreign policy interests of the United States,” BIS declared.

Infotecs was one of four companies singled out by BIS for having, “enabled the activities of malicious Russian cyber actors.

Though this action is commonly referred to as a sanction, the listing by the Commerce Department does not ban Infotecs from operating in the United States. 

More recently, Israeli cyber-surveillance company NSO Group generated headlines for being placed on the export ban list.

According to Douglas Jacobson, a prominent international trade lawyer at Jacobson Burton Kelley PLLC and an Adjunct Proffesor of Law at American University, the Commerce Department action forces any U.S. company seeking to export goods to Infotecs in Russia to obtain a license from the U.S. government.

The license requirement under EAR [The Export Administration Regulations] can apply to a wide variety of goods including computers, hardware, servers, software code, and even something as small as a chair or desk,” Jacobson told Forensic News

If there is an export from any U.S. company, including any Infotecs branch in the U.S., the company would need a license from Commerce to approve a sale to Infotecs in Russia,” he said.”

Businesses are still allowed to do business with Infotecs in Russia, the U.S., or anywhere else, Jacobson said. The action by the Commerce Department strictly applies to exports from the U.S and doesn’t place Infotecs under any other restrictions that might be seen if economic sanctions were applied on the company from elsewhere in the government.

Apart from the Commerce Department action, the FBI has also taken interest in Infotecs’ activities in the U.S., according to sources directly familiar with the matter. 

These concerns are unfounded,” said James Quinn, a former senior executive at Infotecs Americas Inc. who also stated that the FBI asked questions about the company.

Infotecs Americas Inc, located in Manhattan and Delaware, is the main US. entity for Infotecs.

I was there for there for almost two years and I’m convinced that everything is legal and ethical,” Quinn said. 

FBI interest in Infotecs was confirmed by a second former employee, who met with authorities in 2021 but declined to be named due to safety concerns. That employee said that the FBI asked questions about the sources of funding for Infotecs’ activity in the U.S., but was unsure if there was a criminal investigation open.

The implications of a Russian cybersecurity company deeply embedded within Russia’s intelligence community potentially operating in the U.S. with major healthcare and collegiate customers have raised alarms among national security experts. Those concerns are heightened by the BIS action labeling Infotecs as an “enabl[er] of malicious Russian cyber actors.” 

Daniel Maki, Senior Intelligence Manager at the UK-based Institute for Strategic Dialogue told Forensic News that there are serious concerns about Infotecs penetrating the Western market.

 “The myriad of direct links between this company and Russia’s security intelligence apparatus, not least its founder’s own history working as a SIGINT practitioner prior to the end of the Cold War, raises obvious questions about the nature of their business dealings in the West,” he said.

“It’s reasonable that any cybersecurity company worth its salt would want to establish business operations in Germany and the United States, given how in-demand such services are in both jurisdictions. But a cybersecurity company founded by a former Russian spy, which specializes in cryptography, quantum computing, and has a lengthy business history of servicing some of Russia’s most sensitive agencies? That’s a Soviet embassy-sized red flag that no amount of due diligence is going to change.”

Inauthentic Activity and Links to a Kremlin Bot Developer

Adding to the concerns of Maki and other intelligence analysts is Infotecs’ connections to Artem Klyushin, a Russian businessman whom the Senate Intelligence Committee described as a “Kremlin-linked bot developer who has supported Russian influence operations.” 

In its report, the Senate Intelligence Committee stated numerous concerns about Klyushin and Klyushina, both of whom were hired by Azeri-Russian oligarch Aras Agalarov and his son Emin. Klyushin received Russian government funding, supported the Kremlin’s social media influence operations, and provided “social media expertise” to the Kremlin, the Committee said.

By 2013, the bot developer and his then-wife were promoting Trump and Miss Universe on behalf of the Agalarovs and spent considerable time with Trump during the Moscow trip.

“During the 2013 trip to Moscow for the Miss Universe Pageant, two Agalarov employees, Artem Klyushin and his then-wife Yulya Klyushina, spent time with Donald Trump,” the Committee stated. “In particular, on Saturday, November 9, 2013, the day of the Miss Universe pageant, publicly available information indicates that Klyushina and Klyushin. had some interaction with Trump at several points throughout the day. The Committee has little insight into the nature of these interactions.”

The interactions between Klyushin and Trump were promoted on Twitter by the wife of a senior Infotecs employee, who appears to have had a close relationship with Klyushin and Klyushina when they worked for the Agalarovs.  

Pavel Sokolov, Infotecs’ Project Manager, and his wife Angelika Sokolova have corresponded numerous times over various social media platforms with Klyushin and his wife Klyushina. In one 2014 photo, all four individuals are pictured. 

Sokolova, in particular, appears to have maintained a close relationship with Klyushin and Klyushina when they worked for the Agalarovs. Sokolova commented multiple times on Trump’s visit to Russia and promoted Miss Universe content shared by Klyushin and Klyushina.

Years later in 2018 while her husband was working for Infotecs in the U.S., Sokolova posed for a photo outside Trump Tower in New York and vaguely alluded to reports that Trump may have been compromised by video of sex acts surreptitiously taken by Russian intelligence during his trip to Russia.

“Here I’m [sic]  Mr.Trump I’m waiting for you with my naked knee Time is ticking.

Source: Angelika Sokolova on Instagram.

The concerns about Infotecs’ relationship with powerful Kremlin-linked social media specialists are compounded by inauthentic, bot-like activity on the Twitter accounts of Sokolov, Sokolova, and the Infotecs Americas Twitter accounts. 

Over the course of 2018, Sokolov, Sokolova, and Infotecs Americas all began to tweet in a fashion that resembles botnet activity, according to experts. Nearly all the suspicious tweets appear aimed to promote campaigns initiated by the nonprofit Global Citizen and Nedbank, a South African-based financial institution. Infotecs has no apparent relationship with either of those entities. 

The tweets promoted various social issues devoid of any connection to the stated business of Infotecs. Multiple tweets were often sent in the same minute and the source labels in various tweets indicate that they made use of services that automatically generate tweets and replies, according to an intelligence analyst who reviewed the Tweet behavior. The official Infotecs Americas account, for example, tweeted about menstrual hygiene, Nigeria’s sanitation, and refugee crises

Maki and other analysts who spoke with Forensic News examined the Twitter accounts and found the behavior unusual and suspicious, though no motive could be ascribed to the coordinated, inauthentic behavior.

On September 26, 2018, the Commerce Department’s action became effective, and the Infotecs Americas account posted a final burst of six inauthentic Tweets in the span of one minute before permanently going dark.

It remains unclear which companies in the U.S. may be using products created by Infotecs, but experts like Maki warned of the possible counterintelligence consequences.

“If I were a client of theirs, I would at the very least be asking questions about where my data is being stored, and what controls are in place with regard to who can access it.”

Tags



Related Posts


Deprecated: WP_Query was called with an argument that is deprecated since version 3.1.0! caller_get_posts is deprecated. Use ignore_sticky_posts instead. in /home/forensic/public_html/wp-includes/functions.php on line 5607

Forensic News

Forensic News is entirely reader-funded. Consider supporting paywall-free news.

Choose an amount
$