More Evidence Ties Alleged DNC Hacker Guccifer 2.0 To Russian Intelligence

An anonymous reader shares a report: It may be a while since you've heard the handle "Guccifer 2.0," the hacker who took responsibility for the infamous DNC hack of 2016. Reports from the intelligence community at the time, as well as common sense, pegged Guccifer 2.0 not as the Romanian activist he claimed to be, but a Russian operative. Evidence has been scarce, but one slip-up may have given the game away. An anonymous source close to the U.S. government investigation of the hacker told the Daily Beast that on one single occasion, Guccifer 2.0 failed to log into the usual VPN that disguised their traffic. As a result, they left one honest IP trace at an unnamed social media site.

That IP address, "identified Guccifer 2.0 as a particular GRU officer working out of the agency's headquarters on Grizodubovoy Street in Moscow," the Daily Beast reported. (The GRU is one of the Russia's security and intelligence organs.) Previous work by security researchers had suggested this, but it's the first I've heard of evidence this direct. Assuming it's genuine, it's a sobering reminder of how fragile anonymity is on the internet -- one click and the whole thing comes crashing down.

unnamed social media site

no wonder reddit wont cough up the logs

Anonymous source...

[NuclearCat]

Yes, we should believe. I rather prefer to believe detailed technical reports like EFF do, with all details, than this bullshit with "well informed anonymous sources" that often turns to be "our imagination".

Bad news for Roger Stone

[bigtech]

who has admitted contact with Guccifer 2.0 during the campaign.

local hack = Seth Rich

Uploaded at 22MB/sec (capital B), or so goes the narrative. That's a nice upload circuit. Why is is suspiciously close to the expected transfer rate of a USB2 drive? Gee I wonder.

IP addresses mean jack shit

[Opportunist]

Every newbie hacker knows how to reroute his traffic or even (in some cases) make it appear to come from somewhere else. You just claim a "professional hacker" can't pull off what any scriptkiddy manages to do? Masking your IP address is hacking 101.

Please. Give me better evidence than that. Quite bluntly, if I wanted to send you on a wild goose chase, I'd make sure to include one such "blunder".

Re:IP addresses mean jack shit

[roccomaglio]

It seems amazing that the GRU internet access would have IPs pointing back to them. The end point of their network would be set to something innocuous by default. This would be done be done at the network level, so it would be impossible to screw up and give your real ip. This is equivalent to "the professional assassin slipped up and left his passport on top of the victim".

Re:IP addresses mean jack shit

[CaptainDork]

I think most of us have fucked up on occasion.

Re:IP addresses mean jack shit

How easy is masking your IP address as a particular GRU officer working out of the agency’s headquarters on Grizodubovoy Street in Moscow?

"Guccifer 2.0 sprang into existence on June 15, 2016, hours after a report by a computer security firm forensically tied Russia to an intrusion at the Democratic National Committee. In a series of blog posts and tweets over the following seven months—conspicuously ending right as Trump took office and not resuming—the Guccifer persona published a smattering of the DNC documents while gamely projecting an image as an independent Romanian hacktivist who’d breached the DNC on a lark.

Motherboard conducted a devastating interview with Guccifer that exploded the account’s claims of being a native Romanian speaker. Based on forensic clues in some of Guccifer’s leaks, and other evidence, a consensus quickly formed among security experts that Guccifer was completely notional.

“Almost immediately various cyber security companies and individuals were skeptical of Guccifer 2.0 and the backstory that he had generated for himself,” said Kyle Ehmke, an intelligence researcher at the cyber security firm ThreatConnect. “We started seeing these inconsistencies that led back to the idea that he was created hastily by the individual or individuals that affected the DNC compromise.”

Proving that link definitively was harder. Ehmke led an investigation at ThreatConnect that tried to track down Guccifer from the metadata in his emails. But the trail always ended at the same data center in France. Ehmke eventually uncovered that Guccifer was connecting through an anonymizing service called Elite VPN, a virtual private networking service that had an exit point in France but was headquartered in Russia.

But on one occasion, The Daily Beast has learned, Guccifer failed to activate the VPN client before logging on. As a result, he left a real, Moscow-based Internet Protocol address in the server logs of an American social media company, according to a source familiar with the government’s Guccifer investigation. Twitter and WordPress were Guccifer 2.0’s favored outlets. Neither company would comment for this story, and Guccifer did not respond to a direct message on Twitter.

Working off the IP address, U.S. investigators identified Guccifer 2.0 as a particular GRU officer working out of the agency’s headquarters on Grizodubovoy Street in Moscow. (The Daily Beast’s sources did not disclose which particular officer worked as Guccifer.)"

Re:IP addresses mean jack shit

[alvinrod]

I don't necessarily buy into all of this myself, but why do people tend to treat the government and its operatives as infallible masterminds? If they were so capable in these regards, why is so much else a complete cluster fuck?

Even if you want to argue that the intelligence organizations are not staffed by your typical rank and file idiots, highly skilled, very intelligent people are still capable of making mistakes. Even though the odds of those are quite small by themselves, doing something enough times makes it likely to have slipped up somewhere.

Re:IP addresses mean jack shit

[jeff4747]

Making their external IP appear to be an innocuous business wouldn't help much. It would not take long to notice a whole lot of attacks are coming from that innocuous IP and figure out it's not so innocuous. And probably not that hard to tie it back to the GRU by correlating the attacks with other information.

VPNs let them change their IP far more frequently, preventing that correlation. Now, they should have configured their system to automatically connect to the VPN and refuse to send all packets that don't go on the VPN. But there's a practical angle to that too - they would not be able to use that system for anything but attacks. That's kinda inconvenient and requires one "attack" system and one "be able to access all the data I need to carry out the attack" system. So there would be some pressure to just have a software VPN the operator toggles on and off.

And this incident would seem to indicate the potential pitfalls of that. One mistake out of presumably lots of attacks is a pretty good error rate.

Re:IP addresses mean jack shit

[barc0001]

> If you'll believe some anonymous US intelligence source that, contrary to the findings of many courts in copyright infringement lawsuits, an IP address uniquely identifies a person, I have a bridge to sell you. And a prime island in New York City, only occupied by one rather large green lady.

Cool, will you throw in Coney Island too? I've always wanted an amusement park.

Nobody with a brain would correlate IP = person. However let's assume this is US intelligence source is correct that Guccifer had activity tied to him linked to an IP belonging to the GRU in Moscow. Even if he's some pasty white kid in Colorado living in a ski shack, it's pretty damn odd that would happen. False flag op by Guccifer? "Sure, let's try tying my identity to the one thing that would discredit all this work I've done with Roger Stone and get the intelligence community's attention, that seems like an excellent plan"

Never attribute to malice/cleverness that which can be adequately explained by mistake or stupidity.

Re:IP addresses mean jack shit

[jeff4747]

And yet the NSA's "toolkit" is public. There would be a dozen safeguards to prevent that from leaking.....

Re:DNC Hacker

[GrumpySteen]

Trump's lead lawyer resigned yesterday and four other top law firms refused to represent him.

1 kevin bacon from Trump himself

Trump, stone, GRU, DNC. no other cutouts.
Not just communicating, which might be casual, but also being the first (we know of) to know what's in the wikileaks data ahead of time.

Re: 1 kevin bacon from Trump himself

[Comboman]

The same reason the news media doesn't talk about all the bribes the Bushes accepted from the Saudi government. It's yesterday's news. There's a new ass-clown in charge who make all the previous ass-clowns look saintly in comparison.

Re:DNC Hacker

[burtosis]

Trump dosent need those dotards. He is now going to represent himself and testify in front of Mueller. I was losing faith in him, but with this it is restored.

You and I will never know

[some+old+guy]

The professional excellence and utter dishonesty of both the Russian state intelligence apparatus and the American deep state make any informed, verifiable determination impossible. The spooks and their masters are pretty damned good at their obfuscation and disinformation games.

Rather than hitch oneself to a favorite political or ideological bandwagon, I prefer to adhere to a finely-crafted and well-tuned cynicism that demands treating this and every other spy versus spy story as low comedy.

It makes for passable diversion as I read such stories while comfortably relaxing in Diogenes' pithos.

Re: DNC Hacker

[Reverend+Green]

I wouldn't exactly describe a gaggle of attorneys who feel themselves professionally inadequate to represent the President as a "top" law firm.

It's not unbelievable

[rsilvergun]

Russia has a long history of telegraphing their intentions.

What I'm saying is that Putin doesn't respect us. And given the results of the last election it's getting harder to argue with the man. Literally as well as figuratively.

Verify it yourself

The other part of the story you can check for yourself. i.e. that he was handed off to another agent who speaks much better English. There you have a verifiable item by reading the early and late Guccifer comments, and it passes a quick sanity check.

But also "anonymous sources" seem to be nearly 100% accurate when it comes to Trumps stuff and the WH 100% INaccurate. Remember "Trump plans to sack US HR McMaster", remember all the denials from the Whitehouse? and guess what, he's sacked. It was so well known as true, that it barely registered as news.

And the Steele dossier, I think even the Fox news lying heads know that's real, this guys resignation email hit hard because it was true, if it was false it wouldn't have affected them:

"As a Russia analyst for many years, it also has appalled me that hosts who made their reputations as super-patriots and who, justifiably, savaged President Obama for his duplicitous folly with Putin, now advance Putin's agenda by making light of Russian penetration of our elections and the Trump campaign. Despite increasingly pathetic denials, it turns out that the "nothing-burger" has been covered with Russian dressing all along. And by the way: As an intelligence professional, I can tell you that the Steele dossier rings true--that's how the Russians do things.. The result is that we have an American president who is terrified of his counterpart in Moscow."

That's 100% true, and Fox are 100% sacks of lying shits who'd sell out their country for their sponsor. Hannity you are a fucking lying sack of Putin shit.

Re:Verify it yourself

100% true, eh? I guess it's just as true as when President Obama mocked then-candidate Mitt Romney for calling out Russia at the debate -- followed by all of the talking heads also mocking Romney and applauding Obama's awareness? It's almost as if the talking heads for either party on the media networks try to support their favored candidate. Nope, that must not be it though because the other mainstream media sources are all Democrat-favoring and thus must be 100% factual. They would never stoop so low as to prefer one candidate and ignore facts.

Either Russia is a problem or it's not. I personally think that Russia is a problem. They actively help our enemies and behave as an enemy, which makes them -- wait for it -- an enemy. But you have to be realistic about their capabilities.

Pretending that Russia is the Boogeyman helps no one except Russia. Russia went overnight from being a joke, to a genius superpower with their ability to manipulate over 62 million voters with $100,000. Or it was the racists voting against the other white candidate (but who couldn't bring themselves out to vote against the black candidate). Only those two reasons could explain Trump winning the election. There's no such thing as people voting along party lines or absolutely hating the other candidate enough to vote.

Let's assume for a moment that the Steele dossier is completely true. Trump is blackmailable by the Russians, ignoring now all of that information is in the open. Now, let's flip it around onto Hillary, the Secretary of State during Obama's first term who famously announced the great reset. Follow that up with the fact that there is a line of money directly (I won't call it a bribe or payoff for the sake of argument) connecting Hillary's decision to signing off on the sale of Uranium One to Russia. Why pretend that her past behavior with Russia, which was an inability to negotiate with them at best or downright selling us out at worst, would be somehow superior to Trump? Why pretend that Russia somehow preferred Trump to Hillary given their past, very real ability to get what they want from her? Trump has literally allowed the killing of Russians in Syria, which is something that Obama was literally too afraid to do with his infamous line in the sand and Hillary has proven to be a lot more like Obama than Trump.

As for the White House denying reports that they are replacing people -- that is literally the exact same thing as any business or other government office. You cannot confirm reports that someone is going to be let go before the person has been let go. Only the most naive person can assume anything else. The same thing just happened with now-Former Deputy Director McCabe before he was fired -- the DoJ denied everything until it finally happened (leaks still happened though).

Re:DNC Hacker

[cascadingstylesheet]

Trump dosent need those dotards. He is now going to represent himself and testify in front of Mueller. I was losing faith in him, but with this it is restored.

Har de har ...

Yeah, he might be doomed this time ... what is this, like the 500th time he's been doomed?

Or, you might be Wile E Coyote ... with your can't fail Acme thing about to fall on your head, again. We'll see.

My money's on the anvil, just from the track record so far ...

Re:Because we don't want a hostile foreign power

[cresdon]

Interesting. Do you have a source for this tidbit? The DNC hack was detected by federal organizations, advice and assistance was offered, but declined by the DNC at the time. As I recall, the RNC was similarly attacked, but when advice and assistance was offered, it was accepted and the impact was mitigated. In the after-attack analysis, the DNC chose to send their hacked server to a private firm for analysis, corrupting any evidence federal agencies could gleen from the DNC server.

Re:Because we don't want a hostile foreign power

[farble1670]

Hillary consciously choose to eschew secure federal email and instead contracted a consultant to arrange a private server for all work-related emails - care to argue her private server was more secure than the State Department's servers?

Hi, Hilary Clinton is no longer running for president. You'll have to find a new bogeyman in your attempts to distract the US populace from the actual, present dangers facing us.