Investigation: Burisma Holdings

7 min readJan 14, 2020


This is an active investigation into Burisma Holdings and Area 1 Security.

The article was last update on January 14, 2020.

In May 2005, Oleg Falkowitz was hired as a press assistant at the United States House of Representatives.

In February 2006, Oleg Falkowitz left his position at the United States House of Representatives.

The same month, Oleg Falkowitz was hired as an analyst at the National Security Agency.

In February 2008, Oleg Falkowitz was hired as the Iran Mission Manager and Special Assistant For Policy and Cybersecurity at the Office of the Director of National Intelligence.

In February 2009, Oleg Falkowitz left his position at the Office of the Director of National Intelligence.

In August 2010, Oleg Falkowitz was hired as Director of Technology and Data Science Program (J2 — Intelligence) at the United States Cyber Command.

In July 2012, Oleg Falkowitz left his position at both the United States Cyber Command and the National Security Agency.

The same month, Oren Falkowitz co-founded the organisation sqrrl and became the Chief Executive Officer.

In January 2013, Falkowitz left his position at sqrrl.

In November 2013, Oren Falkowitz, Blake Darché and Phil Syme founded the organisation Area 1 Security.

On June 12, 2016, Nicole Perlroth published the article “A Computer Security Start-Up Turns the Tables on Hackers” in The New York Times, which featured a photograph of Oren Falkowitz and Blake Darché as well as an interview with Falkowitz about Area 1 Security.

On January 10, 2017, Oren Falkowitz published the article “U.S. Cyber Policy Makes Americans Vulnerable to Our Own Government” in TIME.

On May 12, 2017, Jeff Stein published the article “Exclusive: Russian Hackers Attacked The 2008 Obama Campaign” in Newsweek, which stated two targets of the Russians during the 2008 presidential campaigns were Steve Hildebrand and Tommy Vietor.

“The role of Russia in attacks on the 2008 attacks of Obama and his Republican rival, Senator John McCain of Arizona, has not been previously reported. On the eve of a U.S.-China summit meeting in 2013, U.S. intelligence officials told NBC News that Beijing alone was responsible for a 2008 cyber attack on the Obama and McCain campaigns.” — Newsweek

“State-sponsored Russian hackers have been targeting United States officials and politicians since at least 2007 through phishing attacks.” — Blake Darché

The same day, Blake Darché published the article “Once a Target, Always a Target” in Medium, which was about “Cozy Bear”.

Between July 17–19, 2017, Oren Falkowitz, John Brennan, Andrea Mitchell and David Sanger attended the Fortune Brainstorm Tech Conference in Aspen, CO.

“It is not the role of our government to protect everyone in the company over business issues.” — Oren Falkowitz

On August 28, 2018, Americans For Cybersecurity registered their official website.

The donation link does not work.
That is latin repeated on a page about elections.

In October 2018, Oleg Falkowitz became the President of Americans For Cybersecurity.

On February 20, 2019, Oren Falkowitz and Representative John Delaney held a talk with each other hosted by Area 1 Security.

Between March — April 2019, “Fancy Bear” created a series of fake domains for Kvartal 95, an organisation founded by Volodymyr Zelenskiy.

In June 2019, President Zelensky appointed Ivan Bakanov as the head of Ukraine’s Security Service.

The same month, Tim Schlein was hired as an Executive Director at Americans For Cybersecurity.

On June 3, 2019, the Federal Election Commission’s legal team issued two draft opinions to prevent Area 1 Security from offering low-to-no cost cybersecurity to presidential campaigns due to the potential to curry favour with future politicians.

The same day, Ken Dilanian published the article “Ex-NSA hacker wants to give 2020 candidates free cybersecurity tool. The FEC may stop him” in NBC News.

On June 6, 2019, the Federal Election Commission met with Area 1 Security for a hearing, including Oren Falkowitz.

On June 7, 2019, Shannon Vavra published the article “Ruling possible soon on legality of discounted anti-spearphishing services for campaigns” in CyberScoop, which discussed a request from Area 1 Security to the Federal Election Commission to offer low-to-no cost cybersecurity to presidential campaigns.

On June 12, 2019, Area 1 Security, through Daniel A. Petalas at Garvey Schubert Barer PC, sent a letter to the Federal Electoral Commission to determine whether the company could offer low-to-no cost cybersecurity services to presidential campaigns.

After June 12, 2019, the Federal Election Commission met with Area 1 Security.

“It wasn’t until a meeting in June, when the FEC was reviewing an initial request from Area 1 to offer its services to campaigns, that the two sides came to understand each other.” — CyberScoop

On June 26, 2019, Ellen Weintraub at the Federal Electoral Commission sent a memorandum to Lisa J. Stevenson, Neven F. Stipanovic, Robert M. Knop and Joseph P. Wenzinger about the draft advisory opinion, which was addressed to Daniel A. Petalas at Garvey Schubert Barer PC about Area 1 Security’s request to offer low-to-no cost services to presidential campaigns.

In July 2019, the Burisma website apparently started to suffer from potential hacking attacks.

“A source close to Burisma said the company’s website had been subject to multiple break-in attempts over the past six months but did not provide further details.” — Reuters, January 14, 2020

On July 10, 2019, Americans For Cybersecurity updated their website.

The same day, Oren Falkowitz donated $1,337.00 twice to Senator Elizabeth Warren.

On July 11, 2019, the Federal Election Commission approved a request from Area 1 Security to offer low-to-no cost services (flat annual fee $1,337.00) to presidential campaigns.

On July 25, 2019, President Trump had a telephone call with President Volodymyr Zelensky.

On September 18, 2019, Oren Falkowitz donated $1,337.00 twice to Senator Cory Booker.

On October 28, 2019, Casey Tolan interviewed Oren Falkowitz for The Mercury News.

In early November 2019, Russian military hackers, also known as “Fancy Bear”, attempted to hacked into Burisma through using fake sign-in pages and false e-mails for Burisma subsidiaries, according to Area 1 Security.

“Then, as now, the Russian hackers from a military intelligence united known formerly as the G.R.U., and to private researchers by the alias ‘Fancy Bear,’ used so-called phishing emails that appear designed to steal usernames and passwords, according to Area 1, the Silicon Valley security firm that detected the hacking. In this instance, the hackers set up fake websites that mimicked sign-in pages of Burisma subsidiaries, and have been blasting Burisma employees with emails meant to look like they are coming from inside the company.
The hackers fooled some of them into handing over their login credentials, and managed to get inside one of Burisma’s servers, Area 1 said.”
“The Russian attacks on Burisma appear to be running parallel to an effort by Russian spies in Ukraine to dig up information in the analog world that could embarrass the Bidens, according to an American security official, who spoke on the condition of anonymity to discuss sensitive intelligence. The spies, the official said, are trying to penetrate Burisma and working sources in the Ukrainian government in search of emails, financial records and legal documents.” — The New York Times

“The operation’s launch coincided with a congressional impeachment inquiry into Trump and whether he abused his office by seeking to press Ukrainian President Volodymyr Zelensky into announcing a probe of Burisma and Hunter Biden — an action that conceivably would aid Trump’s reelection bid.” — The Washington Post

On November 7, 2019, Casey Tolan published the article “Q&A: Oren Falkowitz, the former NSA hacker defending presidential campaigns from online attacks” in The Mercury News.

Between November 11 — December 3, 2019, “Fancy Bear” created a series of decoy domains for Burisma Holdings.

By December 12, 2019, Warren For President, Inc. filed their disbursements by payee, which mentioned that Area 1 Security had a disbursement of $1,337.00.

On December 31, 2019, researchers at Area 1 Security discovered a G.R.U. phishing campaign on Ukrainian companies.

“Asked whether he had notified Burisma of the Russian campaign, Falkowitz acknowledged that the company had made a ‘series of disclosures’. He declined to comment on ‘who we spoke with prior to releasing, but it was consistent with responsible standards’.” — CNN

Between January 1–12, 2020, Area 1 Security noted that the G.R.U. phishing campaign was connected to subsidiaries of Burisma Holdings, which included the following:

At some stage, the false domains were reviewed by Kyle Ehmke at ThreatConnect.

On January 13, 2020, Area 1 Security published their report, “Phishing Burisma Holdings”.

The same day, Nicole Perlroth and Matthew Rosenberg published the article “Russians Hacked Ukrainian Gas Company at Center of Impeachment” in The New York Times.

Also the same day, Representative Adam Schiff was interviewed by Rachel Maddow for The Rachel Maddow Show about the Burisma Holdings hack by “Fancy Bear”.

On January 14, 2020, Ellen Nakashima, with contributions from Greg Bensinger, published the article “Russian spies hacked Ukrainian gas company at heart of Trump impeachment trial” in The Washington Post, which featured quotes from Falkowitz.

The same day, Christopher Bing and Raphael Satter, with contributions from Polina Ivanova, published the article “Russian hackers targeted Ukrainian company at center of impeachment storm: cybersecurity firm” in Reuters.