New information about Russian officials orchestrating the DNC hack could be designed to pin the cyber-attack on the U.S. government

16:11, 12 december 2017

Konstantin Kozlovsky

Russian Interior Ministry

On December 11, the newsletter The Bell reported that a Russian hacker named Konstantin Kozlovsky had declared in court (and claimed in posts on Facebook) that he helped hack the U.S. Democratic National Committee on orders from Russia’s Federal Security Service (FSB). According to a new article by the independent newspaper Novaya Gazeta, this information could be part of a mind-bendingly elaborate plot to blame U.S. officials for the infamous cyber-attack on America. Meduza summarizes this report by Novaya Gazeta special correspondent Irek Murtazin.

Multiple experts have reportedly told Novaya Gazeta that Kozlovsky’s confession could be both true and part of some larger “operational game.”

On December 5, 2016, a Moscow military court sanctioned the arrest of Colonel Sergey Mikhailov (the deputy head of the FSB’s Information Security Center), Major Dmitry Dokuchayev (a senior operative in Mikhailov’s outfit), Ruslan Stoyanov (a top investigator at Kaspersky Lab), and Georgy Fomchenkov (an entrepreneur in Russia's IT sector). The court has also labeled the treason case a secret, and news of the arrests didn’t leak for another two months.

Spies or hackers?

Once the public caught wind of the charges, theories about the case started circulating. Some have speculated that the suspects were involved in the hacktivist group “Anonymous International,” which stole and leaked the emails of high-ranking Russian officials. According to Novaya Gazeta special correspondent Irek Murtazin, small details about the case seem to have surfaced in a way that resembles a special operation designed to shift the public conversation from an “espionage scandal” to a “hacker scandal.” Murtazin says sources in Russia’s intelligence community have suggested that FSB agent Sergey Mikhailov could have been a foreign spy.

Hacker Konstantin Kozlovsky’s case materials, confession, and other documents started appearing on Facebook in August 2017, but no one in the media noticed them until early December, despite the fact that he tagged his posts with the names of the treason suspects and words like “#FSB,” “#hackers,” “#TsIB [Information Security Center].” Murtazin says he regularly monitors the Internet for content that matches these keywords, and he says none of his searches between August and December ever returned links to Kozlovsky’s Facebook posts.

Murtazin believes that Kozlovsky’s Facebook posts were likely hidden from the public until December, while his Facebook page accumulated information and uploaded more documents.

In various posts, Kozlovsky maintains that he acted under instructions from FSB Major Dmitry Dokuchayev, who contacted him using the pseudonym “Ilya.” Kozlovsky also says Ruslan Stoyanov, then a top investigator at Kaspersky Lab, hacked foreign servers on orders from the FSB. Kozlovsky identifies three targeted foreign IP addresses: (based in Germany), (based in Great Britain), and and (based in France).

Murtazin believes the information shared on Kozlovsky’s Facebook page “looks highly reliable,” signaling that the hacker was a member of the notorious group “Cozy Bear” — the same hacker group the U.S. intelligence community says has engaged in Russian cyber-espionage since 2008. If Dmitry Dokuchayev started managing Kozlovsky in 2008, Murtazin reasons, then it’s logical to assume that Sergey Mikhailov, Dokuchayev’s commanding officer, was Cozy Bear’s true founder and leader.

Hacker spies!

Several specialists have apparently told Murtazin that the release of Kozlovsky’s confession is part of a special operation by the FSB. The hacker is locked up at Moscow’s Matrosskaya Tishina federal penitentiary, where he presumably can’t say peep without a nod from his captors.

At first glance, the FSB appears to be encouraging suspicions that its officers and agents were involved in a cyber-attack on the United States. Murtazin argues, however, that this “is a story with a false bottom.” Mihailov and Dokuchayev, after all, are suspected of committing treason against Russia, and Mikhailov could have acted as the agent of a foreign intelligence agency. It’s possible, Murtazin says, that Kozlovsky’s “confession” was published as part of a larger plan to encourage the notion that Mikhailov was working for U.S. intelligence and it was in this capacity that he instructed Cozy Bear to hack the Democratic National Committee and Hillary Clinton’s emails.

In other words, this latest evidence against Russian hackers could be intended to incriminate the United States itself.

Murtazin points out that Kozlovsky was arrested on May 18, 2016 — months before the arrests of Dokuchayev and Mikhailov. If Mikhailov had really ordered Dokuchayev to tell Kozlovsky to hack the DNC, and the FSB’s leadership didn’t know about this, Mikhailov would have had plenty of time to leave the country. But he stayed put.

Read Novaya Gazeta’s full report here in Russian.