MOSCOW–Konstantin Kozlovsky is ready to talk. The 29-year-old blonde-haired Russian hacker at the center of the intrigue surrounding the Kremlin’s cyberattacks on the 2016 U.S. presidential election currently sits in a high-security prison with the forbidding name of Matrosskaya Tishina (Sailor’s Silence) in northeastern Moscow. Kozlovsky is officially charged with stealing millions from Russian banks, but he’d prefer to brag about how he built the software used to hack the Democratic National Committee (DNC) and other U.S. targets.
At a small hearing in a Moscow court earlier this month, with only a handful of media outlets present, Kozlovsky said he was ready to present detailed evidence that the Kremlin was directly involved in a series of high-profile attacks, including compromising the DNC’s computer systems in 2016, as well as those of the U.S. government, military, social media companies, and leading U.S. publishers.
In an interview with Fast Company conducted over the last two weeks via a verified representative, Kozlovsky was able to provide more details for his claims about the role of the Russian government, and how the program he developed was designed to wreak havoc.
“I’m ready to collaborate with the U.S. specialists, to show evidence and to confirm information,” he said in response to questions. Kozlovsky claims the program he developed, the so-called LDCS, was able to “replace information on Twitter, Facebook, Google and leading U.S. media outlets.” But he didn’t go into more details, so it remains unclear how the program really works and how extensively it was used during and after the 2016 election. It appears similar to trojans, a type of malware disguised as legitimate software that enables hackers to get full access to your computer, allowing them to change and delete files, monitor your computer activities, or steal your confidential information.
Kozlovsky noted that the Russians’ use of social media for propaganda purposes, as described by the defendants named in the indictment recently handed down by special prosecutor Robert Mueller, actually played a less significant role in achieving Russia’s objectives than hacking.
Since Kozlovsky’s been in jail since late 2016, he doesn’t know the current activities of Russian hackers, but said it’s likely they are using his software to manipulate news reports. “The FSB could easily continue to develop and add other information resources.”
On February 13, Kozlovsky asked the court for an IT specialist to prove his claims, a request he tells Fast Company was never granted. He also says that his detainment at Matrosskaya Tishina has been extended through May 18.
Victims Ranged From Oligarchs To The Olympic Committee
Born in the Russian city of Sverdlovsk (now Yekaterinburg), Kozlovsky rose to prominence primarily by hacking Russia’s financial institutions. He is one of 50 members of a hacker group called Lurk, which successfully hacked “all of Russia’s banks,” according to Group-IB, a cybersecurity company based in Moscow. Kozlovsky was been in prison for almost a year and eight months.
The tale of how someone like Kozlovsky found himself in prison, caught up in the middle of a high-stakes international drama involving Russia’s counterintelligence agencies, rogue hackers turned government agents, and allegations of Russia’s multilayered plot to interfere in the U.S. elections reveals much about Russia’s cybersecurity landscape and the murky relationship between the country’s counterintelligence operations and criminal hacking groups.
The cyberfraud charges against Kozlovsky include “organization of criminal community,” as well as the creation and distribution of harmful software programs. Lurk, the group he belonged to, reportedly stole more than $50 million (3 billion rubles) over a period of five years, according to Group-IB’s data.
Back in December, Kozlovsky first claimed his role in hacking the DNC amid the heated U.S. primary season in 2016, saying he was acting on the orders of Russia’s Federal Security Service (FSB), the country’s counterintelligence agency that has retained the ethos and global ambitions of the Soviet era.
Outside of court hearings every few months, Kozlovsky has relied on his Facebook page to fill in the blanks.
In a recent post, Kozlovsky confirmed his involvement in the attacks on the U.S. Democratic Party, the World Anti-Doping Agency, the Olympics Committee, and FIFA on the orders of FSB Major Dmitry Dokuchaev, who worked at the agency’s Center for Information Security. He was one of four intelligence officials arrested a year ago and accused of treason by Russia, a move that rattled the cybersecurity community in Russia and beyond.
Dokuchaev began to communicate with Kozlovsky in 2005, collecting compromising material to recruit him and become his handler, according to Kozlovsky’s version of events. Kozlovsky says his testimony detailing his connection to Dokuchaev and his work for the FSB was omitted from the official record by Russian authorities.
Prominent cybersecurity experts in the country tend to find Kozlovsky’s account convincing. “I believe this is really true,” says Pavel Vrublevsky, a cybersecurity expert and founder of CronoPay, a payments operator with offices in Moscow and Amsterdam, of Kozlovsky’s recruitment account. Vrublevsky has had his own run-in with FSB, serving one and a half years in prison after being found guilty of hiring bot makers to attack a rival company. He is an official witness in the Dokuchaev case.
“If Kozlovsky was an informant of Dokuchaev, and therefore was the organizer of Lurk, then Dokuchaev was the true organizer of Lurk,” Vrublevsky says, noting the Russian government “is not ready” to investigate the Lurk story fully. “This may lead to even more questions about how that department of FSB actually operated,” he says.
Dokuchaev has disputed this version of events and denies knowing Kozlovsky, reports RBK, a Russian business publication.
According to the FBI, Dokuchaev is responsible for a range of cybercrimes, including “gaining unauthorized access to the computer networks of and user accounts hosted at major companies providing worldwide webmail and internet-related services in the Northern District of California and elsewhere.”
Does His Software Really Work On Such A Scale?
Still, Kozlovsky’s claims have not been independently verified, especially when it comes to the software capabilities he describes.
“The technology described, LDCS, it’s quite a typical code called podmena or substitute in Russian slang, mainly used for changing real advertising links for someone else’s illegal promotion or for illegal bank fraud operations,” Vrublevsky says. “In reality, however, it likely can’t be done–because if a fraud like this occurs on a massive scale, the antivirus software blocks it almost immediately.”
Russian officials have repeatedly denied any involvement in the U.S. electoral process.
In the United States, for more than a year, high-level officials have acknowledged “the Russian intelligence services hacked into a number of enterprises in the United States, including the Democratic National Committee.”
But few answers have been provided in terms of characterizing the scope of Russia’s cyber attack and measures taken to prevent future operations.
In the U.S., while the major intelligence agencies have presented evidence of Kremlin-linked hacking, President Donald Trump remains unconvinced, tweeting his skepticism and expressing doubts in public. Last week, U.S. Cyber Command and Director Admiral Mike Rogers told lawmakers that Trump hasn’t told him to confront the Russian cyber threat. Indeed, the U.S. seems unprepared for the strong likelihood of cyberattacks in this year’s midterm elections, though intel chiefs are convinced they’re on the way.
“There should be no doubt that Russia perceives that its past efforts have been successful and views the 2018 midterm U.S. elections as a potential target for Russian influence operations,” Dan Coats, the director of national intelligence, recently said. “Frankly, the United States is under attack.”
When it comes to the voter registration systems, Jeanette Manfra, the head of cybersecurity at the Department of Homeland Security, downplayed the effectiveness of Russia’s attack.
“We saw a targeting of 21 states, and an exceptionally small number of them were actually successfully penetrated,” she told NBC News earlier this month.
A recent report from the Center for American Progress evaluating election security in 50 states found no state receive an “A” grade in terms of their cybersecurity standards and voting requirements. Forty states received a “C” grade or below.
The FBI and the Department of Homeland Security’s cybersecurity division could not be reached for comment by phone or email.
The White House has not responded to or acknowledged all the findings from different government agencies on Russia-related cybercrimes.
In the latest round of indictments in Mueller’s wide-ranging investigation, Deputy Attorney General Rod Rosenstein said that 13 Russian nationals and three Russian entities used social media posts, online ads, and rallies to disseminate propaganda “primarily intended to communicate derogatory information about Hillary Clinton, to denigrate other candidates such as Ted Cruz and Marco Rubio, and to support Bernie Sanders and then candidate Donald Trump.”
A day before the Mueller indictments, the White House took an unusual step and accused the Russian military of “the most destructive and costly cyberattack in history”, the so-called Not Petya attack across Europe, Asia, and the Americas in June 2017. The White House characterized the attack as a part of the Kremlin’s “effort to destabilize Ukraine,” vowing to retaliate with “international consequences.”
When it comes to Russia’s efforts to destabilize the U.S. and its electoral process, as highlighted in the Mueller indictments, the Trump administration had a much more muted and vague response.
“It is more important than ever before to come together as Americans,” President Trump said in a statement in response to the indictments. “It’s time we stop the outlandish partisan attacks, wild and false allegations, and far-fetched theories, which only serve to further the agendas of bad actors, like Russia, and do nothing to protect the principles of our institutions.”
If he is ever allowed the opportunity to prove his claims via an independent IT specialist, and if his claims can be independently verified, this testimony alone will not reveal the extent of Russia’s operations or leave any of the U.S. government entities, private companies, or media organizations any less exposed in the upcoming midterm elections.
But it will be a step toward understanding Russia’s cyberwarfare landscape, the extent of Moscow’s interference, and what the U.S. is up against.