Russian hacker accuses FSB of involvement in the creation of Lurk and WannaCry computer viruses

The creation of the WannaCry and Lurk computer viruses was supervised by employees of the Federal Security Service (FSB) of Russia, said Russian hacker Konstantin Kozlovsky, who was arrested in connection with the Lurk case, reported Dozhd TV.

Russia denied its involvement in the emergence of WannaCry, which infected hundreds of thousands of computers around the world. Nothing was reported about the role of Russian special services in the creation of the Lurk virus as well, which was used to steal 1.2 billion rubles or $20.8 million from Russian banks, the television channel reports.

"The specifics of the operation of the so-called Lurk virus and its modifications, as well as other software I created, are such that both Dokuchayev and those to whom he gave access could have independently interacted with infected objects," Kozlovsky said in an interview for Dozhd.

Kozlovsky was referring to FSB Major Dmitry Dokuchayev, who was arrested in December 2016 on charges of state treason. Three others were arrested with him: FSB colonel Sergey Mikhailov, Internet entrepreneur Georgy Fomchenkov and Kaspersky Labs employee Ruslan Stoyanov. According to Dozhd, they are suspected of transferring data on Russian hackers to US intelligence services. Ivan Pavlov, the lawyer of one of the defendants has not confirmed this information.

Earlier Kozlovsky claimed that Dokuchayev oversaw the hacking of the computer network of the United States Democratic National Committee, which led to the investigation into the "Russian trace" in the presidential elections in the United States. At the same time, Dokuchayev denies knowing Kozlovsky.

During the interview with Dozhd, Kozlovsky also took responsibility for the WannaCry virus that was created under the auspices of the FSB. "When I watched the TV report where they were talking about WannaCry, I saw a locker program [an extortion program] similar to mine. The "muzzle" of this virus was made by people from my group. "Muzzle" is what is displayed on the computer at the moment of blocking," Kozlovsky said.

According to him, computer systems of the largest companies—Rosneft, Gazprom, Lukoil and Sberbank—were used to "try out" the viruses. He claims that FSB-supervised hackers used a new method of spreading the extortionist virus. "Infect one computer in the corporate network, elevate privileges, access the administrator's domain and stop the company's activity of any size by pressing one button."

According to Kozlovsky, the WannaCry test run was held in Samolet Development company. The company responded that " it is using an information security system using information security tools certified by the Russian Federal Security Service and FSTEC of Russia". In 2015, the company survived an attack where 90% of the damage was restored within a day and the remainder was fully restored within three days, the company’s press service said.

Kozlovsky did not reject charges of theft with the help of the Lurk virus, with the exception of thefts from the correspondent accounts of Taatta, Metallinvestbank and Grant Invest Banks. "Yes, my structures cashed out from there, however, technically speaking, Dokuchaev and the company stole from them," Kozlovsky said.

The FSB did not answer Dozhd’s questions. Kaspersky Lab, which provided expertise in the Lurk case, refused to comment but it provided Dozhd with a link to the research of third-party experts on WannaCry. This was a study by Symantec and FireEye that provided indirect evidence that the hackers behind WannaCry's distribution are connected to North Korea.

The WannaCry atack began on May 12. More than 230,000 computers in 150 countries were affected at the time. In Russia, the Ministry of Internal Affairs, the Ministry for Emergency Situations, the Ministry of Health and Russian Railways were attacked.

The President of Microsoft said "with a high degree of confidence" that North Korea was behind the creation of the virus. Later, Google employee Neel Mehta found a link between the WannaCry virus and the North Korean hacker group Lazarus. Russian Kaspersky Lab agreed with this conclusion.

To create the virus, vulnerabilities were used that were discovered by the US National Security Agency, the New York Times noted. These vulnerabilities were stolen by the hacker group Shadow Brokers, which is associated with Russia. In reply to questions about Russia’s possible involvement, Russian President Vladimir Putin claimed that "Russia has absolutely nothing to do with it."

Kozlovsky was arrested in the summer of 2016. Afterwards, the FSB and the Ministry of Internal Affairs reported that they had stopped the activities of 40 hackers from the Lurk group, whom they later found had stolen more than 1.2 billion rubles from the accounts of Russian banks with the help of the same virus.

  computer virus, WannaCry, FSB

Comments