Why Is Russia Finally Letting (Dubious) Details of Its Involvement in DNC Hack Out?
In recent days there have been a number of stories in Russia implicating the FSB (note, not GRU) in issues related to the DNC hack. First, there was this article from The Bell, claiming that the four Russian treason defendants (two of whom were FSB officers) are being prosecuted because they provided inside information to the US about GRU’s involvement in the DNC hack.
But it is impossible to identify which specific cyber group or groups were responsible for last year’s Democratic National Committee hack based on technical traces alone, four cyber experts polled by The Bell confirmed. To prove specifically that the GRU was involved, U.S. investigators would have needed inside sources — preferably with access to confidential state matters, one source explained. Mikhailov had that access.
Relations between intelligence agencies working on the cyber front were strained, one of Mikhailov’s acquaintances said. The FSB and GRU compete for funding and Mikhailov felt the FSB carried out cyber tasks more professionally than the GRU, according to one of his acquaintances.
He used to say that “the GRU breaks into servers in a brazen, clumsy, and brutish manner and it interfered with his own work”, the acquaintance said. Moreover “the GRU’s hackers didn’t even try to cover their tracks”.
The report said that Sergei Mikhailov — who was named (but not charged) the Yahoo hack case — shared information on Russian hackers who wouldn’t work with the FSB with western law enforcement agencies though a cut-out named Kimberly Zenz.
Mikhailov had been working closely with Western intelligence agencies since 2010. Report written for Vrublevsky said that Mikhailov had leaked sensitive information “on Russian cyber-criminals, who had refused to cooperate with him, to a U.S. citizen”. More specifically, Mikhailov reportedly handed the U.S. citizen — a woman — information on Russian state-sponsored hacker attacks against Estonia and Georgia in 2007 and 2008.
Burykh says he found that Mikhailov gave the information to Stoyanov, who then passed it on to Kimberly Zenz of the U.S. company iDefense Intelligence. From there, it went to the U.S. Department of Defense.
Then there’s this story, reporting that a hacker tied to the Lurk group, Konstantin Kozlovsky, hacked the DNC on behalf of the FSB.
Then there’s this, from Novaya Gazeta, laying out the news.
NG questions — as I do — why this is all coming out now. Of particular interest, it notes that Kozlovsky’s claims were posted in August, but for some reason the hashtags that would have alerted people to the posted claim were not triggering, meaning the information only got noticed (at least in Russia) now.
Interestingly, the first materials on this page were posted back in August of this year. And despite the fact that sensational publications were accompanied by tags # CIB, # FSB, # Dokoutchaev, # Mikhailov # Stoyanov, # hackers, # Kaspersky, the existence of a personal page Kozlovsky in Facebook for some reason became known only in early December.
Here’s the timeline we’re currently being presented with (I’ve made some additions):
April 28, 2015: FSB accesses Lurk servers with Kaspersky’s help.
May 18, 2016: Kozlovsky arrest.
May 19-25, 2016: DNC emails shared with WikiLeaks likely exfiltrated.
November 1, 2016: Date of Kozlovsky confession.
December 5, 2016: Arrest, for treason, of FSB officers.
August 14, 2017: Kozlovsky posts November 1 confession of hacking DNC on Facebook.
November 28, 2017: Karim Baratov (co-defendant of FSB handlers) plea agreement.
December 2, 2017: Kozlovsky’s claims posted on his Facebook page.
Of particular note, the emails exfiltrated from the DNC and shared with WikiLeaks were probably not exfiltrated until the days immediately after Kozlovsky’s arrest.
As NG notes, this all may well be true (though I wonder why Russia is now letting claims it was involved in the DNC hack go public, after claiming it was uninvolved for so long). But the reason it is coming out now is at least as interesting that it is coming out.
Update: I originally said that Mikhailov was charged in the Yahoo hack. He was described in it, but not charged.