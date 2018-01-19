DNC’s Alleged Hacker’s Claims & Contradictions Raise Doubts In InfoSec Industry by Adam Carter – DisObedient Media

Konstantin Kozlovskiy, a Russian hacker, made headlines throughout December with the revelation that he had confessed to hacking the Democratic National Committee, a story that even seemed to drag Kaspersky’s name into the mix. First came the claims he was responsible for hacking the DNC and doing so on orders from someone within the FSB, then came a second wave in the media with the added claim from Kozlovskiy that he had inserted a “poison pill” on the DNC’s servers in the form of data stored in a file with a “.dat” extension.

The mainstream press, however, hasn’t reported everything about Kozlovskiy and his claims.

With a few exceptions (Jane Lytvynenko & Kevin Collier writing for BuzzFeed being a good example), many are leaving out important context, omitting contradictory details and have chosen not to report some of the more outlandish claims that have been made by Kozlovskiy.

Many also avoided reporting on how Mikhailov and Stoyanov were investigated and found to have ties to the United States Intelligence Community through Dmitry Levashov and Kimberley Zenz (fellow at the Atlantic Council) even though the article many references contains a chart outlining the connections and the details of Burykh’s efforts to uncover dirt on Mikhailov.

Kozlovskiy’s Social Media Activity

While Kozlovskiy has been detained, his Facebook account has been active with the earliest post being made on August 14, 2017. It is, according to Kozlovskiy’s wife, Anya, being managed by a “trusted person”. Kozlovskiy’s lawyer, when questioned by reporters working for BuzzFeed, declined to comment.

Irek Murtazin, a correspondent for Novaya Gazeta, has questioned how Kozlovskiy’s Facebook page went unnoticed by reporters for months. Murtazin said he routinely monitors social media for the hashtags and topics that appear on Kozlovskiy’s page, but he didn’t see any of the posts previously.

It does seem a little odd that Kozlovskiy’s posts had remained invisible to many until recently but stranger than that – is some of the content in his posts.

The FSB’s Amazing Malware

In one of Kozlovskiy’s Facebook posts (addressed to Robert Mueller), he claims that many Americans were infected with a virus that could alter their news results and what they see on social media. As BuzzFeed recently reported:

In it, the hacker claims the FSB has created an astoundingly powerful hacking tool, one that makes it possible to distort what users see on their screens, no matter which device — phone, laptop, desktop, or tablet — a person might be using.

The virus Kozlovskiy mentioned in his Facebook post appears to be unknown (both by name and by nature) and some in the infosec industry have already expressed disbelief, such as FireEye’s Ben Read, who stated:

You have some people using Internet Explorer, some people using Chrome. It would need a lot of capabilities to do this across all of the websites you use. Are you using Tweetdeck? Are you on Facebook, Google News? There are so many avenues that it becomes prohibitive to do at the scale being described.

Hacker Was Detained Before DNC Emails Were Acquired

If the implication of Kozlovskiy’s statement is intended to be that he was behind the DNCLeaks published by WikiLeaks, there’s a problem – he was detained before they were even acquired.

Kozlovski was arrested and detained on May 18, 2016 in relation to hacking Russian banks and his role as one of the leaders of a hacking group called “Lurk”.

The emails published by WikiLeaks had dates running as late as May 25, 2016.

So, at least in relation to what WikiLeaks published, it would seem Kozlovskiy certainly won’t have been the person who acquired those emails.

It’s important to note, though, that this doesn’t necessarily debunk Kozlovskiy’s claims. He could, in theory, have created malware or carried out hacking that enabled others to retrieve the emails after he was detained. He could also have been involved in an earlier breach of some sort at the DNC, after all, Cozy Bear (APT29) malware is thought to have been on the DNC network since Summer 2015.

