Guccifer 2.0, the “lone hacker” who took credit for providing WikiLeaks with stolen emails from the Democratic National Committee, was in fact an officer of Russia’s military intelligence directorate (GRU), The Daily Beast has learned. It’s an attribution that resulted from a fleeting but critical slip-up in GRU tradecraft.
…Trump’s longtime political adviser Roger Stone admitted being in touch with Guccifer over Twitter’s direct messaging service. And in August 2016, Stone published an article on the pro-Trump-friendly Breitbart News calling on his political opponents to “Stop Blaming Russia” for the hack. “I have some news for Hillary and Democrats—I think I’ve got the real culprit,” he wrote. “It doesn’t seem to be the Russians that hacked the DNC, but instead a hacker who goes by the name of Guccifer 2.0.”
Five months later, in January 2017, the CIA, NSA, and FBI assessed “with high confidence” that “Russian military intelligence (General Staff Main Intelligence Directorate or GRU) used the Guccifer 2.0 persona and DCLeaks.com to release US victim data.”
…“Almost immediately various cyber security companies and individuals were skeptical of Guccifer 2.0 and the backstory that he had generated for himself,” said Kyle Ehmke, an intelligence researcher at the cyber security firm ThreatConnect. “We started seeing these inconsistencies that led back to the idea that he was created hastily… by the individual or individuals that affected the DNC compromise.”
…Guccifer was connecting through an anonymizing service called Elite VPN, a virtual private networking service that had an exit point in France but was headquartered in Russia.
…But on one occasion, The Daily Beast has learned, Guccifer failed to activate the VPN client before logging on. As a result, he left a real, Moscow-based Internet Protocol address in the server logs of an American social media company, according to a source familiar with the government’s Guccifer investigation.
…U.S. investigators identified Guccifer 2.0 as a particular GRU officer working out of the agency’s headquarters on Grizodubovoy Street in Moscow.
…Guccifer 2.0 maintained a sporadic online presence throughout the election, posting to his dedicated WordPress blog and on Twitter, and spilling more DNC documents, sometimes in private emails to journalists.
…Guccifer 2.0 reached down the ballot as well, posting documents from the Democrats’ national campaign committee on his WordPress blog. There, readers could find internal Democratic candidate assessments relevant to battleground states like Pennsylvania and Florida; internal assessments of key congressional districts, with granular analyses of their demographics; and campaign recruitment material.
…Sometime after its hasty launch, the Guccifer persona was handed off to a more experienced GRU officer, according to a source familiar with the matter. The timing of that handoff is unclear, but Guccifer 2.0’s last blog post, from Jan. 12, 2017, evinced a far greater command of English that the persona’s earlier efforts.
…“The attribution of Guccifer 2.0 as an officer of Russia’s largest foreign intelligence agency brings the investigation closer to the Kremlin’s doorstep—and to Trump himself.”