So who is Guccifer 2.0?
We know now, because of a critical slip-up on the hacker’s part, that he was actually an officer of Russia’s military intelligence directorate (GRU), working on Russia’s behalf.
Robert Mueller has brought in the FBI agents who tracked down the Guccifer persona, and they are now part of his team, as he investigates Guccifer’s activities. That’s important to the ongoing Russia probe, and could possibly bring Mueller closer to the Trump circle.
The Daily Beast reports:
Trump’s longtime political adviser Roger Stone admitted being in touch with Guccifer over Twitter’s direct messaging service. And in August 2016, Stone published an article on the pro-Trump-friendly Breitbart News calling on his political opponents to “Stop Blaming Russia” for the hack. “I have some news for Hillary and Democrats—I think I’ve got the real culprit,” he wrote. “It doesn’t seem to be the Russians that hacked the DNC, but instead a hacker who goes by the name of Guccifer 2.0.”
If it wasn’t for the constant defending of Russia by Trump and his associates…
It was about 5 months after this declaration of an innocent Russia, in January 2017 that U.S. intelligence (FBI, NSA, CIA) announced that they’d assessed “with high confidence” that Guccifer 2.0 was just the persona used, along with DCLeaks.com, and with the WikiLeaks assist, to cover for Russian military intelligence (GRU). They didn’t come right out and say Guccifer was actually a Russian officer. They just assessed that this was a persona created by Russian intelligence.
Then comes the kicker:
Guccifer screwed up.
Guccifer 2.0 sprang into existence on June 15, 2016, hours after a report by a computer security firm forensically tied Russia to an intrusion at the Democratic National Committee. In a series of blog posts and tweets over the following seven months—conspicuously ending right as Trump took office and not resuming—the Guccifer persona published a smattering of the DNC documents while gamely projecting an image as an independent Romanian hacktivist who’d breached the DNC on a lark. As Stone’s Breitbart piece demonstrated, Guccifer provided Moscow with a counter-narrative for the election interference.
And it worked well. The hacker said he wasn’t a Russian. He was a lone, mischievous Romanian. Trump loyalist Roger Stone vouched for him.
An interview with Motherboard busted open the “lone Romanian hacker” narrative. Too many inconsistencies. Security experts picked up on those and agreed that this was a ruse.
“Almost immediately various cyber security companies and individuals were skeptical of Guccifer 2.0 and the backstory that he had generated for himself,” said Kyle Ehmke, an intelligence researcher at the cyber security firm ThreatConnect. “We started seeing these inconsistencies that led back to the idea that he was created hastily… by the individual or individuals that affected the DNC compromise.”
Proving that link definitively was harder. Ehmke led an investigation at ThreatConnect that tried to track down Guccifer from the metadata in his emails. But the trail always ended at the same data center in France. Ehmke eventually uncovered that Guccifer was connecting through an anonymizing service called Elite VPN, a virtual private networking service that had an exit point in France but was headquartered in Russia.
They didn’t have all the pieces to the puzzle, but a lucky break opened the door they needed.
But on one occasion, The Daily Beast has learned, Guccifer failed to activate the VPN client before logging on. As a result, he left a real, Moscow-based Internet Protocol address in the server logs of an American social media company, according to a source familiar with the government’s Guccifer investigation. Twitter and WordPress were Guccifer 2.0’s favored outlets. Neither company would comment for this story, and Guccifer did not respond to a direct message on Twitter.
Get Roger Stone to ask him.
U.S. investigators grabbed the I.P. address and were able to identify Guccifer as a “particular GRU officer,” and even tracked him down to an office at the agency’s headquarters on Grizodubovoy Street in Moscow.
Timestamps in Guccifer 2.0’s first leaks show they were packaged for release over the course of a single day in June 2016, beginning just hours after the DNC intrusion and its attribution to Russia were made public. The moniker was an homage to Romanian hacker Marcel Lazăr Lehel, who as “Guccifer” achieved notoriety in 2013 for a string of hacks against celebrities and politicians.
In his inaugural blog post, Guccifer 2.0 disputed Russia’s involvement and claimed credit personally for the DNC breach, positioning himself as a one-time hacking operation working to expose “the Illuminati.” The post included the world’s first glimpse of the enormous cache of documents siphoned from the DNC’s network, including the Democrats’ opposition research report on Trump. Presaging the leaks that would roil the election, Guccifer 2.0 declared that he’d already sent the bulk of the stolen material to WikiLeaks—which has spent the time since obfuscating whether Guccifer was its source.
And yes. WikiLeaks knew the information was coming from Russians, since WikiLeaks is, as U.S. intelligence has determined, just another arm for cyberattacks from the Russians.
WikiLeaks began releasing the emails in July 2016. Trump promoted the leaks at his rallies. Roger Stone worked to defend Russia from blame.
In his Breitbart piece, Stone defended Guccifer 2.0’s narrative of the “lone Romanian hacker.”
“I myself had no contacts or communications with the Russian State, Russian Intelligence or anyone fronting for them or acting as intermediaries for them,” he wrote.
Working Twitter, as well as his blog, Guccifer kept up sporadic coverage of the election. Occasionally contacting journalists with leaked info.
Sometime after its hasty launch, the Guccifer persona was handed off to a more experienced GRU officer, according to a source familiar with the matter. The timing of that handoff is unclear, but Guccifer 2.0’s last blog post, from Jan. 12, 2017, evinced a far greater command of English that the persona’s earlier efforts.
“It’s obvious that the intelligence agencies are deliberately falsifying evidence,” the post read. “In my opinion, they’re playing into the hands of the Democrats who are trying to blame foreign actors for their failure.”
(Contrast that with the language from a June 2016 post: “I made some conclusions from the Marcel’s story and decided not to put all eggs in one basket. Moreover, other cases weren’t so successful and didn’t bring me the glory.”)
Meanwhile, Mueller’s grand jury has already handed down indictments against members of the Russian troll farm. There are 13 Russians and 3 Russian businesses named in the indictments for charges ranging from bank and wire fraud to identity theft.