- Thomson Reuters
- A Russian hacker told a Moscow court in August that he was ordered to hack the Democratic National Committee by Russian intelligence agents at the FSB.
- The hacker was arrested in mid-2016 on charges relating to his work with a notorious hacking collective.
- Kozlovsky’s work with the FSB could undermine the Kremlin’s repeated claims that it had nothing to do with DNC hacks in late 2015.
A Russian hacker believed to be a member of a hacking collective called Lurk said in court over the summer that he was ordered by Russia’s security services, known as the FSB, to hack the Democratic National Committee.
The hacker, Konstantin Kozlovsky, told a Moscow court in August of this year that his nine-member hacking group – which has been accused of stealing over $17 million from Russia’s largest financial institutions since 2013 – has been cooperating with the FSB for several years, according to the independent Russian news outlet The Bell. Part of that cooperation included hacking the DNC, he said.
Kozlovsky said during a hearing on August 15 that he “performed various tasks under the supervision of FSB officers,” including a DNC hack and cyberattacks on “very serious military enterprises of the United States and other organizations.”
Minutes from the hearing, as well as an audio recording, were posted on Kozlovsky’s Facebook page. The Bell said it confirmed their authenticity with two sources, including a person who was present at the hearing. Kozlovsky also posted a letter that he wrote on November 1, 2016. The letter outlined what he said was his work for the FSB, which he said had spanned nearly a decade and, most recently, involved attacking the DNC servers.
Kozlovsky identified his FSB handler as Dmitry Dokuchaev, a cybersecurity expert who worked as a hacker under the alias “Forb” before joining the FSB. Dokuchaev has been linked to a group of hackers known as Shaltai Boltai, or Humpty Dumpty, that has published emails from Prime Minister Dmitry Medvedev and other Kremlin officials.
The cybersecurity firm CrowdStrike publicly concluded in June 2016 that hackers associated with the FSB breached the DNC in late 2015. WikiLeaks published internal committee emails during the Democratic National Committee in July 2016.
He ‘did everything they said’
Kozlovsky also named Ruslan Stoyanov, a key cybercrime investigator at the Russian cybersecurity firm Kaspersky who was arrested last December along with Dokuchaev and Sergei Mikhailov, the deputy head of the information security department of the FSB.
Mikhailov has been accused of giving US intelligence officials information about a server-rental company, King Servers, through which Russian hackers have been known to attack the US, Russian newspaper Novaya Gazeta reported last December. The Bell reported earlier this month that he could soon be charged with treason.
Dokuchayev and Stoyanov have been in pretrial detention since last December on treason charges, according to independent Russian news outlet Meduza.
Stoyanav was the one who initially helped put Kozlovsky in jail, said Russian investigative journalist and security services expert Andrei Soldatov, author of The Red Web: The Struggle Between Russia’s Digital Dictators and the New Online Revolutionaries.
Soldatov said on Monday that Kozlovsky’s story could be “interesting.” But he cautioned that in the four months he has been in touch with Kozlovsky, the hacker has “failed” to provide any concrete evidence that he had hacked the DNC at the FSB’s instruction.
If confirmed, Kozlovsky’s work with the FSB could undermine the Kremlin’s repeated claims that it had nothing to do with DNC hacks during the 2016 campaign. And it would fit a consistent pattern in which Russian intelligence officials recruit skilled hackers to engage in cybercrime.
Hiring elite criminal hackers, or cultivating them from a young age, has allowed Russian intelligence agencies like the FSB and the GRU (Russia’s military intelligence arm) both to improve their foreign espionage capabilities and keep potentially rogue hackers under government control.
The New York Times’ Andrew Kramer reported on this phenomenon last December, writing that “for more than three years, rather than rely on military officers working out of isolated bunkers, Russian government recruiters have scouted a wide range of programmers, placing prominent ads on social media sites, offering jobs to college students and professional coders, and even speaking openly about looking in Russia’s criminal underworld for potential talent.”
“If you graduated from college, if you are a technical specialist, if you are ready to use your knowledge, we give you an opportunity,” one of these ads read, according to the Times.
Kozlovsky, for his part, wrote in his November 1 letter that he began cooperating with the FSB in 2008, when he was just 16 years old. He said he was recruited by Dokuchaev and “did everything they said.”