Why Is Russia Finally Letting (Dubious) Details of Its Involvement in DNC Hack Out?

In recent days there have been a number of stories in Russia implicating the FSB (note, not GRU) in issues related to the DNC hack. First, there was this article from The Bell, claiming that the four Russian treason defendants (two of whom were FSB officers) are being prosecuted because they provided inside information to the US about GRU’s involvement in the DNC hack.

But it is impossible to identify which specific cyber group or groups were responsible for last year’s Democratic National Committee hack based on technical traces alone, four cyber experts polled by The Bell confirmed. To prove specifically that the GRU was involved, U.S. investigators would have needed inside sources — preferably with access to confidential state matters, one source explained. Mikhailov had that access.

Relations between intelligence agencies working on the cyber front were strained, one of Mikhailov’s acquaintances said. The FSB and GRU compete for funding and Mikhailov felt the FSB carried out cyber tasks more professionally than the GRU, according to one of his acquaintances.

He used to say that “the GRU breaks into servers in a brazen, clumsy, and brutish manner and it interfered with his own work”, the acquaintance said. Moreover “the GRU’s hackers didn’t even try to cover their tracks”.

The report said that Sergei Mikhailov — who was named (but not charged) the Yahoo hack case — shared information on Russian hackers who wouldn’t work with the FSB with western law enforcement agencies though a cut-out named Kimberly Zenz.

Mikhailov had been working closely with Western intelligence agencies since 2010. Report written for Vrublevsky said that Mikhailov had leaked sensitive information “on Russian cyber-criminals, who had refused to cooperate with him, to a U.S. citizen”. More specifically, Mikhailov reportedly handed the U.S. citizen — a woman — information on Russian state-sponsored hacker attacks against Estonia and Georgia in 2007 and 2008.

Burykh says he found that Mikhailov gave the information to Stoyanov, who then passed it on to  Kimberly Zenz  of the U.S. company iDefense Intelligence. From there, it went to the U.S. Department of Defense.

Then there’s this story, reporting that a hacker tied to the Lurk group, Konstantin Kozlovsky, hacked the DNC on behalf of the FSB.

Then there’s this, from Novaya Gazeta, laying out the news.

NG questions — as I do — why this is all coming out now. Of particular interest, it notes that Kozlovsky’s claims were posted in August, but for some reason the hashtags that would have alerted people to the posted claim were not triggering, meaning the information only got noticed (at least in Russia) now.

Interestingly, the first materials on this page were posted back in August of this year. And despite the fact that sensational publications were accompanied by tags # CIB, # FSB, # Dokoutchaev, # Mikhailov # Stoyanov, # hackers, # Kaspersky, the existence of a personal page Kozlovsky in Facebook for some reason became known only in early December.

Here’s the timeline we’re currently being presented with (I’ve made some additions):

April 28, 2015: FSB accesses Lurk servers with Kaspersky’s help.

May 18, 2016: Kozlovsky arrest.

May 19-25, 2016: DNC emails shared with WikiLeaks likely exfiltrated.

November 1, 2016: Date of Kozlovsky confession.

December 5, 2016: Arrest, for treason, of FSB officers.

August 14, 2017: Kozlovsky posts November 1 confession of hacking DNC on Facebook.

November 28, 2017: Karim Baratov (co-defendant of FSB handlers) plea agreement.

December 2, 2017: Kozlovsky’s claims posted on his Facebook page.

Of particular note, the emails exfiltrated from the DNC and shared with WikiLeaks were probably not exfiltrated until the days immediately after Kozlovsky’s arrest.

As NG notes, this all may well be true (though I wonder why Russia is now letting claims it was involved in the DNC hack go public, after claiming it was uninvolved for so long). But the reason it is coming out now is at least as interesting that it is coming out.

Update: I originally said that Mikhailov was charged in the Yahoo hack. He was described in it, but not charged.

55 replies
  1. greengiant says:

    Take a name Kimberly Zenz of the Atlantic Council, why that would be so close to CrowdStrike’s/Atlantic Council’s Dmitri Alperovitch, the #TrumpRussia defender’s favorite mal actor. Timely considering both Trump’s and Assange’s recent fixation/distraction on Clinton.
    Perhaps lost in the scrum is that if there is no proof who hacked the DNC, there is no proof that GOP operatives or Russian hackers did not hack the DNC, and no proof that actors such as DCLeaks, Guccifer 2.0 are actual hackers. The dark net is a source.

    • Silence Hand says:

      Zenz:  “I don’t work for the CIA, I never gave them intelligence and I have never been an agent for any government”.  All technically accurate statements, I’m sure. 

       

  2. orionATL says:

    whatever else, these admissions discredit prez trump’s claims of no russian involvement or that russian involvement is “fake news” . maybe the russkies see trump as the emotionally unstable danger he is. nor do they need him now. their target, clinton, was toast in nov 2016.

  3. Silence Hand says:

    THANK YOU for putting your kleig lights on this.  I think Putin et al.’s proximal goal is to reinforce a narrative in which Russian hacking is simply a matter of routine intelligence collection, independent of any coordination with the Trump campaign.  You know – “Maybe a couple guys got over-excited and freelanced a little, got into the whole Guccifer joke a little too much.  Hey, our bad.  You know, boys will be boys”.   Nothing to see here.

    The dog that didn’t bark is, I think, what’s important here.  Mikhaelov and Stoyanov are kicking back in Lefortovo because of financial hacking shenanigans that significantly pre-date all of this and are unrelated to providing the CIA with information about DNC hacking.  Pretty thin gruel for a “treason” charge.  The Bell’s reconstruction of information flow from Mikhaelov to US IC is pretty convincing, IMO.  Given that Mikhaelov was already under something of a microscope (not sure how much I buy that, btw), how much information would Putin et al. need to conclude that he’s a CIA asset?  Not much.

    Enter Trump et al.  Just how loose do their lips need to be to sink whatever ships we have in FSB/GRU waters?  Who received relevant intel?  What did they know and when did they know it?

    If I had friends in the relevant IC (alas, my ONI buddy just retired), I’d ask them for a quarterly numerical rating (scale of 1 to 5, or some such) of the quality of information on and assets in the Russian IC from summer 2016 to the present.  With the option to demur or state “insufficient data”, of course.

    • Rapier says:

      It should be a very simple point but our, well the US government’s signet, as it used to be called, is totally and absolutely compromised and the entire industry around it is one gigantic counter intelligence black hole. That’s probably due to the very nature of communications today, but still,…. In other words it is a total failure, not to put too fine a point on it. That’s what it looks like outside the bubble, and not profiting from it.

      The whole thing is like a cartoon, Spy vs Spy. Well there are trillions to be made.

       

       

  4. Silence Hand says:

    Also, I think your (NOTE, NOT GRU) statement is crucial.  Again, silent dogs.  It appears that GRU is currently ascendant in Putin’s merry band of pirates.  Which is IMO a Very Bad Thing.

      • lefty665 says:

        FSB/GRU squabbling seems similar to NSA/CIA with CIA in the role of GRU. As you say, it seems unlikely to be material.

      • Silence Hand says:

        Noted, read, and agree.  FSB vs. GRU is a useful framing for Putin et al., and thereby Trump et al.  Appreciate your patience, as I just started metabolizing your work last week.

        Sadly, not everyone has been following for years.  Come the revolution, it shall be mandatory.

  5. Bob In Portland says:

    It’s been months since I posted here. Is there any proof at all about the Russian government hacking the DNC? I mean, real proof, not seventeen agencies relying of three hand-picked experts or that balderdash.

    And are the Russians who are confessing working for Russia or US intelligence?

    Just curious. My article, written back in March and published in early April, still is pretty much right on track. For those readers who understand the Mighty Wurlitzer, it should not be surprising.

    https://caucus99percent.com/content/okeydoke-americans-were-supposed-get

     

  6. Erin McJ says:

    (Slightly OT)
    Marcy, you’ve hinted a couple times that you know more than we do about revelations to come in this sordid Trump-Russia business. If the Mueller investigation is derailed, do you intend to share what it is you know that we don’t? Or do you expect that someone else will?

  7. bt says:

    I have always thought that the Russians did not and do not give a crap about Trump – they know he’s an idiot anyway.

    They did it to weaken the expected Hillary admin and to just generally undermine our process of government and create divisions. Trump was going to be a huge sore looser and I think the Russians would have loved that. Trump  actually winning has not helped Russia at all.

    Seen in this light, it makes a lot of sense for the Russians to slowly torpedo Trump – in fact I have been expecting it from the start. It creates even more chaos, undermines the effectiveness of the government, and, ironically it may be covertly read by some in the USA as a mea culpa for creating such a mess in the first place. (Did we ever apologize to them for Yeltsin? Food for thought.)

    Expect more dirt on Donald from the Russians is my advice.

    • bell says:

      in answer to your question – most americans don’t seem to know enough to even think like that!! they are still dealing with the big bad russia that doesn’t play along with western neo liberalism as they’re supposed to.. rape and pillage regime change? just go along with it…

    • Silence Hand says:

      Dunno.  Completely subjectively, and deriving from Russians I know in wildly different fields:  “too clever for one’s own good” is somehow a mandatory part of the Russian psyche. So I guess maybe they also think they can play a game of 3D chess, as I think you suggest.  Putin certainly now has a slavish following in American far right circles right now.  I don’t think this excludes the possibility that Putin et al. just seek to fuck shit up, but keep their boy Donald Sr. as long as they can.

  8. earlofhuntingdon says:

    Mea culpa?  Never.  But admitting to even a portion of their interference distracts and weakens this president and his exceptionally poorly run government, which has the resilience of a discharged battery.  It furthers distrust of government.  Sadly, it distracts from domestic corruption, such as largely GOP corruption of the voting process.  All good ends to an opponent that wants its opponent and those allied with it off balance and less effective in opposing its interests.

  9. bell says:

    bob in portland.. this is a ‘limited’ hangout… you have to go along with the perpetual bias in order to be part of a conversation….

  10. k says:

    Random theory
    Supposition;
    Demented donnie or member of team (Flynn,Manaford et. al.) outed these agents. Either inadvertantly, as is the rational for revealing Israeli secret to russia in May 9, May 10 oval office meeting, or in an attempt to, what was it, “balance the books”(?)’
    detail;
    The russians have evidence of this betrayal.
    Perhaps a shot across the bow if the demented one wanders to far off of reality.

    Evidence None. Just suppostion.

  11. Bob In Portland says:

    So I guess from the responses here that, no, there is no actual proof of Russians hacking the DNC. Excellent.

    By the way, your dreamboat Mueller was the guy who investigated 9/11 without noticing the Saudis, or the drug angle (the forty-three pounds of heroin coming into Orlando by the guys who were teaching Mo Atta to fly into buildings). Just like he managed not to see the CIA involvement in Panama, moving drugs and money under the watchful eyes of Noriega. Just like back in the 80s he missed the CIA’s involvement with a cocaine ring when he was the federal prosecutor there.

    So let me get this straight. You believe the government claims of Russia hacking the DNC, like you believe that those planes vaporized in PA and DC without leaving a trace. Gotcha.

    I bet after your bon mots you slapped each other on the back and shouted “Heroiam Slava”.

    But thanks for playing, guys. If you can’t pinpoint any proof then there is no proof.

    • orionATL says:

      bob in portland –

      you come across as an ignorant, arrogant son-of-a-bitch, long on your own conspiracy ideas and short on adequate, verifiable factual information that just might backup some of your claims.

      in short, another blowhard troll operating from an obscure anti-agenda.

  12. Bob In Portland says:

    This site seems to have become CIA pornography and the posters left here (I note others have left) are all forming a circle. Enjoy.

    • SpaceLifeForm says:

      Lots lurking. I agree with you, no proof.
      Remember, trolling works. Patience.
      The wheels of Justice grind slow, but grind finely.

      • orionATL says:

        spacelifeform:
        “… Lots lurking. I agree with you, no proof.
        Remember, trolling works. Patience.
        The wheels of Justice grind slow, but grind finely…”

        “remember, trolling works”?

        are you a troll, slf?

        is that what your inarticulate mumbo-jumbo here has been about? if so, i’ve cut you all the slack i’m going to.

        let me explain something –

        trolling works to spread propaganda; trolling works to assert what the troll wishes were true, but for which no evidence is ever produced. that is all it works to accomplish.

        a person with a well-reasoned point of view uses facts. she does not need to hide behind the empty assertions, the sarcasm, and the ever-so-cute put downs of the troll.

        in particular, that person does not need to hide behind calculatedly inarticulate english half-segntences and calculated misinformation.

        • Silence Hand says:

          I would agree with this.  What’s more, I simply don’t see “trolling” a blog like this effectively achieving anything, including lulz.

          • SpaceLifeForm says:

            Do not misunderstand. I am not trolling.
            People in IC are, for very specific objectives.

            When I comment, it is to inform, not troll.

            • Silence Hand says:

              Point taken, I yield. My sense is that some posters are being intentionally obtuse, and this has raised overall hassle index.

  13. bell says:

    i agree with bob and slf… no proof, but endless russian witch hunting… seems to be the flavour de jure at ew..

    • orionATL says:

      bell –

      “… December 13, 2017 at 8:45 pm

      was wondering when the ew bully would arrive, lol…. as per usual – you have nothing relevant to add..”

      “… December 13, 2017 at 9:01 pm

      delete the competition, lol…  that sounds like a bullies style..”

      “…December 13, 2017 at 9:17 pm

      bmaz – competition as in, i have a different voice – one you don’t want to hear… you are a troll here for responding to me with nothing to say.. now go ahead and delete this comment as per the style of the bully i and others know you to be.. you can keep you mouth shut for a change if you have nothing to add, but i doubt you will..”

      bell, nothing demonstrates you both your malintent and your uselessness to discussion at this website like your taunting style. people who care about their argument here do not taunt. they may get” loud” and insistent and persistent, but they never taunt. there would be no reward to them for taunting.

      you taunt, bell. that is the best evidence you do not come in here with good will, arguing your point as real contributors here do.

      for your taunting you richly deserve having your inarticulate ass kicked out of the emptywheel site permanently.

  14. bell says:

    bmaz – competition as in, i have a different voice – one you don’t want to hear… you are a troll here for responding to me with nothing to say.. now go ahead and delete this comment as per the style of the bully i and others know you to be.. you can keep you mouth shut for a change if you have nothing to add, but i doubt you will..

  15. Silence Hand says:

    :Makes popcorn: Seems like kind of an ineffective and out-of-the-way place to fling poo around, but hey, whatever.

    I’m still trying to figure out why this is coming out now, given that there’s no reason for the Russians to do it unless its in their self interest. I guess the minimal explanation is that anything that keeps this affair rolling along is beneficial to them.

    • SpaceLifeForm says:

      Maybe because the media narrative regarding US-RUSSIA IC relations (FBI, FSB) is misdirection?

      http://blogs.reuters.com/great-debate/2013/05/09/the-fbi-russia-connection/

      But an FBI official knowledgeable about the framework established by di Pretoro 19 years ago says that the relationship between the bureau and the Russian services does not vary much with changes in the diplomatic winds. “Our cooperation is at the working level,” this FBI official said, “and it is largely unaffected by political developments or diplomatic relations.

    • Jim White says:

      I don’t wade into the sniping around here very often, but this time I must. bmaz has been my friend for well over a decade. He has one defining characteristic: he will abide no bullshit. Consider that when deciding where you stand with him. We have no designated bully, or for that fact, any other designated roles here. Everyone does what they do for free and in pursuit of truth.

  16. INTEL TODAY says:

    In early March 2017, I posted a story regarding Sergey Mikhailov and the 3 other men accused of treason in Russia.

    See: Inside the Intrigue of ‘Russia’s Cyberattacks’
    https://gosint.wordpress.com/2017/03/04/inside-the-intrigue-of-russias-cyberattacks/

    It seems that the piece published by “The Bell” brings very little new information about this case.

    As I concluded then — and still believe today — it is very unlikely that the story is the whole truth.

    Regards, Intel Today

  17. Bob In Portland says:

    orion, are you an assigned censor? I asked a simple question, which none of you can answer: What proof is there that Russia hacked the DNC?

    The best that the folks here can do is say that I am a troll. Why would I be considered a troll when all I asked for was proof of a very central issue in this whole scandal? Because you can’t answer the question.

    What do I know? I know that the CIA has the power to hack just about anyone, leave a virus (probably invented elsewhere) and then blame someone else for the virus. Vault 7 confirms this but any observer knew this years ago.

    We know what NSA agent Binney and others have said about the speed of the download being impossible over existing internet connections, making the most likely answer being a download, probably to a USB stick inside the office. Whether or not it was done by the guy who was murdered or whether it was a planned okeydoke doesn’t really matter.

    If the hack was done with Russian software was an important point for Crowdstrike was important until someone pointed out that it was actually Ukrainian software, then it wasn’t important. Every accusation seems to melt and another one is put forward.

    So I ask what proof there is that Russia hacked the DNC and the best I get is that three hand-picked experts said so. Here I get the kind of snotty responses that people who don’t have proof give: namecalling.

    So I guess I’ll have to dismiss this website as pretty much useless for getting to the bottom of the CIA/NSA web of lies and deceit.

    And I used to respect this site. My bad.

  18. bell says:

    here’s taunting orion… this was a response from bmaz to me that initiated all those comments you thought worth typing… try to be consistent…
    ” bmaz says:
    December 13, 2017 at 8:35 pm

    Good golly Miss Molly, you agree?? Well, that sounds like competent “evidence”! Can you tell us more?

Comments are closed.