"Guccifer 2.0" is a persona operated by Russian military intelligence (GRU) which claimed to be the hacker(s) that hacked into the Democratic National Committee (DNC) computer network and then leaked its documents to the media, the website WikiLeaks, and a conference event. Some of the documents Guccifer 2.0 released to the media appear to be forgeries cobbled together from public information and previous hacks, which had been salted with disinformation. On July 13, 2018, Special Counsel Robert Mueller indicted 12 GRU agents for allegedly perpetrating the cyberattacks.
The U.S. Intelligence Community concluded that some of the genuine leaks that Guccifer 2.0 has said were part of a series of cyberattacks on the DNC were committed by two Russian intelligence groups. This conclusion is based on analyses conducted by various private sector cybersecurity individuals and firms, including CrowdStrike, Fidelis Cybersecurity, Fireeye's Mandiant, SecureWorks, ThreatConnect, Trend Micro, and the security editor for Ars Technica. The Russian government denies involvement in the theft, and "Guccifer 2.0" denied links to Russia. WikiLeaks founder Julian Assange said that multiple parties had access to DNC emails and that there was "no proof" that Russia was behind the attack. According to various cybersecurity firms and U.S. government officials, Guccifer 2.0 is a persona that was created by Russian intelligence services to cover for their interference in the 2016 U.S. presidential election. In March 2018, Special Counsel Robert Mueller took over investigation of Guccifer 2.0 from the FBI while it was reported that forensic determination had found the Guccifer 2.0 persona to be a "particular military intelligence directorate (GRU) officer working out of the agency’s headquarters on Grizodubovoy Street in Moscow".
On June 21, 2016, in an interview with Vice, "Guccifer 2.0" stated that he is Romanian which is the nationality of Marcel Lehel Lazer, a Romanian hacker who originally used the "Guccifer" pseudonym. On June 30, 2016 and January 12, 2017, "Guccifer 2.0" stated that he is not Russian. However, despite stating that he was unable to read or understand Russian, metadata of emails sent from Guccifer 2.0 to The Hill showed that a predominantly-Russian-language VPN was used. When pressed to use the Romanian language in an interview with Motherboard via online chat, "he used such clunky grammar and terminology that experts believed he was using an online translator."
Some cybersecurity experts have concluded that "Guccifer 2.0" is likely a creation of the Russian state-sponsored hacking groups thought to have executed the attack, invented to cover up Russian responsibility. The cybersecurity firm CrowdStrike, which was hired by the DNC to analyze the data breach, "posits that Guccifer 2.0 could be 'part of a Russian Intelligence disinformation campaign'", i.e., a creation to deflect blame for the theft. Russia has made use of the invention of "a lone hacker or an hacktivist to deflect blame" in the past, deploying this strategy in previous cyberattacks on the German government and the French network TV5Monde. Thomas Rid of King's College London, a cybersecurity expert, states that it is "'more likely than not' that the whole operation, including the Guccifer 2.0 part, was orchestrated by Russian spies." The hackers responsible for the DNC email leak (a group called Fancy Bear by CrowdStrike) seem to have not been working on the DNC's servers on April 15 which in Russia is a holiday in honor of the Russian military's electronic warfare services.
On July 18, 2016, Russian government spokesman Dmitry Peskov denied Russian government involvement in the DNC theft. On July 25, 2016, during an interview with Democracy Now!, Julian Assange, editor in chief of WikiLeaks, said that no one knows WikiLeaks' sources. He adds that "the dates of the emails that [WikiLeaks] published are significantly after all—or all but one, it is not clear—of the hacking allegations that the DNC says have occurred." The same day, Assange told NBC News that "it's what's in the emails that's important, not who hacked them." When asked by NBC News if WikiLeaks might have been used to distribute documents stolen as part of a Russian intelligence operation, Assange replied: "There is no proof of that whatsoever. We have not disclosed our source." Assange said that this was "a diversion that’s being pushed by the Hillary Clinton campaign." Assange in 2012 hosted a program on RT, a Russian state-run news channel. U.S. intelligence analyst Malcolm Wrightson Nance stated that Assange has long disliked Clinton.
The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations. The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts. These thefts and disclosures are intended to interfere with the US election process. Such activity is not new to Moscow—the Russians have used similar tactics and techniques across Europe and Eurasia, for example, to influence public opinion there. We believe, based on the scope and sensitivity of these efforts, that only Russia's senior-most officials could have authorized these activities.
In March 2018, The Daily Beast, citing US government sources, reported that Guccifer 2.0 is in fact a Russian GRU officer, explaining that Guccifer once forgot to use a VPN, leaving IP logs on "an American social media company" server. The IP address was used by US investigators to identify Guccifer 2.0 as "a particular GRU officer working out of the agency’s headquarters on Grizodubovoy Street in Moscow."
Twitter suspended the persona's account, which had been dormant for at least a year and a half, on July 14 for "being connected to a network of accounts previously suspended for operating in violation of our rules."
Computer hacking claims
On July 18, 2016, Guccifer 2.0 provided exclusively to The Hill numerous documents and files covering political strategies, including but not limited to correlating the banks that received bailout funds with Republican Party and Democratic Party donations.
On September 13, 2016, during a conference, an unknown and remote representative of Guccifer 2.0 released almost 700 megabytes (MB) worth of documents from the DNC. Forbes also obtained a copy of those. Still according to Forbes, on September 12, 2016, ahead of that conference, Guccifer posted a public Twitter message in which he confirmed that his representative was legitimate. The Russian government denied any involvement. The DNC, the DCCC, U.S. intelligence officials, and other experts speculated about Russia involvement. NGP VAN, who state they are the "leading technology provider" for the Democratic campaigns, declined to comment on Guccifer 2.0's recent statements.
On October 4, 2016, Guccifer 2.0 released documents and claimed that they were taken from the Clinton Foundation and showed "corruption and malfeasance" there. Security experts quickly determined that the release was a hoax; the release did not contain Clinton Foundation documents, but rather consisted of documents previously released from the DNC and DCCC thefts, data aggregated from public records, and documents that were fabricated altogether as propaganda. Singled out as particularly absurd was the idea that Clinton's team would have actually named a file "Pay for Play" on their own server, as Guccifer 2.0's screenshots of the alleged "hack" show. Former Trump confidant Roger Stone was in contact with Guccifer 2.0 during the campaign.
The Guccifer 2.0 persona went dark just before the U.S. presidential election, and resurfaced on January 12, 2017, following the public release of a dossier by former MI6 agent Christopher Steele asserting that Trump was linked to the Russian intelligence community. The Guccifer 2.0 persona made a blog post denying that they had any relation to the Russian government, and calling the technical evidence suggesting links to the Russian government "a crude fake." In the blog post, Guccifer 2.0 indicated they had gained access to the DNC servers through a vulnerability in their NGP VAN software.
- 2016 Democratic National Committee email leak
- DC Leaks
- Fancy Bear
- Hillary Clinton controversies
- Podesta emails
- 12 Russians indicted in Mueller investigation. CNN.com, July 13, 2018
- Uchill, Joe (2016-07-13). "Guccifer 2.0 releases new DNC docs". The Hill. Retrieved 2016-07-27.
- Joe, Uchill (2016-07-18). "New Guccifer 2.0 dump highlights 'wobbly Dems' on Iran deal". The Hill. Retrieved 2016-07-27.
- Savage, Charlie (July 26, 2016). "Assange, Avowed Foe of Clinton, Timed Email Release for Democratic Convention". NYT. Retrieved August 4, 2016.
- Uchill, Joe (2016-07-22). "WikiLeaks posts 20,000 DNC emails". The Hill. Retrieved 2016-07-24.
- "'Lone Hacker' Claims Responsibility for Cyber Attack on Democrats". NBC News. 2016-06-16. Retrieved 2016-07-27.
- Biddle, Sam (2016-07-22). "New Leak: Top DNC Official Wanted to Use Bernie Sanders's Religious Beliefs Against Him". The Intercept. Retrieved 2016-07-24.
- Cox, Joseph (2016-07-22). "Guccifer 2.0 Claims Responsibility for WikiLeaks DNC Email Dump". Motherboard. Retrieved 2016-07-27.
- Fox-Brewster, Thomas (2016-09-13). "Democrat Hacker Guccifer 2.0 'Appears' At London Show -- Here's What Was Said". Forbes. Retrieved 2016-09-23.
- Vankin, Jonathan (2016-10-04). "READ: Guccifer 2.0 Clinton Foundation Hacked Documents". Heavy.com. Retrieved 2016-10-08.
- Williams, Katie Bo (2016-10-04). "Alleged Guccifer 2.0 hack of Clinton Foundation raises suspicions". The Hill. Retrieved 2016-10-08.
- Gallagher, Sean. "Guccifer 2.0 posts DCCC docs, says they're from Clinton Foundation". Ars Technica. Retrieved 21 October 2016.
- "Spy Agency Consensus Grows That Russia Hacked D.N.C." New York Times. Retrieved July 26, 2016.
- Shieber, Jonathan; Conger, Kate. "Did Russian government hackers leak the DNC emails?". TechCrunch. Retrieved July 26, 2016.
- Rid, Thomas. "All Signs Point to Russia Being Behind the DNC Hack". Motherboard. Retrieved July 25, 2016.
- "Wikileaks posts nearly 20,000 hacked DNC emails online". Providence Journal. July 22, 2016.
- "DNC email leak: Sanders calls for new leader as Clinton camp blames Russia". The Guardian. July 24, 2016.
- "DNC email leak: Russian hackers Cozy Bear and Fancy Bear behind breach". The Guardian. July 26, 2016.
- Dmitri Alperovitch, Bears in the Midst: Intrusion into the Democratic National Committee, Crowdstrike (June 15, 2016).
- Ellen Nakashima, Cyber researchers confirm Russian government hack of Democratic National Committee, Washington Post (June 20, 2016).
- Michael Kan, Russian hackers were behind DNC breach, says Fidelis Cybersecurity, IDG News Service (June 20, 2016).
- SecureWorks Counter Threat Unit Threat Intelligence, Threat Group-4127 Targets Hillary Clinton Presidential Campaign, SecureWorks (June 16, 2016).
- Threatconnect Research Team, Shiny Object? Guccifer 2.0 and the DNC Breach, Threatconnect (June 29, 2016).
- Feike Hacquebord (2017). Two Years of Pawn Storm — Examining an Increasingly Relevant Threat (PDF) (Report). Trend Micro.
This makes it very likely that Guccifer 2.0 is a creation of the Pawn Storm actor group.
- Dan Goodin, "Guccifer" leak of DNC Trump research has a Russian’s fingerprints on it: Evidence left behind shows leaker spoke Russian and had affinity for Soviet era, Ars Technica (June 16, 2016).
- Moscow denies Russian involvement in U.S. DNC hacking, Reuters (June 14, 2016).
- Franceschi-Bicchierai, Lorenzo. "We Spoke to DNC Hacker 'Guccifer 2.0'". Motherboard. VICE News. Retrieved 29 July 2016.
- Franceschi-Bicchierai, Lorenzo (January 12, 2017). "Alleged Russian Hacker 'Guccifer 2.0' Is Back After Months of Silence". Motherboard. VICE News.
- Alex Johnson, WikiLeaks' Julian Assange: 'No Proof' Hacked DNC Emails Came From Russia, NBC News (July 25, 2016).
- Rob Price, Yes, Russia really did hack the Democratic National Committee, Business Insider (June 21, 2016).
- Lorenzo Franceschi-Bicchierai, 'Guccifer 2.0' Is Likely a Russian Government Attempt To Cover Up Their Own Hack, VICE News (June 16, 2016).
- Ackerman, Spencer; Poulsen, Kevin (22 March 2018). "EXCLUSIVE: 'Lone DNC Hacker' Guccifer 2.0 Slipped Up and Revealed He Was a Russian Intelligence Officer". The Daily Beast. Retrieved 23 March 2018.
But on one occasion (...) Guccifer failed to activate the VPN client before logging on. As a result, he left a real, Moscow-based Internet Protocol address in the server logs of an American social media company. (...) Working off the IP address, U.S. investigators identified Guccifer 2.0 as a particular GRU officer working out of the agency’s headquarters on Grizodubovoy Street in Moscow.
- Franceschi-Bicchierai, Lorenzo (2016-06-21). "Here's the Full Transcript of Our Interview With DNC Hacker 'Guccifer 2.0'". Motherboard. VICE News. Retrieved 2016-08-03.
- Guccifer 2.0 (2016-06-30). "FAQ from Guccifer 2.0". GUCCIFER 2.0. Retrieved 2016-07-24.
- McBride, Jessica (2016-07-25). "Guccifer 2.0: 5 Fast Facts You Need to Know". Heavy. Retrieved 2016-07-27.
- Guccifer 2.0 (2017-01-12). "Here I am Again, My Friends!". GUCCIFER 2.0. Retrieved 2017-02-25.
- Joe Uchill, Evidence mounts linking DNC email hacker to Russia, The Hill (July 26, 2016).
- "Russian government hackers penetrated DNC, stole opposition research on Trump". Washington Post. Retrieved 2016-12-14.
- Economist, Staff of (24 September 2016). "Bear on bear". Economist. Retrieved 25 October 2016.
- "Hacker Guccifer 2.0 claims new DNC data leak | Fox News". Fox News. 2016-07-18. Retrieved 2016-07-25.
- Democracy Now! (2016-07-25), EXCLUSIVE: WikiLeaks' Julian Assange on Releasing DNC Emails That Ousted Debbie Wasserman Schultz, retrieved 2016-07-26
- Johnson, Alex (2016-07-25). "Julian Assange: 'No Proof' Hacked DNC Emails Came From Russia". NBC News. Retrieved 2016-07-26.
- J. Clara Chan, WikiLeaks' Julian Assange Denies Russian Role in DNC Hack: 'No Proof Whatsoever', The Wrap (republished on Yahoo News) (July 25, 2016).
- Ellis, Emma Grey. "WikiLeaks Has Officially Lost the Moral High Ground". Wired. Retrieved 13 October 2016.
- "The Julian Assange Show". RT International. Retrieved 2018-06-30.
- Zappone, Chris (14 September 2016). "Wikileaks drops latest Guccifer 2.0 data on Hillary Clinton, DNC, Democrats". Sydney Morning Herald. Retrieved 13 October 2016.
- Joint Statement from the Department of Homeland Security and Office of the Director of National Intelligence on Election Security, U.S. Department of Homeland Security (October 7, 2016).
- "These Messages Show Julian Assange Talked About Seeking Hacked Files From Guccifer 2.0".
Less than an hour after WikiLeaks’s last message... Guccifer 2.0 tweeted that it had handed those documents over.
- Ewing, Philip; Johnson, Carrie (13 July 2018). "Justice Department Charges Russian Cyberspies With Attack On 2016 Election". National Public Radio. Retrieved 13 July 2018.
- Sommerfeldt, Chris (2018-07-14). "Twitter finally suspends Guccifer 2.0 and DCLeaks in light of Mueller indicting 12 Russian agents who used the accounts". San Diego Tribune. Retrieved 2018-07-15.
- Nakashima, Ellen (2016-06-15). "'Guccifer 2.0' claims credit for DNC hack". Washington Post. Retrieved 2016-07-25.
- Mackey, Robert (2016-07-26). "If Russian Intelligence Did Hack the DNC, the NSA Would Know, Snowden Says". The Intercept. Retrieved 2016-07-27.
- Winter, Tom (2016-09-13). "'Guccifer 2.0' releases more DNC docs, including Tim Kaine's cell number". NBCNews.com. Retrieved 2016-09-23.
- Lily Hay Newman, Even a Fake Clinton Foundation Hack and Can Do Serious Damage, Wired (October 7, 2016).
- Borger, Gloria; Korade, Matt. "Trump associate plays down Twitter contact with Guccifer 2.0". CNN.
- Guccifer 2.0 (January 12, 2017). "Here I am Again, My Friends!". Wordpress.