Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea
Posted: Tue Mar 06, 2018 2:24 pm
Polly Sigh
Sources familiar with the suspects: The Russian treason case was launched because FSB colonel Sergey Mikhailov & his subordinate Dmitry Dokuchaev helped US intel agencies identify the hackers who stole data from the Democratic Party.‘The Defense Ministry hacks servers blatantly and clumsily’ An investigative report by The Bell shows how an institutional rivalry in Russian policing may tie Moscow to the cyber-attack on the U.S. Democratic Party
The Bell10:21, 5 december 2017
An employee at Secureworks, which investigated the Fancy Bear cyber-attack on the Democratic Party. October 4, 2017
Marina Hutchinson / AP / Scanpix / LETA
According to a new investigative report by Svetlana Reiter, published by The Bell, an unnamed source claims that former Russian Federal Security Service colonel Sergey Mikhailov, who’s now on trial in Russia for treason, may have provided U.S. officials with information about the hacker attacks on the Democratic Party. Meduza summarizes Reiter’s article.
Sergey Mikhailov was arrested a year ago today, on December 5, 2016, but almost nothing is known about the charges against him, though we do know that the treason case names four defendants from the Federal Security Service (FSB). Ivan Pavlov, a lawyer for one of these suspects, says he believes the case was classified so the defendants “wouldn’t be able to say anything more.” Three sources familiar with the suspects told The Bell that the case was launched because Mikhailov and his accomplices helped American intelligence agencies identify the hackers who stole data from the Democratic Party. The Bell was unable, however, to verify this information independently.
According to the U.S. intelligence community, the Russian Defense Ministry’s Main Intelligence Directorate (GRU) is responsible for the hacker attacks on the Democratic Party. Sources told The Bell that the institutional competition for budget resources has driven both the GRU and FSB to launch cyber-attacks. Researchers from the company Crowdstrike indirectly confirmed this rivalry in a 2016 report on the hacker groups “Cozy Bear” and “Fancy Bear.” In January 2017, the newspaper Novaya Gazeta reported that Mikhailov and the others were arrested on charges related to the hacking of the Democratic Party.
America's hunt for Russian hackers How FBI agents tracked down four of the world's biggest cyber-criminals and brought them to trial in the U.S.
Moscow's cyber-defense How the Russian government plans to protect the country from the coming cyberwar
The Bell’s sources say the formal charges against Mikhailov and the other defendants do not address the cyber-attack on the Democratic Party, and deal instead with intelligence he allegedly sold to American officials in 2007 about Pavel Vrublevsky, the owner of Chronopay, a transaction security company.
In retaliation, Vrublevsky apparently informed the FSB that Mikhailov was collecting data about the hacker attacks and passing it to the Americans. In August, the independent television station Dozhd reported that Mikhailov could have supplied the FBI with information that led to the July 2014 arrest of Russian hacker Roman Seleznev in the Maldives. Ivan Pavlov, who represents one of the defendants in Mikhailov’s treason case, categorically denies these allegations. In March 2017, the FBI charged Dmitry Dokuchaev, one of Mikhailov’s subordinates in the FSB’s cyber-investigative department, with hacking and stealing 500 million Yahoo user accounts.
A source who knows Mikhailov says his main motivation for helping the Americans was his commitment to fighting crime. It’s possible, however, that Mikhailov was also receiving money from the U.S. government, though his lawyers deny this. Multiple sources also told The Bell that Mikhailov held a position at the media holding company RBC from 1999 to 2009, where he apparently earned “an unusual supplement” to his salary as an FSB officer. The Bell was unable to find out how much money RBC may have paid him.
https://meduza.io/en/feature/2017/12/05 ... aign=share
English translation of the in-depth reporting quoted above: "...former Russian FSB colonel Sergey Mikhailov, now on trial in Russia for treason, may have provided US officials w/ information about the hacker attacks on the Democratic Party"
#Maddow https://translate.google.com/translate? ... rev=search …
"FSB + Kaspersky employees arrested for treason had tipped off CIA criminal hackers"Russian treason arrests stemmed from intel official helping US catch criminal hackers
Joe Uchill08/24/17 10:08 AM EDT
Russian treason arrests stemmed from intel official helping US catch criminal hackers
Three current and former Russian intelligence agents and a Russian cybersecurity firm employee arrested on charges of treason had been feeding the U.S. information on criminal hackers, a Russian news station reported Wednesday.
Sergei Mikhailov and Dmitry Dokuchaev, who at the time were employed by Russia's intelligence service, the FSB, were arrested along with former FSB agent George Fomchenkov and Kaspersky Lab employee Ruslan Stoyanov in connection with data they passed along to the CIA, according to Rain TV.
The arrests, which were made public in late January, caused speculation that the four had been informants for the investigation into Russian hacking in the 2016 U.S. elections.
According to the Rain report, they had actually been tipping off the CIA about Russian criminal hackers, including accused credit card thief Roman Seleznev and alleged LinkedIn hacker Yevgeniy Nikulin.
Seleznev, the son of a Russian legislator, was arrested on vacation in the Maldives in 2014. According to the Rain report, aiding in his capture forced the hand of Russian authorities to arrest Mikhailov, Dokuchaev, Fomchenkov and Stoyanov.
At the time of the announcement of Stoyanov's arrest, Kaspersky Lab said in a statement: "The case against this employee does not involve Kaspersky Lab," noting that the arrest concerned a time period "predating his employment at Kaspersky Lab."
http://thehill.com/policy/cybersecurity ... g-us-catch
Russian FSB agents Mikhailov & Dokuchaev [YAHOO hack] and Stoyanov of Kaspersky Lab [who paid Mike Flynn] were charged w/ treason for passing US officials IP-addresses of devices involved in hacking IL & AZ election database.
Mike Flynn was paid by a Russian cybersecurity firm that is connected to Russian FSB officer indicted for Yahoo hack.
"FSB keeps RU’s top cybersecurity experts under arrest so nobody can interview them, use them – or harm them"
Are FSB agents Mikhailov, Dokuchaev [YAHOO hack] and Stoyanov [Kaspersky employee] treasonists or the actual DNC hackers?
NEW: Jailed Russian hacker Kozlovsky: I hacked the DNC 'under command of the FSB.' He also named his FSB handler Dokuchayev & Kaspersky employee Stoyanov. This undermines repeated Kremlin claims that they had nothing to do w/the DNC hack ...
NEW Russian hacker contradicts Kremlin: "I hacked the DNC for the FSB"
The jailed Russian hacker named at least 2 others who helped w/ the DNC hack: his FSB handler Dokuchaev [indicted for the YAHOO hack] and Ruslan Stoyanov, a cybersecurity expert w/ Kaspersky Lab [who paid Mike Flynn]
Kaspersky was an intermediary btwn “international organizations” Flynn
Court document in jailed Russian hacker [Kozlovskiy] case points to Kaspersky Lab’s cooperation with Russian security service FSB: "The FSB agent worked side-by-side with the Kaspersky technician in the 'information retrieval' operation."
Early reporting was that Mikhailov/Dokuchayev accepted bribes from a "foreign organization" – not USIC. They weren't arrested for treason until the dossier became public. Might the Dec '16 treason arrest be CYA because FSB was paid by Trump campaign ["foreign org"] to hack DNC?
Jailed Russian hacker Kozlovsky says he can prove he hacked the DNC on Kremlin’s orders and that his relationship with his FSB handler Dokuchayev [indicted for Yahoo hack] preceeded the latter’s rise to prominence in the FSB.Jailed Russian says he hacked DNC on Kremlin’s orders and can prove it
By Kevin G. Hall khall@mcclatchydc.comWASHINGTON
In this June 14, 2016 file photo, people stand outside the Democratic National Committee (DNC) headquarters in Washington. (AP Photo/Paul Holston, File)
A jailed Russian who says he hacked into the Democratic National Committee computers on the Kremlin’s orders to steal emails released during the 2016 U.S. presidential election campaign now claims he left behind a data signature to prove his assertion.
In an interview with Russia’s RAIN television channel made public Wednesday, Konstantin Kozlovsky provided further details about what he said was a hacking operation led by the Russian intelligence agency known by its initials FSB. Among them, Kozlovsky said he worked with the FSB to develop computer viruses that were first tested on large, unsuspecting Russian companies, such as the oil giant Rosneft, later turning them loose on multinational corporations.
Kozlovsky first came to public attention in early December when word spread about his confession last Aug. 15 in a Russian courtroom that he was the person who hacked into DNC computers on behalf of Russian intelligence. The Russian was jailed earlier this year, alleged to have been part of a hacking group there that stole more than $50 million from Russian bank accounts through what’s called the Lurk computer virus.
The alleged hacker posted to his Facebook page in December a transcript and an audio recording of his confession during a pre-trial court hearing. He also confessed online to having hacked investigators looking into the crash of Malaysia Airlines Flight 17, brought down in July 2014 by a missile near the disputed Ukrainian border with Russia.
In written answers from jail made public Wednesday by RAIN TV, a Moscow-based independent TV station that has repeatedly run afoul of the Kremlin, Kozlovsky said he feared his minders might turn on him and planted a “poison pill” during the DNC hack. He placed a string of numbers that are his Russian passport number and the number of his visa to visit the Caribbean island of St. Martin in a hidden .dat file, which is a generic data file.
That allegation is difficult to prove, partly because of the limited universe of people who have seen the details of the hack. The DNC initially did not share information with the FBI, instead hiring a tech firm called CrowdStrike, run by a former FBI cyber leader. That company has said it discovered the Russian hand in the hacking, but had no immediate comment on the claim by Kozlovsky that he planted an identifier. Salon reported in September that the DNC had shared with the FBI complete digital copies of its servers.
There was no immediate way to reach Kozlovsky, who is believed to have been detained in the infamous Matrosskaya Tishina (Sailor’s Silence) jail in Moscow awaiting trial for an unrelated hacking case.
Bots make up more than half of all internet traffic and are seamlessly integrated into our everyday lives, here's how they work. Maureen Chowdhury and Patrick GleasonMcClatchy
The newest allegations are potentially significant. If the FSB did in fact direct Kozlovsky, then it debunks Russian President Vladimir Putin’s assertion that his government had nothing to do with hacking that all major U.S. intelligence agencies put at his feet. It also calls into question the view of a hack that was conducted as a closely held, organized FSB campaign directed from central offices. Kozlovsky says he worked largely from home, with limited knowledge of others and that the political hack was just part of larger relationship with the FSB’s top cyber officials on viruses directed at other countries and the private sector.
“Based on my experience and understanding of professional intelligence operations, the blending of criminal activity with sanctioned intelligence operations is an old page out of the Russian intelligence-services playbook,” said Leo Taddeo, chief information security officer for Cyxtera Technologies and a former head of cyber operations in the FBI’s New York office. “What the defendant (in Russia) is describing would not be inconsistent with past Russian intelligence operations.”
Kozlovsky’s claims include an assertion that for the past seven years he was under the control of Major Gen. Dmitry Dokuchayev, who he said gave him orders to breach the DNC servers to interfere in the U.S. election process. A federal court in San Francisco in February issued an arrest warrant for Dokuchayev for his alleged role in a hack of Yahoo accounts. A month later the FBI put the former hacker-turned-spy on a Wanted poster for his alleged role in directing hackers. He was arrested in Russia in late 2016 on treason charges in a high-profile incident that included the arrest of another FSB cyber leader.
The jailed Kozlovsky told RAIN TV that he had a relationship with Dokuchayev that preceeded the latter’s rise to a prominent post in the FSB.
http://www.mcclatchydc.com/news/nation- ... 57354.html
From a high-security Russian prison, Konstantin Kozlovsky provides details to FastCompany about how his software was used to hack the DNC & disrupt the 2016 election under FSB's direction: "I’m ready to collaborate with the US."
Jailed Russian: Here’s How I Hacked The U.S. Election
From a cell in a high-security prison outside Moscow, Konstantin Kozlovsky reveals more about the software he claims disrupted the 2016 election.Jailed Russian: Here’s How I Hacked The U.S. Election
MOSCOW–Konstantin Kozlovsky is ready to talk. The 29-year-old blonde-haired Russian hacker at the center of the intrigue surrounding the Kremlin’s cyberattacks on the 2016 U.S. presidential election currently sits in a high-security prison with the forbidding name of Matrosskaya Tishina (Sailor’s Silence) in northeastern Moscow. Kozlovsky is officially charged with stealing millions from Russian banks, but he’d prefer to brag about how he built the software used to hack the Democratic National Committee (DNC) and other U.S. targets.
At a small hearing in a Moscow court earlier this month, with only a handful of media outlets present, Kozlovsky said he was ready to present detailed evidence that the Kremlin was directly involved in a series of high-profile attacks, including compromising the DNC’s computer systems in 2016, as well as those of the U.S. government, military, social media companies, and leading U.S. publishers.
In an interview with Fast Company conducted over the last two weeks via a verified representative, Kozlovsky was able to provide more details for his claims about the role of the Russian government, and how the program he developed was designed to wreak havoc.
“I’m ready to collaborate with the U.S. specialists, to show evidence and to confirm information,” he said in response to questions. Kozlovsky claims the program he developed, the so-called LDCS, was able to “replace information on Twitter, Facebook, Google and leading U.S. media outlets.” But he didn’t go into more details, so it remains unclear how the program really works and how extensively it was used during and after the 2016 election. It appears similar to trojans, a type of malware disguised as legitimate software that enables hackers to get full access to your computer, allowing them to change and delete files, monitor your computer activities, or steal your confidential information.
Kozlovsky noted that the Russians’ use of social media for propaganda purposes, as described by the defendants named in the indictment recently handed down by special prosecutor Robert Mueller, actually played a less significant role in achieving Russia’s objectives than hacking.
Since Kozlovsky’s been in jail since late 2016, he doesn’t know the current activities of Russian hackers, but said it’s likely they are using his software to manipulate news reports. “The FSB could easily continue to develop and add other information resources.”
On February 13, Kozlovsky asked the court for an IT specialist to prove his claims, a request he tells Fast Company was never granted. He also says that his detainment at Matrosskaya Tishina has been extended through May 18.
Victims Ranged From Oligarchs To The Olympic Committee
Born in the Russian city of Sverdlovsk (now Yekaterinburg), Kozlovsky rose to prominence primarily by hacking Russia’s financial institutions. He is one of 50 members of a hacker group called Lurk, which successfully hacked “all of Russia’s banks,” according to Group-IB, a cybersecurity company based in Moscow. Kozlovsky was been in prison for almost a year and eight months.
The tale of how someone like Kozlovsky found himself in prison, caught up in the middle of a high-stakes international drama involving Russia’s counterintelligence agencies, rogue hackers turned government agents, and allegations of Russia’s multilayered plot to interfere in the U.S. elections reveals much about Russia’s cybersecurity landscape and the murky relationship between the country’s counterintelligence operations and criminal hacking groups.
The cyberfraud charges against Kozlovsky include “organization of criminal community,” as well as the creation and distribution of harmful software programs. Lurk, the group he belonged to, reportedly stole more than $50 million (3 billion rubles) over a period of five years, according to Group-IB’s data.
Back in December, Kozlovsky first claimed his role in hacking the DNC amid the heated U.S. primary season in 2016, saying he was acting on the orders of Russia’s Federal Security Service (FSB), the country’s counterintelligence agency that has retained the ethos and global ambitions of the Soviet era.
Outside of court hearings every few months, Kozlovsky has relied on his Facebook page to fill in the blanks.
In a recent post, Kozlovsky confirmed his involvement in the attacks on the U.S. Democratic Party, the World Anti-Doping Agency, the Olympics Committee, and FIFA on the orders of FSB Major Dmitry Dokuchaev, who worked at the agency’s Center for Information Security. He was one of four intelligence officials arrested a year ago and accused of treason by Russia, a move that rattled the cybersecurity community in Russia and beyond.
Dokuchaev began to communicate with Kozlovsky in 2005, collecting compromising material to recruit him and become his handler, according to Kozlovsky’s version of events. Kozlovsky says his testimony detailing his connection to Dokuchaev and his work for the FSB was omitted from the official record by Russian authorities.
Prominent cybersecurity experts in the country tend to find Kozlovsky’s account convincing. “I believe this is really true,” says Pavel Vrublevsky, a cybersecurity expert and founder of CronoPay, a payments operator with offices in Moscow and Amsterdam, of Kozlovsky’s recruitment account. Vrublevsky has had his own run-in with FSB, serving one and a half years in prison after being found guilty of hiring bot makers to attack a rival company. He is an official witness in the Dokuchaev case.
“If Kozlovsky was an informant of Dokuchaev, and therefore was the organizer of Lurk, then Dokuchaev was the true organizer of Lurk,” Vrublevsky says, noting the Russian government “is not ready” to investigate the Lurk story fully. “This may lead to even more questions about how that department of FSB actually operated,” he says.
Dokuchaev has disputed this version of events and denies knowing Kozlovsky, reports RBK, a Russian business publication.
According to the FBI, Dokuchaev is responsible for a range of cybercrimes, including “gaining unauthorized access to the computer networks of and user accounts hosted at major companies providing worldwide webmail and internet-related services in the Northern District of California and elsewhere.”
Does His Software Really Work On Such A Scale?
Still, Kozlovsky’s claims have not been independently verified, especially when it comes to the software capabilities he describes.
“The technology described, LDCS, it’s quite a typical code called podmena or substitute in Russian slang, mainly used for changing real advertising links for someone else’s illegal promotion or for illegal bank fraud operations,” Vrublevsky says. “In reality, however, it likely can’t be done–because if a fraud like this occurs on a massive scale, the antivirus software blocks it almost immediately.”
Russian officials have repeatedly denied any involvement in the U.S. electoral process.
In the United States, for more than a year, high-level officials have acknowledged “the Russian intelligence services hacked into a number of enterprises in the United States, including the Democratic National Committee.”
But few answers have been provided in terms of characterizing the scope of Russia’s cyber attack and measures taken to prevent future operations.
In the U.S., while the major intelligence agencies have presented evidence of Kremlin-linked hacking, President Donald Trump remains unconvinced, tweeting his skepticism and expressing doubts in public. Last week, U.S. Cyber Command and Director Admiral Mike Rogers told lawmakers that Trump hasn’t told him to confront the Russian cyber threat. Indeed, the U.S. seems unprepared for the strong likelihood of cyberattacks in this year’s midterm elections, though intel chiefs are convinced they’re on the way.
“There should be no doubt that Russia perceives that its past efforts have been successful and views the 2018 midterm U.S. elections as a potential target for Russian influence operations,” Dan Coats, the director of national intelligence, recently said. “Frankly, the United States is under attack.”
When it comes to the voter registration systems, Jeanette Manfra, the head of cybersecurity at the Department of Homeland Security, downplayed the effectiveness of Russia’s attack.
“We saw a targeting of 21 states, and an exceptionally small number of them were actually successfully penetrated,” she told NBC News earlier this month.
A recent report from the Center for American Progress evaluating election security in 50 states found no state receive an “A” grade in terms of their cybersecurity standards and voting requirements. Forty states received a “C” grade or below.
The FBI and the Department of Homeland Security’s cybersecurity division could not be reached for comment by phone or email.
The White House has not responded to or acknowledged all the findings from different government agencies on Russia-related cybercrimes.
In the latest round of indictments in Mueller’s wide-ranging investigation, Deputy Attorney General Rod Rosenstein said that 13 Russian nationals and three Russian entities used social media posts, online ads, and rallies to disseminate propaganda “primarily intended to communicate derogatory information about Hillary Clinton, to denigrate other candidates such as Ted Cruz and Marco Rubio, and to support Bernie Sanders and then candidate Donald Trump.”
A day before the Mueller indictments, the White House took an unusual step and accused the Russian military of “the most destructive and costly cyberattack in history”, the so-called Not Petya attack across Europe, Asia, and the Americas in June 2017. The White House characterized the attack as a part of the Kremlin’s “effort to destabilize Ukraine,” vowing to retaliate with “international consequences.”
When it comes to Russia’s efforts to destabilize the U.S. and its electoral process, as highlighted in the Mueller indictments, the Trump administration had a much more muted and vague response.
“It is more important than ever before to come together as Americans,” President Trump said in a statement in response to the indictments. “It’s time we stop the outlandish partisan attacks, wild and false allegations, and far-fetched theories, which only serve to further the agendas of bad actors, like Russia, and do nothing to protect the principles of our institutions.”
If he is ever allowed the opportunity to prove his claims via an independent IT specialist, and if his claims can be independently verified, this testimony alone will not reveal the extent of Russia’s operations or leave any of the U.S. government entities, private companies, or media organizations any less exposed in the upcoming midterm elections.
But it will be a step toward understanding Russia’s cyberwarfare landscape, the extent of Moscow’s interference, and what the U.S. is up against.
https://www.fastcompany.com/40538571/ja ... s-election
Konstantin also said he left his *fingerprints*Russian Hacker Says He Left Fingerprints on His DNC Hack in Bid to Bolster His Story That Putin Ordered It
By Zachary Fryer-Biggs On 12/28/17 at 12:09 PM
A Russian hacker who defied Vladimir Putin by claiming he hacked the Democratic National Committee on orders from a high-level Russian security official now says he planted personal details in DNC servers that can prove he was behind the break-in—a detail that, if true, strengthens his claim about the Russians' meddling in the 2016 election.
Konstantin Kozlovsky, a cyber attacker who had previously claimed he was ordered by a Russian security official to crack the DNC server, told RAIN television that he hid his passport number and visa number for a visit to St. Martin in a data file on the DNC systems so that he could prove his story later, according to McClatchy.
The new detail bolsters Kozlovsky's credibility as he awaits trial in an unrelated bank hacking case. Previously, the Russian security official has denied Kozlovsky's claims—but that official, Dmitry Dokuchaev, is himself being held on secret charges of treason that may be about his alleged role in confirming the DNC break-in to U.S. intelligence officials.
Only the DNC or the cybersecurity companies it used to combat the Russian hacks can confirm Kozlovsky’s claims about the data signature he says he left behind. Federal authorities say they have never had access to the DNC’s servers.
The 2016 DNC hack gave Russian intelligence access to a trove of emails from the Hillary Clinton campaign, emails that were then passed on to WikiLeaks to try to harm Clinton and help Trump, according to U.S. intelligence agencies.
Kozlovsky had previously claimed in the Facebook posts that he had been instructed by Dokuchaev, a senior official with the Russia’s Federal Security Service, to hack the DNC system. The Facebook posts included a handwritten note, as well as audio recordings, but experts doubted that Kozlovsky could have made the social media post because he's being held in a high-security prison where inmates don't typically get internet access.
The interview with RAIN was apparently conducted over email, raising more questions for doubters.
Dokuchaev has denied knowing Kozlovsky, though the description of his handling Kozlovsky matches the approach of Russian intelligence, whose officials often manage hackers not directly employed by the government to provide plausible deniability down the road.
GettyImages-895407106 Trump administration officials at a December press conference claiming North Korea was behind a massive attack using the WannaCry bug. Mark Wilson/Getty Images
In the interview with RAIN, Kozlovsky claims credit for helping to develop both the Lurk and WannaCry viruses. Earlier this month Trump administration officials accused North Korea of having used the WannaCry virus to infect millions of systems demanding ransoms from computer users in exchange for unlocking their computers. The officials said that the same group behind the Sony Pictures attack, the Lazarus Group, was also behind the use of WannaCry, though they did not claim that North Korea created the original virus.
http://www.newsweek.com/russian-hacker- ... dnc-761727
https://twitter.com/dcpoll/status/971065769596522497