An investigation by US Immigration and Customs Enforcement (ICE) revealed that the phone hacking software that it uses originated in the mobile forensics sector of Russia and a FSB-linked network related to one of the most wanted hackers by the FBI.
In September 2024, ICE renewed a contract with Oxygen Forensics Inc., a digital forensics corporation based in the southeastern state of the US, Virginia.
The tools of the company are created to extract and analyse data collected on smartphones and other digital devices involved in criminal investigations. They are also able to reclaim the information, such as encrypted or deleted messages.
The agreement may seem to be a standard one, but a new report by Olga Lautman, a senior research fellow at the Centre of European Policy Analysis (CEPA) and a newspaper reporter, Andrei Luchkov, has uncovered that Oxygen Forensics has purported Russian connections.
As Lautman and Luchkov have reported, the company was first established in Moscow in the early 2000s under the name Oxygen Software, and only later, in 2013, was it expanded in the US as Oxygen Forensics.
According to official records in the US, the US-based company is a current or former contractor with ICE, the FBI, the Drug Enforcement Administration, Customs and Border Protection, and the State Department.
Oxygen Software in Russia was subsequently renamed as MKO-Systems and came up with a counter equivalent in Russia called Mobile Forensic, the analysts said. This company is now the major smartphone extracting platform in Russia.
The FBI has one of the most wanted hackers
A leak of Russian procurement records and court documents by the researchers allegedly revealed that the tools manufactured by the parallel group of Oxygen Forensic in Russia have been sold to government bodies, including the FSB and the Ministry of Internal Affairs of Russia, and have also been used in politically sensitive cases.
Also, Lautman and Luchkov point out that one of the investors in the parent Oxygen holding company was Eduard Bendersky, a licensed Russian businessman and a former FSB member.
Bendersky is the father-in-law of hacker Maxim Yakubets, who is believed by the FBI to be the leader of an underground criminal organisation called Evil Corp that has allegedly stolen tens of millions of dollars out of financial institutions and corporations all over the world.
The US even gave a reward of $5 million for information that would result in the arrest of one of the cybercriminals, Yakubets, which is one of the highest bounties that have been given to a criminal.
The US also banned Bendersky on allegations that he took advantage of his position to introduce Evil Corp to the Russian intelligence community and assisted in protecting its members.
So what is the significance of this concerning security?
The application of the Russian-based forensic tools in the US is not a novelty. Even as suspicion of Russian cyber activity was growing after Russian intervention in the 2016 election, Oxygen Forensics and other companies were providing extraction equipment to federal agencies in the US.
No evidence exists publicly of a direct operational partnership between the Russian intelligence services and the US agencies on the use of Oxygen software as well.
The CEO of Oxygen, Oleg Fedorov, has been eager to sever ties between the company and Russia, once telling Forbes that no employee in the company has ever worked with the modern incarnation of the KGB, the FSB.
“I am aware that each individual and each government has his/her objectives.” Fedorov added that he tries to keep as remote as possible from their objectives and to address mine.
However, it is recorded that “the digital forensic tools that were recorded as having Russian corporate provenance, history, and connections with Moscow security-related ecosystem, approved people and organisations, and parallel product development timelines are running within the US federal investigative apparatus,” Lautman and Luchkov wrote.
They also said that “Congress should look into the approval of these contracts, the type of safeguards that were established and why federal agencies are trusting technology that is connected to the security ecosystem of an enemy.”
Until then, Oxygen Forensics is registered as an active federal contractor until September 2026 and can potentially receive more federal payments.
