Konstantin Kozlovsky, a Russian hacker, claims that Federal Security Service of Russia (FSS) curated the creation of the viruses WannaCry and Lurk. He was arrested in 2016 along with 40 other hackers who are believed to be members of the group Lurk. At the moment Konstantin is the main suspect indicted in the criminal case of the group. He also pleaded guilty to hacking Hillary Clinton’s email and servers of the US military companies. Kozlovsky states that his actions were led by Dmitry Dokuchaev, who allegedly used a nickname “Ilya”.
FSS Mayor Dmitry Dokuchaev, about whom Kozlovsky told, was arrested on charges of treason in December 2016. FSS Colonel Sergey Mikhailov, businessman Georgy Fomchenkov and “Kaspersky Laboratory” employee Ruslan Stoyanov were also arrested at the same time. According to “Dozhd” they are suspects in a transmission to the US intelligence services data on Russian hackers.
Previously Kozlovsky stated that Dokuchaev supervised hacking the Democratic National Committee computer network. However, Dokuchaev denies this allegation.
Earlier Russian authorities denied involvement in the emergence of WannaCry, which infected hundreds of thousands computers worldwide. Nothing was reported about a role of special agencies in the creation of Lurk, with the help of which about $20 million was stolen from Russian banks.
“Specificity of the so-called Lurk and its modifications, as well as the other software I created, allows anyone to work with infected objects on their own. That means – Dokuchaev and the ones whom he gave an access to, could work independently,” Kozlovsky said in an interview to the TV channel “Dozhd”.
Kozlovsky confirms that WannaCry is one of the viruses created under the auspices of FSS. “When I was watching a TV program about WannaCry I saw a vaguely familiar locker (ransomware). Its “snout” was designed by people of my group. “Snout” is a picture displayed on a computer when it is blocked,” he said.
He also affirms that computer systems of the largest companies – “Rosneft”, “Gazprom”, Lukoil” and “Sberbank” – were used for testing the viruses. He says that hackers implemented a new way of spreading ransomware so to “infect one computer in a corporate network, [and] get access to [the] administrator domain and stop functioning of the whole company with one click”. But Andrey Soldatov (an expert on Russian special services and co-author of the book “The Battle for Runet,”) notes that Kozlovsky describes the operation principles of any Trojan and there is nothing new in this method.
Konstantin said that WannaCry was tested in the company “Samolet Development”. “Samolet Development” confirms that in the company “we established and implemented an information security system certified by FSS and Federal Service for Technical and Export Control”.
In the course of the interview, Kozlovsky did not reject charges of thefts committed with the help of the virus Lurk, excluding stealing money from the bank accounts of “Taatt”, “Metalinvestbank” and “Grant Invest Bank”.
“Yes, my structures cashed money, however, thefts were technically fulfilled by Dokuchaev and his companions,” Kozlovsky said.
FSS left his words without comments. “Kaspersky Laboratory”, which acted as an expert in the Lurk case, refused to answer questions but provided links to works carried out by independent experts: researches of Symantec and FireEye companies which point out indirect evidence that hackers standing behind WannaCry are connected with North Korea.
WannaCry firstly spread on May 12. In total, more than 230,000 computers in 150 countries around the world were affected. In Russia, the attack was aimed at servers of telecommunication companies and law enforcement agencies. Ransomware infected “Megafon”, “VympelKom” and computers of the Ministry of Internal Affairs. Russian Ministry of Emergency Situations and Ministry of Health reported about repelling it successfully. According to the US experts the total damage dealt by the hacker attack amounted to $1 billion. The president of Microsoft corporation said “with a high degree of confidence” that North Korea is responsible for its creation. Later on Nil Mehta, a Google employee, found a connection between WannaCry and the North Korean group of hackers “Lazarus”. “Kaspersky Laboratory” confirmed this conclusion.
The New York Times noted that hackers exploited malicious software stolen from the US National Security Agency. These security breaches and spilled secrets were snatched by Shadow Brokers, hackers linked to Russia. The president Putin commented on the possibility of the state’s involvement: “Russia has absolutely nothing to do with this,” he said.