Endpoint

12/28/2017
02:10 PM
50%
50%

Jailed Hacker Claims Proof He Breached DNC on Russia's Orders

A Russian national in jail for hacking the Democratic National Committee says a data signature proves he acted on the Kremlin's orders.

Konstantin Kozlovsky, a jailed Russian who claims he hacked the Democratic National Committee, now says he can prove Russian intelligence ordered him to steal emails released during the 2016 US presidential election.

Earlier this year, Kozlovsky made headlines when his confession to hacking the DNC on Russia's orders was made public. He was arrested on a separate charge this year, as an alleged member of a hacking group that stole more than $50 million from Russian bank accounts.

In an interview with a Russian television station made public Dec. 27, Kozlovsky reported more details on what he said was an operation led by the Russian intelligence agency FSB to hack the DNC. He claims he planted a string of numbers -- his Russian passport and visa number to visit the island of St. Martin -- in a generic .dat file. The idea was to give himself a safety net in case those who directed the attack turned on him, he claims.

In other details released this week, Kozlovsky said he collaborated with the FSB to create computer viruses. These were first tested on large Russian corporations and later used on multinational businesses, according to a published McClatchy report.

The report also notes Kozlovsky's statements are tough to prove because few people know the details of the hack. DNC hired CrowdStrike to investigate the breach; the tech firm had "no immediate comment" on Kozlovsky's claims about an implanted file, the report states. Further, it continues, the hacker claims he mostly worked from home and the DNC attack was one of many on other nations and the private sector.

Read more details here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
1/4/2018 | 8:34:31 AM
Re: And if the DNC had allowed real investigators...
Best comeback ever.  
SchemaCzar
50%
50%
SchemaCzar,
User Rank: Strategist
1/3/2018 | 3:48:43 PM
Re: And if the DNC had allowed real investigators...
You just forced me to have sympathy on hackers...
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
1/3/2018 | 1:15:10 PM
Re: And if the DNC had allowed real investigators...
I cannot help but get a chuckle out of this one --- what if all the Russians managed to gain access to were text files of Anthony Weiner's sexting chats????
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
12/31/2017 | 9:59:21 PM
Re: Not Surprising
Russian and Eastern European hackers have a long history of having an "understanding" with government officials -- having their consent to turn a blind eye if not their direct blessing, so long as they keep their activities away from fellow citizens. That's at the very least.

In other cases, it has been known in the intelligence community that Russian government officials outright work with independent black hats (as with other governments). I suspect that this proof, if it turns out to be actual proof, will get a lot of attention in the public, but in terms of actual policy will not mean a heck of a lot because it's old news to the people whose job it is to do things about it.
SchemaCzar
100%
0%
SchemaCzar,
User Rank: Strategist
12/29/2017 | 11:02:23 AM
And if the DNC had allowed real investigators...
DNC's hiring of CrowdStrike and refusal to allow FBI digital forensics to investigate makes this impossible to pursue.  The dishonesty of claiming Russian hacking and its damage to US democracy while not bringing it to Federal investigation now leaves us blind in dealing with Kozlovsky and his allegations.  For me - I don't believe the claims.  The FSB has plenty of its own resources and an ability to cover its tracks that makes using an outsider completely unnecessary, and risky.  A free-wheeling, free-travelling robber like Koslovsky is even worse.  Perhaps Koslovsky believes he was engaged by the FSB - as if he cared who paid him - but I don't.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
12/29/2017 | 7:32:42 AM
Not Surprising
This isn't surprising in the least that this could have been performed with the backing of a nation-state. The question is, definitely proving this to be the case what would be the recourse?
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12716
PUBLISHED: 2018-06-25
The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its l...
CVE-2018-12705
PUBLISHED: 2018-06-24
DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side).
CVE-2018-12706
PUBLISHED: 2018-06-24
DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header.
CVE-2018-12714
PUBLISHED: 2018-06-24
An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1 index invalid. This allows attackers to cause a denial o...
CVE-2018-12713
PUBLISHED: 2018-06-24
GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was ...