By Raphael Satter
WASHINGTON (Reuters) - Amid the cascade of U.S. sanctions imposed Thursday on Russian cybersecurity companies and officials alleged to be operating on behalf of the Kremlin's intelligence services, one company stood out: the Fresh Air Farm House in Karachi, Pakistan.
The Farm House, whose Facebook page https://www.facebook.com/FreshAirFarmHouseKarachi shows a waterpark-equipped holiday rental, is run by 34-year-old Mohsin Raza, one of two founders of an online fake ID business that prosecutors say helped Russian operatives get a toehold in the United States.
According to a U.S. Treasury statement and an indictment issued this week by federal prosecutors in New Jersey, Raza operated a digital fake ID mill, churning out images of doctored drivers' licenses, bogus passports and forged utility bills to help rogue clients pass verification checks at U.S. payment companies and tech firms. The six-count indictment charges Raza with making false documents and aggravated identity theft.
Reuters reached Raza in Pakistan at a telephone number provided by the U.S. Treasury's sanctions list. He confirmed his identity and acknowledged being a digital counterfeiter, saying he used "simple Photoshop" to alter ID cards, bills, and other documents to order.
Raza - who said he's also dabbled in graphic design, e-commerce and cryptocurrency - denied any wrongdoing, saying he was merely helping people access accounts that they'd been frozen out of.
Among his customers, the New Jersey indictment alleges, was an employee of the Internet Research Agency - an infamous Russian troll farm implicated by U.S. investigators, media reports, leaked documents, and former insiders in efforts to interfere in U.S. elections. The IRA employee used Raza's services in 2017 to procure forged drivers' licenses to support the identity of fake accounts on Facebook, according to the indictment.
Facebook Inc (NASDAQ:FB) did not immediately offer any comment. Raza said he didn't track who used his service.
He said inspiration for his business came several years ago when a PayPal account which he had opened under an alias was locked, trapping hundreds of dollars he'd received for optimizing online search results.
Unwilling to forgo what he described as "hard-earned real money," he Photoshopped an identity document under his alias' name. Once PayPal unfroze his account, he realized he had stumbled on a good idea and the business took off from there. His site, Second Eye Solutions, boasted of "6,000 & more satisfied clients" before Raza pulled it down Thursday morning.
The old website featured scores of customer reviews thanking Second Eye for providing bogus identity documents used to verify accounts - mostly with PayPal. PayPal Holdings Inc (NASDAQ:PYPL) had no immediate comment.
Money earned from the fake ID business was poured into the construction of the Fresh Air Farm House, Raza said. The facility, which features three bedrooms, a playing field, a water slide, and a BBQ area, is now on a U.S. list of sanctioned entities alongside Russian oligarchs and defense contractors.
Raza's business is an example of how transnational cybercrime can serve as a springboard for state-sponsored disinformation, said Tom Holt, who directs the School of Criminal Justice at Michigan State University.
The alleged use by Russian operatives of a Pakistani fake ID merchant to circumvent American social media controls "highlights why this globalized cybercrime economy that touches so many areas can be a perfect place to hide - even for nation-states," he said.
Holt said that the sanctioning of the Farm House appeared to be a signal to the cyber-criminal milieu about steering clear of Russian actors.
"To the extent that you can't deter through direct action, you can get some of these facilitators on notice," Holt said.