Guccifer 2.0: 5 Fast Facts You Need to Know

Who’s behind the hacking of the nearly 20,000 Democratic National Committee emails and other documents distributed by WikiLeaks? He claims to be a hacktivist known as “Guccifer 2.0,” but Hillary Clinton’s campaign says that’s just a cover story for Russian intelligence.

Deputy Attorney General Rod Rosenstein has now confirmed that, from the U.S. government’s perspective; in a July 12, 2018 press conference, he announced the arrest of 12 Russian operatives and said they operated Guccifer 2.0 to distribute hacked materials, including from Clinton’s campaign and the Democratic National Committee. The indictment alleges the Russians created Guccifer 2.0 after the DNC “publicly announced that it had been hacked by Russian government actors” to falsely claim to “be a lone Romanian hacker to undermine the allegations of Russian responsibility for the intrusion.”

“Beginning in and around June 2016, the Conspirators staged and released tens of thousands of the stolen emails and documents,” the indictment says. “They did so using fictitious online personas, including DC Leaks and Guccifer 2.0.”

Rosenstein said the Russians tried to infiltrate the computers of state boards, secretaries of states and others who administer elections. They work for two units of the main intelligence directorate of the Russian GRU. They engaged in “active cyber operations to influence the 2016 presidential election.” There are 11 criminal allegations and one forfeiture allegation, according to Rosenstein. “The goal of the conspirators was to impact the election,” Rosenstein said. He said there’s no allegation in the indictment as to whether they actually did affect it, labeling that speculative.

“There is no allegation in this indictment that any American citizen committed a crime,” Rosenstein said. “There is no allegation that the conspiracy altered the vote count or changed any election result.”

WikiLeaks denied Russian intelligence was behind the document dump.

Little was known before about the “man” (and he does say he is one) whose hacking may have led to the massive WikiLeaks email dump that provoked the resignation of DNC chair Debbie Wasserman Schultz and derailed the DNC’s focus going into the Democratic National Convention. He’s claimed on Twitter that he’s behind the WikiLeaks dump, although WikiLeaks hasn’t revealed its sources.

Guccifer 2.0 on August 12, 2016 released passwords related to the DNC hack, including Congressional contact lists.

Guccifer 2.0 had a blog, a social media presence, and he’s given one lengthy interview in the past. He’s not the same person as the original Guccifer, a Romanian hacker who is in jail. US officials now say “the emails were hacked from DNC servers in an operation originating in Russia that appeared to be linked to Moscow’s intelligence agency,” according to CNN, and Trump has caused controversy by saying he hoped that Russia could find Clinton’s deleted emails.

The indictment says the Conspirators “posing as Guccifer 2.0” received “a request for stolen documents from a candidate for the U.S. Congress. The Conspirators responded using the Guccifer 2.0 persona and sent the candidate stolen documents related to the candidate’s opponent.” They also sent data to a “then-registered state lobbyist and online source of political news.”

On or about August 15, 2016, the Conspirators, posing as Guccifer 2.0, wrote to a person “who was in regular contact with senior members of the presidential campaign of Donald J. Trump.” They wrote, “thank u for writing back…do u find anyt(h)ing interesting in the docs I posted?”

Here’s what you need to know:

1. Hillary Clinton’s Campaign Thought Guccifer 2.0 Was Really The Russians

Hillary Clinton’s campaign highlighted the Russian claim on CNN’s “State of the Union” when Robby Mook, who runs Clinton’s presidential campaign, told Jake Tapper that “experts” say “Russian state actors broke into the DNC, stole these emails, and other experts are now saying that the Russians are releasing these emails for the purpose of actually helping Donald Trump,” said Cnet.

Trump’s campaign head Paul Manafort faced questions “about his alleged ties to Russia and whether the campaign is any way working with Russian President Vladimir Putin. ‘No,’ Manafort said on ABC. ‘It’s absurd.'”

Major U.S. media had reported before the WikiLeaks document dump that there was evidence that the Russians had penetrated the DNC.

On June 14, 2016, before the WikiLeaks document dump, The Washington Post reported that “Russian government hackers penetrated the computer network of the Democratic National Committee and gained access to the entire database of opposition research on GOP presidential candidate Donald Trump, according to committee officials and security experts.” The Post said that Trump and Republican networks were also compromised but noted that Russian President Vladimir Putin has praised Trump, and said that the Kremlin denied the hack. Motherboard claims that the Russian government created Guccifer 2.0 as a cover story when past hacks were exposed.

However, others believed at the time that people were conflating the previous Russian hack of the DNC and Guccifer 2.0.

On June 20, 2016, a month before the WikiLeaks’ document dump, The Washington Post wrote that “two independent research firms have confirmed an assessment by the Democratic National Committee that its network was compromised by Russian government hackers” and said they used malware analysis and domain name techniques to trace the hacks. The Post said a few days later, “‘Guccifer 2.0’ claimed responsibility for the hack in an apparent attempt to deflect blame from the Russian government.” The Russian-aligned hacking groups were called Cozy Bear and Fancy Bear, said The Post. The Post concluded, “Analysts suspect but don’t have hard evidence that Guccifer 2.0 is, in fact, part of one of the Russian groups who hacked the DNC.”

On July 13, 2016, The Hill wrote that “Guccifer 2.0, the hacker who breached the Democratic National Committee, has released a cache of purported DNC documents to The Hill in an effort to refocus attention on the hack.” Guccifer felt that his early releases were not getting enough media attention, The Hill said. He wrote The Hill, ““The press [is] gradually forget[ing] about me, [W]ikileaks is playing for time and [I] have some more docs.”

The Hill said Guccifer 2.0 “shows a detailed knowledge of American politics seemingly at odds with the backstory provided by the hacker” and added that “Experts have questioned whether Guccifer 2.0 is Romanian or even a single person. Tools used in the attack were matched to Russian intelligence agencies and, when tested, Guccifer 2.0 has struggled to speak in Romanian.”

Defense One magazine says: “On June 14, cybersecurity company CrowdStrike, under contract with the DNC, announced in a blog post that two separate Russian intelligence groups had gained access to the DNC network.” The Russian claim was backed up by details such as hacking groups ceasing operations on Russian holidays and having work hours that aligned with the Russian time zone, said Defense One. The Post noted the timing, saying that Guccifer 2.0 started posting stolen DNC documents the day after the private firm, CrowdStrike, revealed its findings about Russia in a blog. In 2015, U.S. officials accused Russia of hacking into the Pentagon’s Joint Staff unclassified email system, said CNBC.

According to Raw Story, DNC officials told online magazine Motherboard, “Our experts are confident in their assessment that the Russian government hackers were the actors responsible for the breach detected in April, and we believe that the subsequent release and the claims around it may be a part of a disinformation campaign by the Russians.” Raw Story said DNC officials made this claim after previous “investigations” of Guccifer 2.0 and an interview he gave in June.

2. Guccifer 2.0 Had a Website On Which He Claimed He Was From Eastern Europe & Had No Ties to The Russians

On a website run through WordPress, the hacktivist Guccifer 2.0 acknowledged the question, “A lot of people are concerned if I have any links to special services and Russia?” Guccifer 2.0 answered, “I’ll tell you that everything I do I do at my own risk. This is my personal project and I’m proud of it. Yes, I risk my life. But I know it’s worth it. No one knew about me several weeks ago. Nowadays the whole world’s talking about me. It’s really cool!”

The hacktivist said he was “born in Eastern Europe. I won’t answer where I am now. In fact, it’s better for me to change my location as often as possible. I have to hide.” The Hill previously said: “Guccifer 2.0 has claimed to be a Romanian hacker with no strong political leanings.”

He continued, “It seems the guys from CrowdStrike and the DNC would say I’m a Russian bear even if I were a catholic nun in fact. At first I was annoyed and disappointed. But now I realize they have nothing else to say. There’s no other way to justify their incompetence and failure. It’s much easier for them to accuse powerful foreign special services.”

3. Guccifer 2.0 was Not The Same Persona as the Romanian Hacker Known as ‘Guccifer’

The original Guccifer, according to The Hill, Marcel Lehel Lazar, entered a plea deal to cooperate with the U.S. government. He has claimed he broke into Hillary Clinton’s private server, the Hill said, although that was never proven. In May, he agreed to plead guilty to hacking and identity theft, NBC News says.

According to NBC, Lazar was accused by prosecutors of breaking “into the e-mail and social media accounts of roughly 100 Americans, including a former U.S. cabinet member and members of the family of former presidents George W. and George H.W. Bush.” NBC said he is a 44-year-old former taxi driver from Romania whose nickname, Guccifer, is “pronounced GOO-chi-fer” and combines “the style of Gucci and the light of Lucifer.”

In fact, Guccifer 2.0 says “he” was inspired by the Romanian hacker, writing on his blog, “Marcel Lazar is another hero of mine. He inspired me and showed me the way. He proved that even the powers that be have weak points.”

4. Guccifer 2.0 Claimed to Be Inspired by Julian Assange & Edward Snowden & ‘He’ Gave an Interview Once to a Magazine

julian assange

GettyJulian Assange.

On his website, Guccifer 2.0 wrote, “Assange, Snowden, and Manning are the heroes of the computer age. They struggle for truth and justice; they struggle to make our world better, more honest and clear. People like them make us hope for tomorrow. They are the modern heroes, they make history right now.” Assange is WikiLeaks’ founder. Snowden is a former NSA contractor who exposed U.S. surveillance. Bradley Manning is a soldier convicted of espionage.

Guccifer 2.0 gave a June 2016 interview to Motherboard magazine. He had already broken into DNC servers and was leaking documents, although the real damage did not occur until WikiLeaks dumped more than 20,000 DNC emails, and other documents into the public sphere. In the Motherboard interview, Guccifer 2.0 claims: “i’m a hacker, manager, philosopher, women lover. I also like Gucci! I bring the light to people. I’m a freedom fighter! So u can choose what u like!” Read the full interview transcript here.

He again denied being affiliated with Russia, saying, “No because I don’t like Russians and their foreign policy. I hate being attributed to Russia.” He said he hacked the DNC server in summer 2015 and remained inside it until the DNC rebooted its system in June, 2016.

5. Guccifer 2.0 Claimed ‘He’ Targeted The DNC Because The U.S. Election is ‘Exciting’ & ‘He’ Doesn’t Like Hillary But Doesn’t Like Everything About Trump, Either

Guccifer 2.0 writes on his blog that “none of the candidates has my sympathies. Each of them has skeletons in the closet and I think people have a right to know the truth about the politicians.” He called Hillary “false,” saying she “got all her money from political activities and lobbying, she is a slave of moguls, she is bought and sold. She never had to work hard and never risked everything she had. Her words don’t meet her actions. And her collision with the DNC turned the primaries into farce.”

He wrote that he likes that “Donald Trump has earned his money himself. And at least he is sincere in what he says. His position is straight and clear” but says he doesn’t necessarily support Trump because he opposes his “ideas about closing borders and deportation policy. It’s a nonsense, absolute bullshit.”

Guccifer 2.0 wrote that he targeted the DNC in part because the U.S. election is exciting and the hack would make him famous. On his website, he writes, “As for the DNC, first, the U.S. election race is one of the most exciting events that attracts people from all over the world. My hack wouldn’t go unnoticed in any case. And now I have my own fans who put me in a line with Assange and Snowden, so my bet has played I think.”

He said he was able to hack into the DNC servers by exploiting software on their system and then installing “my Trojan like virus on their PCs. I just modified the platform that I bought on the hacking forums for about $1.5k.”