Brian Krebs has been doing what he does best, following a trail of clues scattered across the internet and joining the dots.
This week he followed-up on information shared with him by security researcher Ron Guilmette, who uncovered "interesting commonalities" in website registration records, revealing strange links between a Russian security firm called Infocube (also known as Infokube) and the notorious Carbanak cybercrime gang.
Carbanak, of course, has been blamed for stealing hundreds of millions of dollars, after targeting e-payment systems and installing malware on ATM infrastructure that resulted in theft from cash machines.
Infokube, meanwhile, claims to work with some of the best known firms in computer security.
Krebs reached out to Artem Tveritinov, Infokube's apparent CEO, to ask if he had any explanation for the website registration details showing such similarities:
"Our company never did anything illegal, and conducts all activities according to the laws of Russian Federation," Tveritinov said in an email. "Also, it’s quite stupid to use our own personal data to register domains to be used for crimes, as [we are] specialists in the information security field."
Krebs reports that as he sent Tveritinov questions by email, the Russian deleted his social media presence:
"I noticed that the Vkontakte social networking profile that Tveritinov had maintained regularly since April 2012 was being permanently deleted before my eyes. Tveritinov’s profile page and photos actually disappeared from the screen I had up on one monitor as I was in the process of composing an email to him in the other."
Read the whole fascinating story on Krebs on Security.