.png)
.png)
In the rapidly evolving landscape of cybercrime, Wyoming, a state once known for its rugged terrain and 19th-century bandits, is emerging as an unexpected hub for 21st-century outlaws. Recent revelations point to a troubling trend where limited liability companies (LLCs) based in Wyoming are allegedly playing a role in high-profile cyberattacks, raising questions about the state's business environment and the challenges posed by anonymous shell companies.
The Somali Journalists Syndicate found itself at the center of this digital battleground when, on the morning of August 17, a colleague was abducted by masked gunmen at the University of Mogadishu. The syndicate's chairman, Abdalle Ahmed Mumin, faced an additional challenge as digital sabotage had taken the syndicate's website and email accounts offline just days before. The syndicate's ability to communicate with the outside world, including international media, was crippled.
Mumin's frustration was palpable. He emphasized the critical role their website played as a link to the global media community, stating, "Our link to the outside world, to the international media, is our website." It was only with the assistance of Qurium, a Swedish nonprofit specializing in digital defense for news organizations and nonprofits, that Mumin managed to resurrect the syndicate's website and raise the alarm about the missing reporter.
Qurium's subsequent investigation led to a surprising discovery – the source of the digital outage traced back to Wyoming. Although the exact perpetrators remained elusive, Qurium identified the involvement of a limited liability company, Aliat, based in Sheridan, Wyoming. This revelation marked one of at least three instances in the past four months where Wyoming LLCs were implicated in high-profile hacking activities.
Wyoming's appeal to cybercriminals lies in its virtual Wild West, where registering anonymous shell companies is remarkably easy. Sarah Beth Felix, who runs Palmera Consulting, an anti-money laundering advisory firm, noted that Wyoming made it so convenient for foreign criminals to hide behind anonymous entities, stating, "They don’t have to be physically in Wyoming to hide out in Wyoming."
Joe Rubino, the general counsel for the Wyoming Secretary of State’s Office, acknowledged the concerns raised by these revelations and stated that the information flagged by Reuters was under review. He expressed support for new laws to prevent abuses of Wyoming’s corporate filing system by foreign entities. However, as of now, the state legislature had yet to address the matter.
The Somali Journalists Syndicate's case highlighted the impact of a distributed denial of service (DDoS) attack, a cyber sabotage method that inundates targeted sites with a deluge of malicious traffic. Qurium uncovered that one stream of rogue data flowed through an IP address block registered to Aliat, the Wyoming LLC. Despite attempts to contact Aliat, Reuters received no response. The LLC was dissolved on the same day the message was left but was later reinstated, adding a layer of mystery to the situation.
In a separate incident in September, the International Press Institute (IPI) faced a DDoS attack that took its website offline. The attack occurred shortly after the IPI published a report on how DDoS operations were affecting independent media outlets in Hungary. Qurium traced some of the rogue data back to another Wyoming LLC, a web hosting company called HostCram.
HostCram, run by a 23-year-old Bangladeshi named Shakib Khan, was registered in Buffalo, Wyoming, a city with historical ties to infamous train robbers Butch Cassidy and the Sundance Kid. Khan, in response to queries, cited Wyoming's appeal for online businesses as the reason for registering there. He mentioned terminating a client following the DDoS incident but provided no further details. Khan asserted that he would only disclose his client's identity to law enforcement.
The trend of cybercriminals exploiting Wyoming LLCs extends beyond domestic borders. In 2017, cybersecurity researchers traced digital break-ins and spam targeting various organizations to an online proxy service run by Russian IT entrepreneur Ilia Trusov. Despite public exposure and reports tying him to DDoS operations, Trusov registered two Wyoming LLCs, Security Servers, and Traffictransitsolution, in 2019.
In discussions with Reuters, Trusov defended his actions, claiming that he had no tolerance for cybercrime and often collaborated with law enforcement agencies to combat it. He acknowledged setting up shell companies in Wyoming to make web traffic appear American and to handle legal requests efficiently. The anonymity provided by Wyoming's business registration system was an additional incentive. Trusov's LLCs have since been dissolved, but the case underscores the challenges of regulating the use of anonymous entities for potentially illicit activities.
While Wyoming is not the sole state allowing the formation of anonymous shell companies – Delaware and Nevada offer similar services – hackers reportedly favor Wyoming LLCs for their cost-effectiveness and user-friendly registration process. Lundstrom from Qurium noted that these LLCs were particularly attractive to cybercriminals seeking to pass their internet traffic off as originating from within the United States. This tactic helps them bypass digital defenses that often scrutinize or block web traffic from less trusted locations like Russia or Iran.
The ease of setting up LLCs in Wyoming is facilitated by registered agents – in-state representatives who can serve as the public point of contact for LLCs, allowing owners to keep their identities secret. Cloud Peak Law Group and Registered Agents Inc, among others, are firms providing such services. However, the role of these registered agents has come under scrutiny, as critics argue that they should be more accountable for their clients.
Mumin, the head of the Somali Journalists' Syndicate, expressed frustration at the lack of accountability for the cyber sabotage that crippled his organization. He dismissed the idea that Wyoming's registered agents are not required to police their clients, stating, "They should be ashamed, these companies in Wyoming, that they haven’t been able to – or they don’t care to – check who their customers are."
The challenges extend beyond the realm of journalism, as other industries have also been affected. In August of this year, the anti-ransomware firm Halcyon accused an Iran-linked internet company called Cloudzy of providing services to a "rogue's gallery" of digital spies and cybercriminals. Sheridan-based RouterHosting LLC, a Wyoming shell company, was implicated in facilitating these activities.
Cloudzy's chief executive, Hannan Nozari, denied turning a blind eye to malicious activity, emphasizing the broader issue of cybercrime faced by everyone. Nozari, based in Dubai, registered RouterHosting under the mistaken assumption that it was necessary to buy internet infrastructure in North America. He highlighted recent efforts to enhance his service's security and mentioned the dissolution of the Wyoming-based company.
As foreigners living abroad, individuals like Nozari, Trusov, and Khan would not have been able to set up Wyoming LLCs without the assistance of registered agents. RouterHosting enlisted the services of Cloud Peak Law Group, while Aliat, HostCram, and Trusov's LLCs were represented by Registered Agents Inc. These registered agents, however, maintain that they follow relevant state rules and due diligence requirements and emphasize that they are not policing agencies.
The ongoing revelations about Wyoming's role in cybercrime raise broader questions about the balance between facilitating legitimate businesses and preventing the misuse of anonymous entities for illicit activities. The global community faces the complex challenge of navigating the appeal of Wyoming's business-friendly environment with the risks posed by cybercriminals exploiting its LLC registration system.
In the absence of concrete legislative action from Wyoming's state government, the virtual Wild West of its business landscape continues to attract those seeking to operate in the shadows of anonymity, posing significant challenges for cybersecurity and law enforcement agencies alike. As investigations persist, the international community must grapple with the complexities of regulating business environments that inadvertently foster cyber outlaws in the digital age.
By fLEXI tEAM
Comments