DNC’s Alleged Hacker’s Claims & Contradictions Raise Doubts In InfoSec Industry


by Adam Carter, Disobedient Media:

Konstantin Kozlovskiy, a Russian hacker, made headlines throughout December with the revelation that he had confessed to hacking the Democratic National Committee, a story that even seemed to drag Kaspersky’s name into the mix. First came the claims he was responsible for hacking the DNC and doing so on orders from someone within the FSB, then came a second wave in the media with the added claim from Kozlovskiy that he had inserted a “poison pill” on the DNC’s servers in the form of data stored in a file with a “.dat” extension.

The mainstream press, however, hasn’t reported everything about Kozlovskiy and his claims.

With a few exceptions (Jane Lytvynenko & Kevin Collier writing for BuzzFeed being a good example), many are leaving out important context, omitting contradictory details and have chosen not to report some of the more outlandish claims that have been made by Kozlovskiy.

Many also avoided reporting on how Mikhailov and Stoyanov were investigated and found to have ties to the United States Intelligence Community through Dmitry Levashov and Kimberley Zenz (fellow at the Atlantic Council) even though the article many references contains a chart outlining the connections and the details of Burykh’s efforts to uncover dirt on Mikhailov.

Kozlovskiy’s Social Media Activity

While Kozlovskiy has been detained, his Facebook account has been active with the earliest post being made on August 14, 2017. It is, according to Kozlovskiy’s wife, Anya, being managed by a “trusted person”. Kozlovskiy’s lawyer, when questioned by reporters working for BuzzFeed, declined to comment.

Irek Murtazin, a correspondent for Novaya Gazeta, has questioned how Kozlovskiy’s Facebook page went unnoticed by reporters for months. Murtazin said he routinely monitors social media for the hashtags and topics that appear on Kozlovskiy’s page, but he didn’t see any of the posts previously.

It does seem a little odd that Kozlovskiy’s posts had remained invisible to many until recently but stranger than that – is some of the content in his posts.

The FSB’s Amazing Malware

In one of Kozlovskiy’s Facebook posts (addressed to Robert Mueller), he claims that many Americans were infected with a virus that could alter their news results and what they see on social media. As BuzzFeed recently reported:

In it, the hacker claims the FSB has created an astoundingly powerful hacking tool, one that makes it possible to distort what users see on their screens, no matter which device — phone, laptop, desktop, or tablet — a person might be using.

The virus Kozlovskiy mentioned in his Facebook post appears to be unknown (both by name and by nature) and some in the infosec industry have already expressed disbelief, such as FireEye’s Ben Read, who stated:

You have some people using Internet Explorer, some people using Chrome. It would need a lot of capabilities to do this across all of the websites you use. Are you using Tweetdeck? Are you on Facebook, Google News? There are so many avenues that it becomes prohibitive to do at the scale being described.

Hacker Was Detained Before DNC Emails Were Acquired

If the implication of Kozlovskiy’s statement is intended to be that he was behind the DNCLeaks published by WikiLeaks, there’s a problem – he was detained before they were even acquired.

Kozlovski was arrested and detained on May 18, 2016 in relation to hacking Russian banks and his role as one of the leaders of a hacking group called “Lurk”.

The emails published by WikiLeaks had dates running as late as May 25, 2016.

So, at least in relation to what WikiLeaks published, it would seem Kozlovskiy certainly won’t have been the person who acquired those emails.

It’s important to note, though, that this doesn’t necessarily debunk Kozlovskiy’s claims. He could, in theory, have created malware or carried out hacking that enabled others to retrieve the emails after he was detained. He could also have been involved in an earlier breach of some sort at the DNC, after all, Cozy Bear (APT29) malware is thought to have been on the DNC network since Summer 2015.

Other Questionable Hacking Claims

Kozlovskiy has also made things unnecessarily difficult for himself regarding his credibility because he has also claimed responsibility for hacking WADA (World Anti-Doping Association), a hack that appears to have been carried out months after Kozlovskiy was detained and – with it being “Fancy Bear” (APT28), it would have been the GRU(according to US intelligence and cyber-security industry sources) rather than FSB being behind that hack.

As The Bell reports:

In his testimony and letters Kozlovsky claims that in recent years he allegedly received from the FSB tasks “to conduct events” in the US and EU countries. From the first letter of Kozlovsky it follows that he allegedly was involved in many other resonant hacker attacks, including the hacking of the World Anti-Doping (WADA) servers. But WADA reported this attack only in September 2016, and the first leak of documents stolen as a result of this attack occurred in August. Kozlovsky had already been in jail for at least three months. In addition, the attack on WADA was the hacking group Fancy Bear, and her US intelligence services are not connected with the FSB, but with the GRU.

Kozlovskiy has claimed to have carried out a hack a considerable amount of time after he was detained. This in itself raises questions about the veracity of Kozlovskiy’s claims.

He goes even further, claiming to have had a hand in the creation of the WannaCry ransomware, something he claimed in an interview with the TV channel Dozhd.

Timing In Relation To Alleged FBI Bribery of Yevgeniy Nikulin

The timing of Kozlovskiy’s allegations is interesting too.

His statements were made in November 2016, just one month after another hacker, Yevgeniy Nikulin had been arrested for hacks against LinkedIn, Dropbox and Formspring between 2012 and 2013.

Nikulin has stated in a letter, passed to his lawyer Martin Sadilek and reported by Moscow Times, that, after his arrest on October 5, 2016, he was visited by the FBI several times, the first of which were on 14-15 November, 2016.

During those visits, Nikulin alleges that the FBI had asked him to confess to hacking John Podesta’s emails. To quote the Newseeek article that reported it:

the FBI visited him at least a couple of times, offering to drop the charges and grant him U.S. citizenship as well as cash and an apartment in the U.S. if the Russian national confessed to participating in the 2016 hacks of Clinton campaign chief John Podesta’s emails in July.

And in a letter sent to CurrentTime TV, he claims he was visited in February, 2017, and was told:

You must say that it was you who broke H. Clinton’s mail that you prepared and penetrated into the democratic network and polling stations on Putin’s orders, you will name the accomplices, agree with extradition, and in America we will solve all the issues, live in an apartment and we will provide for all of you.

He claims he was offered U.S. citizenship, cash and an apartment in the U.S. if he was willing to confess to the hacking (according to the NewsWeek article).

Of course, correlation isn’t causation, these things could be coincidental by chance, but if Nikulin’s claims are true, it would mean the FBI were looking for hackers to act as a fall-guy/scapegoat/etc just prior to Kozlovskiy’s allegations being made.

Dmitry Dokuchaev

It has been reported that Kozlovskiy has said he was ordered to hack the DNC (to help Trump) by an FSB Major named Dmitry Dokuchaev, whom, according to Kozlovskiy, was operating under the pseudonym “Ilya”.

However, it is also reported that Dokuchaev had previously operated under the pseudonym “Forb” before joining the FSB and that he had ties to Shaltai Boltai (aka Humpty Dumpty), a hacking group that hacked Russian officials and published their emails.

Read More @ DisobedientMedia.com