Guccifer 2.0, the hacker supposedly responsible for hacking into the Democratic National Committee computer network, who claimed to be Romanian, has been outed as working from Moscow, most likely for the Russian foreign military intelligence agency, known as the GRU.
The DNC materials that were sent to Wikileaks and other organisations and exposed details about Hilary Clinton’s presidential campaign and information about how the DNC operated internally.
However, an investigation by The Daily Beast claimed that Guccifer, who had always claimed to be a lone hacker from Romania, despite the scepticism of journalists who had shared web chats with him, made a schoolboy error that gave his, her or their rough identity away.
The report claims that the hacker neglected to switch on the VPN client before logging-on on a single occasion and, as a result, “he left a real, Moscow-based Internet Protocol address in the server logs of an American social media company, according to a source familiar with the government’s Guccifer investigation”.
This IP address was then used by US investigators to connect Guccifer to the Russian foreign military intelligence agency known as GRU, but The Daily Beast’s sources could not identify exactly who the officer was. In addition, while the US government has not yet confirmed the claims, last year US intelligence officers linked Guccifer 2.0 to the agency with “high confidence”.
Kyle Ehmke, an intelligence researcher at cyber security company ThreatConnect, was tasked with leading an investigation into Guccifer’s identity. He told The Daily Beast that his team tried to track the hacker through email metadata, and this led them to a French data centre.
“Almost immediately various cyber security companies and individuals were skeptical of Guccifer 2.0 and the backstory that he had generated for himself,” Ehmke told The Daily Beast.
“We started seeing these inconsistencies that led back to the idea that he was created hastily… by the individual or individuals that affected the DNC compromise,” he added.
Ehmke eventually found that Guccifer was connecting through an anonymising service called Elite VPN, which had an exit point in France, but which was headquartered in Russia. ThreatConnect then tied the IP address, which he mistakenly left in social media logs, to the GRU’s agency headquarters in Moscow.
The finding provides further evidence that Russia attempted to interfere in the US elections, and potentially raises questions about President Trump’s connections to Russia.
It could also play a big part in special counsel Robert Mueller’s investigation into Guccifer 2.0.
Save this article