Guccifer 2.0, the notorious hacker who is alleged to have compromised the computer systems of the Democratic National Committee (DNC) and stolen opposition research on Donald Trump, has accidentally tipped his hand that he was working for Russian intelligence.
Back in 2016, Guccifer 2.0 denied being Russian or working for Russia in online interviews and claimed (somewhat unconvincingly) to come from Romania.
But, as Daily Beast now reports, the so-called “lone hacker” was in fact an officer with Russia’s military intelligence division (GRU).
Why do they say that? Well, it appears that the self-proclaimed independent hacker from Romania may have forgotten to enable his VPN client on one occasion, and “left a real, Moscow-based Internet Protocol address in the server logs of an American social media company, according to a source familiar with the government’s Guccifer investigation.”
That IP address was then tied to the GRU’s headquarters in Moscow.
According to the latest report, the US government believes that at some point Guccifer 2.0’s activities were taken over by a GRU officer with more experience. This has been speculated on before after it was observed that whoever was working behind the Guccifer 2.0 moniker had stopped making so many sloppy mistakes, and appeared to have turned into a more professional leaker of information.
Robert Mueller, who is heading the probe into possible collusion between Donald Trump’s presidential campaign and Russia, is said to have brought FBI agents who investigated Guccifer 2.0 onto his team. The news of Guccifer’s link to Moscow is unlikely to dampen the belief that Russia attempted to interfere in the US election, and will raise more questions about possible connections between the Trump campaign and Russia.
Attributing attacks reliably is notoriously difficult, but it turns out it’s even harder to opsec properly. Whether you’re a good guy or a bad guy, if you care about your privacy online don’t do something careless like forget to turn your VPN on.
Actually, Mueller is heading the probe into overseeing the investigation into Russian tampering in the 2016 presidential election, not specifically "collusion between Donald Trump’s presidential campaign and Russia".
GRUccifer? :-)
1. Unlikely they'd have a point of origin for ops being their HQ.
2. Unlikely a Russian intelligence agency would use a Russian VPN to conceal their origin.
3. I guess they didn't enable anonymization routing either then? (eg. no ToR, etc?!)
4. Article claims individual GRU officer identified from this but if all that was revealed was the agency's HQ IP address… how would that have worked?
Now let's look at the evidence substantiating the claim… oh… wait… there isn't any… it's a rumor from someone only willing to make assertions on condition of being unaccountable.