Russian hacker says FSB involved in creation of WannaCry malware
The creation of WannaCry and Lurk malware was supervised by the Russian FSB, according to Konstantin Kozlovsky, a hacker earlier arrested in the Lurk case, the Russian independent news network Dozhd reports.
Russia has previously denied its involvement in the emergence of WannaCry, a virus that attacked hundreds of thousands of computers worldwide.
"The specifics of operations of the so-called Lurk and its modifications, as well as the other software I created, is that both Dokuchaev and those whom he gave access could independently operate on infected objects," Kozlovsky said.
Major FSB Dmitry Dokuchaev was arrested on treason charges in December 2016. At the same time, three more people were arrested – FSB Colonel Sergei Mikhailov, online entrepreneur Georgy Fomchenkov, and a team member at Kaspersky Lab Ruslan Stoyanov.
According to the publication, they are suspected of transferring data on Russian hackers to the U.S. intelligence services (the lawyer of one of the defendants, Ivan Pavlov, did not confirm this information).
Earlier Kozlovsky claimed that Dokuchaev was in charge of the hacking effort against the DNC in the U.S., a scandal which gave birth to a "Russia meddling" investigation. However, Dokuchaev denies knowing Kozlovsky personally.
Read alsoFBI fingerprint software could contain Russian code - mediaKozlovsky also called WannaCry among other "products" hackers had created under the FSB auspices. "When I watched a TV report, where they told about WannaCry, I saw a very similar locker [ransom extortion software]. It was people from my team who made a 'muzzle' for this malware. The 'muzzle' is what is displayed on the computer screen as it becomes locked," Kozlovsky said.
To "test-run" the malware, computer systems were used of Russia’s largest companies, such as Rosneft, Gazprom, Lukoil and Sberbank, according to Kozlovsky.
He says the FSB-supervised hackers employed a new method of spreading ransomware – "to infect a single computer in the corporate network, elevate its privileges, gain access to the administrator's domain and halt the company's activities of any size with a single click."
"The 'test-run' of WannaCry was carried out at Samolet Development," Kozlovsky said. Kozlovsky did not deny charges of embezzlement with the use of Lurk virus, except for thefts from the correspondent accounts of Bank Taatta, Metalloinvest and Grant Invest Bank. "Yes, my structures cashed their funds. However, technically, the embezzlement was carried out by Dokuchaev and his company," Kozlovsky said.
Read alsoBritish military chief warns Russia could cut off internet to NATO countries – mediaThe FSB did not respond to the publication’s request. Kaspersky Lab, which acted as an expert in the Lurk case, refused to comment, but gave references to the research on WannaCry by third-party experts, Symantec and FireEye, with indirect evidence that the hackers behind the distribution of WannaCry are connected with North Korea.