Mr. Gubarev’s “companies have provided gateways to the internet for cybercriminals and Russian state-sponsored actors to launch and control large scale malware campaigns over the past decade,” the report concluded. “Gubarev and other XBT executives do not appear to actively prevent cybercriminals from using their infrastructure.”
The evidence cited by the report included the use of I.P. addresses — the numbered codes that differentiate individual internet connections — run by an XBT subsidiary, Root S.A., by Russian hackers from two groups tied to the country’s intelligence services, Fancy Bear and Cozy Bear. The investigators hired by BuzzFeed also found that at least one of the fake links used to trick John D. Podesta, the chairman of Hillary Clinton’s 2016 presidential campaign, into giving up his email password to hackers was traced back to an I.P. address run by Root S.A.
The report also detailed evidence that it said suggested Mr. Gubarev’s companies were used in other cybercrimes traced to Russian hackers. One was a sophisticated Russian cyberfraud operation known as the Methbot scheme. It used bots — computer programs that pretend to be people — to steal hundreds of millions of dollars.
During the three months the scheme was running in 2016, roughly three-quarters of the internet traffic flowing through two web-hosting companies owned by Mr. Gubarev — Servers.com and WZ Communications — was dedicated to the scheme, the report said.
Mr. Fray-Witzer, the lawyer, said Mr. Gubarev’s companies did not make a habit of prying into the web traffic of its clients, and could not have known what its servers were being used for. But, he added, Servers.com and WZ Communications shut off internet access for those behind the Methbot scheme as soon as they found out about it, and saved all of the hard drives for any investigators who wanted to examine them — none have.
Asked about the numerous lawsuits that have claimed that Mr. Gubarev’s companies were used to trade in copyrighted material, Mr. Fray-Witzer offered the same argument: Web-hosting companies are not typically held responsible for the traffic that flows through their servers, and Mr. Gubarev should not be held to a different standard.
In any case, Mr. Fray-Witzer said, the dossier accused Mr. Gubarev “directly of having been involved in the hacking of the D.N.C.,” not of running networks used by thieves and criminals.
“Because they couldn’t prove the allegations that they actually made about our client,” he continued, “they pivoted to say, ‘Well, your infrastructure was used from time to time to do bad things.’”