In 2017 Buzzfeed news has recently reported that an audio recording of court proceeding in Moscow, reported via the Russia outlet The Bell, indicates that Russian hacker Konstantin Kozlowsky confessed to having been part of the hacking attack on the DNC.
A Russian hacker issued a stunning confession in a Moscow courtroom earlier this year claiming that he hacked the Democratic National Committee on orders from the FSB, according to a courtroom recording that's been posted on Facebook. But as cybersecurity experts try to parse the supposed confession — and why it's only coming to light now — some are casting doubt on the hacker’s assertion.
The hacker's name is Konstantin Kozlovskiy. He is on trial alongside 50 other people for allegedly creating a virus called “Lurk” that targeted banking systems and allegedly stole 1.7 billion rubles (USD $28.7 million) from Russian banks. The hackers were caught in May 2016 after a joint investigation by the cybersecurity firm Kaspersky Lab, Russia’s Ministry of Internal Affairs, and the Federal Security Bureau or FSB, one of the successor agencies to the Soviet-era KGB intelligence service. Kozlovskiy is considered one of the leaders of the hacking group and faces 12 to 20 years in prison if found guilty of cybercrime and organizing a criminal group.
Kozlovskiy was ultimately convicted and remains in jail, but he has been talking from behind bars and has revealed additional information.
Most of the hackers indicted by Meuller were operatives from the GRU, but FSB had also implemented their own independent hack as noted by Crowdstrike and the FBI report.
Explosive unverified documents have alleged Russian officials obtained compromising information on President-elect Donald Trump. Although unproven, the claims build-upon months, if not years, of Russian intelligence gathering that has disrupted the American political system.
Behind the intel gathering are a number of hacking teams and organisations that leverage security weaknesses and poor practices to gather information. On December 29, the FBI and Department of Homeland Security named 48 Russian military and civilian intelligence gathering services, which have been involved with the "compromise and exploit[ing] of the US election.
[...]
The group has been, since 2007, linked to cyberattacks on French TV station TV5Monde, the World Anti-Doping Agency, and political targets at NATO.
[...]
Porter says ATP28 is able to operate at a large scale and has greater levels of preparation before attacks than state-sponsored Chinese hackers ("APT28 seems to have a pretty endless armoury of zero-days"). When asked for a potential number of people working under the banner, he was unwilling to commit to a figures.
"They not only have keyboard operators (the hackers), but they have software development teams, they've also got teams that work with media operations and can do several operations concurrently." He adds: "This is not a small teams.
I originally wrote about Kozlovskiy on the day in 2018 when Rod Rosenstein announced the two sets of indictments for 25 Russians who Robert Mueller had identified as being involved in the DNC hack and working for the St. Petersburg Troll farm. Buzzfeed continued.
Konstantin Kozlovsky, a member of the Russian hacking collective Lurk, reportedly said during an interrogation that the group came under investigation only after it attempted to steal 23 million rubles ($357,650) from the company Concord Catering. Until very recently, the Concord conglomerate was owned by Evgeny Prigozhin, a restaurateur whose ties to private military companies and the Putin administration have earned him the nickname “Putin’s chef.”
Concord Catering and Prigozhin happen to be the major benefactors behind the Intenet Research Agency who implemented that bots and trolls that performed disinformation operations and are the targets of Mueller second indictment. Apparently this hack was used by the FSB to gain more leverage on the company and forced them to use their resources to be more involved in the planned attack on America. More on this from Russia media outlet Meduza in November 2019.
According to a report by Znak.com, the Concord case became the trigger for prosecuting Lurk’s activities even though the group now stands accused of stealing more than three billion rubles ($46.65 million) from multiple other companies and banks. Kozlovsky himself has also claimed that he hacked the servers of the Democratic National Committee during the 2016 U.S. election on orders from his Federal Security Service (FSB) handlers.
According to Kozlovsky, FSB agents gave Lurk data from Concord Catering in a kind of self-interested sting operation: The hacker argued that his handlers intended to ‘catch’ his group after they had targeted someone close to Putin in order to “increase their own authority” within the FSB. Messages sent among the Lurk hackers in May 2016 indicate that the group was not aware of the fact that Prigozhin owned the company they were attacking.
Kozlovsky has named FSB employee Dmitry Dokuchayev as his primary handler. Dokuchaev was sentenced to six years in prison for treason in April 2019.
According to other reports from The Bell Dokuchayev had himself been an independent hacker until he was caught by the FSB with the help of Kaspersky Labs. He was then offered the standard hacker deal from FSB; come work for us and do your hacks on the entities we state or go to jail. He opted for Door #1 and again using Kaspersky eventually recruited Kozlovsky and others acting as his handler.
Not long after the hacks were made public Russia arrested Dokuchaev and others arguing that they had leaked information to the CIA.
Russia itself has indicted and arrested 3 hackers for allegedly sharing information with U.S. intelligence including FSB Colonel Sergey Mikhailov, FSB Major Dmitry Dokuchaev (again), and former Kaspersky Lab employee Ruslan Stoyanov who supposedly was the prime hacker catcher and recruiter for the FSB. Dokuchaev has pleaded guilty to these charges.
Either these individuals had been informants for the CIA or else they were simply accused of being traitors in order for them and their involvement in the DNC hack to be silenced.
However, Kozlovskiy is apparently willing to talk, and what he has to say blows away the claims that Ukraine had anything to do with the attacks on the DNC in 2016.