A sloppy mistake linked Guccifer 2.0 to Russian military intelligence officers, according to a new report. But this was hardly the only mistake the hacker made in his months-long existence.
Image: John Williams RUS/Shutterstock and Wikimedia Commons
When I spoke with Guccifer 2.0, the individual who claimed responsibility for the DNC hack in the early summer of 2016, he claimed to be a “hacker, manager, philosopher, women lover.”
“I also like Gucci! I bring the light to people. I'm a freedom fighter! So u can choose what u like!” the hacker told me in a lengthy Twitter chat, the first interview the hacker gave after he came out of nowhere.
It also seems he forgot to say he was an officer at Russia’s military intelligence directorate, also known as GRU.
That’s according to an anonymous source close to the US government investigation, run by special counsel Robert Mueller, who told The Daily Beast that American investigators have identified two people behind the Guccifer 2.0 persona, both officers of the GRU. The investigators were apparently able to unmask the hacker thanks to one crucial mistake: the hacker forgot to turn on his VPN once, revealing his real IP address, presumably when he used either WordPress or Twitter.
We don't know at this point how the US government was able to link that IP address to specific people. But this kind of precise pinpointed attribution—when it comes from government investigators—shouldn’t surprise anyone. Dutch intelligence officers reportedly infiltrated the computer networks of Russian spies so deep, they were able to literally watch the Russians hacking at their computers through their offices’ CCTV system.
Cybersecurity experts had long come to the conclusion that Guccifer 2.0 was, at the very least, a hired gun; a character created with the only goal of spreading disinformation and confusion about the DNC hack in an attempt to sow distrust in the official attribution against Russia.
Forgetting to turn on a VPN, exposing the real origin of the operation was certainly sloppy. But Guccifer 2.0 was always sloppy.
When he posted stolen documents to prove he really hacked the DNC, Guccifer 2.0 forgot to remove metadata that revealed he used a computer set to Russian language when handling the PDFs. The hacker also used a cracked version of Office 2007 particularly popular in Russia. Throughout his blog posts and Tweets, his English was not not only painfully bad at a grammatical level, but it also didn’t really paint a credible motive or story behind the character.
After we called him out for claiming to be Romanian, Guccifer 2.0 slowly got better. He stopped giving interviews, his posts became more polished, the docs he released didn’t contain any revealing metadata. It was clear, even from the outside, that the operation became more professionalized as the months went by. At the time, we didn’t know how that happened, but The Daily Beast reports that was because an older, more experienced officer took over.
But at that point, in many ways, it was too late.
Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at email@example.com, or email firstname.lastname@example.org
Get six of our favorite Motherboard stories every day by signing up for our newsletter.
- Donald Trump
- Guccifer 2.0
- Robert Mueller
- Information Warfare
- Information Operation