Igor attacks corporate and government networks from the comfort of his…minimalist apartment in Yekaterinburg, Russia. His room is sparsely furnished, adorned only with a small bed next to an office desk and a computer.
On the walls hang posters of LulzSec, his favorite hacking team, a splinter group of Anonymous. “Most of my methods are very easy to learn and not hard at all,” he said. “I became inspired by LulzSec for using the simple attacks like SQL injection and command injection. I still use those methods.” We interviewed him recently, regarding Cozy Bear’s alleged involvement in the 2016 DNC hack.
Igor describes himself as a “cyber security analyst.” “I wanted to make money [with my skills], so I do bug bounties.” As evidence, he offered screenshots from dozens of seemingly happy corporate clients. Essentially, he finds errors and exploitable vulnerabilities in applications and websites, and informs the owners so they can fix the problem with a security patch.
Who are you?
You can call me Igor. I describe myself best as pentester and cyber security analyst by day and hacker by hobby. Sorry English is not my first language.
What exactly do you do for Cozy Bear?
It’s very simple what I’m doing and not even difficult. The first thing what I’m doing is this: I make a list of websites that might be vulnerable to a variety of attacks such as SQL injection. Then I start to use some tools such as PentestBox to look for weakness I can exploit. Last I try to get access to the website’s database and then I’m going to report to my group all the vulnerables that I managed to find.
Were you part of the DNC hack during the U.S. Presidential Election in 2016?
No. I was not part of that hack but I know [other hackers] were involved. They looked for information they could maybe sell on the DNMs (Darknet Markets) and forums like personal information or something like that. Also maybe leak things if they found something embarrassing or things of that nature.
Was the Kremlin or any U.S. Government entity involved?
No I don’t think that. This was not some government operation. It was a money making operation. It’s not like we cared who wins the election but Russians and some Ukrainians have more reason to find damaging emails on the democrats party. Trump isn’t like our friend but he had not sanctioned Russians so he was not really a target.
Do you believe that the Kremlin is waging a propaganda war on social networks like Facebook and Twitter?
No most Russians don’t care about the US government the way your news says. When Russians make these bot accounts for sites like Twitter it is not for political purpose. It is for money. We have people with the sim cards and softwares to make these accounts very fast and cheap. Then they sell them to people in the US and other places that want to sell things online. It isn’t Putin making these accounts. It’s just people have mobile phones and know they can make money making these accounts just like clickfarms and other bot softwares.
The Columbian Post communicated with Igor using PGP encryption that allowed the hacker to remain anonymous. We have taken steps to validate the authenticity of Igor’s statements, but cannot independently verify all of his claims. As always, The Columbian Post does not condone criminal activity.