Mastodawn

Master Squinter Feb 23

Really enjoyed this scoop from the Financial Times, where a team of reporters identified 48 seemingly independent companies working from different physical addresses that appear to be operating together to disguise the origin of Russian oil, particularly from Kremlin-controlled Rosneft. The kicker: The network was discovered because they all share a single private email server.

From the (paywalled) story:

"The FT was able to identify 442 web domains whose public registrations show they all use a single private server for their email, “mx.phoenixtrading.ltd”, showing that they share back-office functions."

"The FT was then able to identify companies by comparing the names in the domain to those of entities that appear in Russian and Indian customs records as involved in carrying Russian oil."

"For example, Foxton FZCO, a Dubai-based entity listed as the buyer of $5.6bn of oil in Russian export filings, matches “foxton-fzco.com”. Similarly, Advan Alliance, an entity listed in Indian filings as having sold $1.5bn of Russian oil into the country, can be linked to “advanalliance.ltd”. "

"Filings linked by the FT to the domain list show oil exports from Russia amounting to more than $90bn."

https://www.ft.com/content/4310f010-2b3c-493e-ba0a-26dc6d156b2e

Email blunder exposes $90bn Russian oil smuggling ring

Apparent network of companies using same server includes little-known group that has become country’s largest oil exporter

Financial Times

Wendy Nather Feb 23

@briankrebs That’s amazing sleuth work.

Erik Ableson Feb 23

@wendynather @briankrebs Amusingly it seems that they have migrated all of their mail services to Microsoft Office since the article came out.

So if some government wanted to apply sanctions, all they need to do is knock at Microsoft's door and ask nicely (with court order in hand)

Cassandrich Feb 23

@erik @wendynather @briankrebs Lovely how they'll enforce sanctions against ICC officials but not Russian oil smugglers.

Erik Ableson Feb 23

@dalias @wendynather @briankrebs Yeah - there was an attempt by the EU against a Rosneft backed Indian company last summer, but MS backed down from what I can gather: https://www.theregister.com/2025/08/04/nayara_energy_microsoft_india/

It's all very messy and makes me think... lots of things...

Microsoft briefly turned off Indian company’s cloud, perhaps due to EU sanctions on Russia

: Oh, the irony of Europe demonstrating the importance of the sovereign cloud it craves

The Register

TrimTab 🇺🇦Feb 23

@erik @wendynather @briankrebs
Nice one! Lets sanction Microsoft if they continue to aid and abet these criminals! :-)

@briankrebs The world has gotten a lot more complex over the last few years.

This is amazing to read.

Hänzi Pōtter Feb 23

@briankrebs here's an archived version of the article https://archive.is/KLEdU

@briankrebs email will be our downfall. When mankind eventually goes extinct I am pretty sure it will be because of a private email server...

SnowBlind2005 Feb 23

90 Billion dollar scheme and you are too cheap to buy random hosting services around the world, but no, let's step it up another dumb notch and use the vanity .ltd top level domains.
Billionaires are bad at crime because there's no consequences for them.

Dima Pasechnik 🇺🇦 🇳🇱Feb 23

@SnowBlind2005 @briankrebs the skillset required to host email is apparently very rare in Russia...

@SnowBlind2005 @briankrebs Sys Admin just fell out of a window.

Nu Modular Feb 23

@briankrebs Although international courts seem to hold zero clout nowadays, the violators should be relegated to refining Venezuelan crude, and only get to use 10% of it. The rest should go to rebuilding Ukraine's infrastructure, and Venezuela's leadership.

Passwordsarehard4 Feb 23

@numodular @briankrebs if international courts held any clout at all Venezuelan oil would be refined by Venezuela (or their authorized agents) and they would keep all of it.

Nu Modular Feb 23

@passwordsarehard4 I can root back to early developmental education, forming malleable adults, instead of authoritarian autocracies, invading sovereign countries.

Now what?.. make Behavioral Science core education?..

Not if fossil fuels has anything to say about it.

ṫẎℭỚ◎ᾔ ṫ◎ℳ Feb 23

@briankrebs the Achilles’ heel was a single email 📧 address 🤔

@briankrebs the FT does such great reporting - am a big fan especially of the way they have followed the Sanjeev Gupta / GFG / Liberty Steel saga over the years.

But even the most basic level of their tiered subscription is just way way way out of my mere mortal price range. 🤷🏽‍♂️

@briankrebs While I love reading about this sort of thing, I also always think to myself "Don't tell us the stupid opsec thing they're doing; they might stop doing it."

I_give_u_worms Feb 23

@briankrebs why are the Russians spending so much on social media trolling? Oh. Oh jeez.

decapitae Feb 23

@briankrebs Confiscate those funds and send them to Ukraine! ✊

I_give_u_worms Feb 23

When you want to talk to Russia but Jeffrey Epstein is dead, Qatar and Saudi Arabia might be the place to go

I_give_u_worms Feb 28

@briankrebs grok had been given total access to the DoD computing system and I think the only defense is some of it must be so old as to be incomprehensible

Robin Barton Feb 23

@briankrebs Makes you wonder why western government intelligence agencies were not able to find it

David J. Atkinson Feb 23

@Robo105 @briankrebs They’re not saying

AskPippa🇨🇦Feb 23

@briankrebs Shows the value of legacy media.

Jack 👾Feb 23

@briankrebs so clever. If everyone is on a private message system you can keep all the evidence silod.

David J. Atkinson Feb 24

@briankrebs @tchambers Yes. Me too. Some of those criminal masterminds ought to be worried about the Mission Impossible team (or whatever the real-world equivalent is called) paying them a visit.

Petr Skála Mar 6

@briankrebs ❗❗❗