Guccifer 2.0 was the online fictional persona carefully crafted by Russian intelligence as part of a major operation to hack the Hillary Clinton campaign and DNC and disseminate the materials, a new U.S. government indictment alleges.
The indictment alleges the Russians created Guccifer 2.0 after the Democratic National Committee “publicly announced that it had been hacked by Russian government actors” to falsely claim to “be a lone Romanian hacker to undermine the allegations of Russian responsibility for the intrusion.”
The indictment, which you can read later in this article, charges 12 Russian operatives with trying to influence the 2016 presidential election with a major hacking scheme. It says that the conspirators hacked into the computer networks of the Democratic Congressional Campaign Committee, the Democratic National Committee, and covertly monitored the computers of dozens of DCCC and DNC employees, implanting malicious computer code and stealing emails.
Guccifer 2.0 had already broken into DNC servers and was leaking documents, although the real damage did not occur until WikiLeaks dumped more than 20,000 DNC emails, and other documents into the public sphere during the height of the 2016 presidential election. Little was known about the “man” whose hacking may have led to the massive WikiLeaks email dump that provoked the resignation of DNC chair Debbie Wasserman Schultz and derailed the DNC’s focus going into the Democratic National Convention. He claimed on Twitter that he was behind the WikiLeaks dump, although WikiLeaks hasn’t revealed its sources.
The indictment alleges that the Russian group also hacked the email accounts of volunteers and employees of Hillary Clinton’s presidential campaign.
“Beginning in and around June 2016, the Conspirators staged and released tens of thousands of the stolen emails and documents,” the indictment says. “They did so using fictitious online personas, including DC Leaks and Guccifer 2.0.” The conspirators also used the Guccifer 2.0 to release additional stolen documents through a website the indictment lists only as Organization 1, that had previously published documents stolen from U.S. persons, entities and the U.S. government, the indictment alleges.
The indictment says the Conspirators “posing as Guccifer 2.0” received “a request for stolen documents from a candidate for the U.S. Congress. The Conspirators responded using the Guccifer 2.0 persona and sent the candidate stolen documents related to the candidate’s opponent.” They also sent data to a “then-registered state lobbyist and online source of political news.”
On or about August 15, 2016, the Conspirators, posing as Guccifer 2.0, wrote to a person “who was in regular contact with senior members of the presidential campaign of Donald J. Trump.” They wrote, “thank u for writing back…do u find anyt(h)ing interesting in the docs I posted?” Former Trump adviser Roger Stone has said he communicated with Guccifer 2.0 but characterized it as benign and says he passed nothing from Guccifer to the Trump campaign or Trump. You can see a screen shot of the communications here.
Here’s what you need to know about “Guccifer 2.0”:
1. Hillary Clinton’s Campaign Suspected Guccifer 2.0 Was Really The Russians
Robby Mook, who runs Clinton’s presidential campaign, told CNN’s Jake Tapper during the presidential election that “experts” say “Russian state actors broke into the DNC, stole these emails, and other experts are now saying that the Russians are releasing these emails for the purpose of actually helping Donald Trump.”
Trump’s campaign head Paul Manafort faced questions “about his alleged ties to Russia and whether the campaign is any way working with Russian President Vladimir Putin. ‘No,’ Manafort said on ABC. ‘It’s absurd.'”
Major U.S. media had reported before the WikiLeaks document dump that there was evidence that the Russians had penetrated the DNC.
Guccifer 2.0 on August 12, 2016 released passwords related to the DNC hack, including Congressional contact lists.
On June 14, 2016, before the WikiLeaks document dump, The Washington Post reported that “Russian government hackers penetrated the computer network of the Democratic National Committee and gained access to the entire database of opposition research on GOP presidential candidate Donald Trump, according to committee officials and security experts.” The Post said that Trump and Republican networks were also compromised but noted that Russian President Vladimir Putin has praised Trump, and said that the Kremlin denied the hack. Motherboard claims that the Russian government created Guccifer 2.0 as a cover story when past hacks were exposed.
However, at the time, some believed that people were conflating the previous Russian hack of the DNC and Guccifer 2.0.
On June 20, 2016, a month before the WikiLeaks’ document dump, The Washington Post wrote that “two independent research firms have confirmed an assessment by the Democratic National Committee that its network was compromised by Russian government hackers” and said they used malware analysis and domain name techniques to trace the hacks. The Post said a few days later, “‘Guccifer 2.0’ claimed responsibility for the hack in an apparent attempt to deflect blame from the Russian government.” The Russian-aligned hacking groups were called Cozy Bear and Fancy Bear, said The Post. The Post concluded, “Analysts suspect but don’t have hard evidence that Guccifer 2.0 is, in fact, part of one of the Russian groups who hacked the DNC.”
On July 13, 2016, The Hill wrote that “Guccifer 2.0, the hacker who breached the Democratic National Committee, has released a cache of purported DNC documents to The Hill in an effort to refocus attention on the hack.” Guccifer felt that his early releases were not getting enough media attention, The Hill said. He wrote The Hill, “The press [is] gradually forget[ing] about me, [W]ikileaks is playing for time and [I] have some more docs.”
On July 13, 2018, Deputy Attorney General Rod Rosenstein, who is in charge of the Russia investigation because of AG Jeff Sessions’ recusal, said the Russians tried to infiltrate computers of state boards, secretaries of states and others who administer elections. They work for two units of the main intelligence directorate of the GRU. They engaged in “active cyber operations to interview in the 2016 presidential election.” There are 11 criminal allegations and one forfeiture allegation.
The indicted Russians were named as: Viktor Borisovich Netyksho, Boris Alekseyevich Antonov, Dmitriy Sergeyevich Badin, Ivan Sergeyevich Yermakov, Aleksey Viktorovich Lukahsev, Sergey Aleksandrovich Morgachev, Nikolay Yuryevich Kozachek, Pavel Vyacheslavovich Yershov, Artem Andreyevich Malyshev, Aleksandr Vladimirovich Osadchuk, Aleksey Aleksanderovich Potemkin, and Anatoliy Sergeyevich Kovalev.
2. Guccifer 2.0 Had a Website On Which He Claimed He’s From Eastern Europe & Had No Ties to The Russians
On a website run through WordPress, the hacktivist Guccifer 2.0 acknowledged the question, “A lot of people are concerned if I have any links to special services and Russia?” Guccifer 2.0 answered, “I’ll tell you that everything I do I do at my own risk. This is my personal project and I’m proud of it. Yes, I risk my life. But I know it’s worth it. No one knew about me several weeks ago. Nowadays the whole world’s talking about me. It’s really cool!”
The hacktivist said he was “born in Eastern Europe. I won’t answer where I am now. In fact, it’s better for me to change my location as often as possible. I have to hide.” The Hill previously said: “Guccifer 2.0 has claimed to be a Romanian hacker with no strong political leanings.”
He continued, “It seems the guys from CrowdStrike and the DNC would say I’m a Russian bear even if I were a catholic nun in fact. At first I was annoyed and disappointed. But now I realize they have nothing else to say. There’s no other way to justify their incompetence and failure. It’s much easier for them to accuse powerful foreign special services.”
During the presidential election, The Hill reported that Guccifer 2.0 “shows a detailed knowledge of American politics seemingly at odds with the backstory provided by the hacker” and added that “Experts have questioned whether Guccifer 2.0 is Romanian or even a single person. Tools used in the attack were matched to Russian intelligence agencies and, when tested, Guccifer 2.0 has struggled to speak in Romanian.”
Defense One magazine says: “On June 14, cybersecurity company CrowdStrike, under contract with the DNC, announced in a blog post that two separate Russian intelligence groups had gained access to the DNC network.” The Russian claim was backed up by details such as hacking groups ceasing operations on Russian holidays and having work hours that aligned with the Russian time zone, said Defense One. The Post noted the timing, saying that Guccifer 2.0 started posting stolen DNC documents the day after the private firm, CrowdStrike, revealed its findings about Russia in a blog. In 2015, U.S. officials accused Russia of hacking into the Pentagon’s Joint Staff unclassified email system, said CNBC.
According to Raw Story, DNC officials told online magazine Motherboard, “Our experts are confident in their assessment that the Russian government hackers were the actors responsible for the breach detected in April, and we believe that the subsequent release and the claims around it may be a part of a disinformation campaign by the Russians.” Raw Story said DNC officials made this claim after previous “investigations” of Guccifer 2.0 and an interview he gave in June.
Rosenstein said in his July 13, 2018 press conference: “There is no allegation in this indictment that any American citizen committed a crime. There is no allegation that the conspiracy altered the vote count or changed any election result.”
One Russian unit stole information and the other disseminated the stolen information, said Rosenstein. They used a scheme known as “spearfishing,” by tricking users into disclosing their passwords. They also hacked into networks and installed malicious software. They accessed information of a U.S. presidential candidate, a Congressional campaign committee, and a national political committee. They planted malicious computer code and stole emails and other documents. They created fictitious personas including Guccifer 2.0 and DC Leaks. Both were created and controlled by the Russian GRU, Rosenstein said.
They corresponded with Americans but there’s no information the Americans knew who they were talking to.
This is all the U.S. Justice Department said in the announcement of the surprise press conference: “Today at 11:45AM ET: Deputy Attorney General Rod Rosenstein will hold a press conference for a law enforcement announcement. Watch live,” Justice wrote in a tweet. Justice also tweeted a link to this live video website.
3. There Was a Different Romanian Hacker Known as ‘Guccifer’
The original Guccifer, according to The Hill, Marcel Lehel Lazar, entered a plea deal to cooperate with the U.S. government. He has claimed he broke into Hillary Clinton’s private server, the Hill said, although that was never proven. In May, he agreed to plead guilty to hacking and identity theft, NBC News says.
According to NBC, Lazar was accused by prosecutors of breaking “into the e-mail and social media accounts of roughly 100 Americans, including a former U.S. cabinet member and members of the family of former presidents George W. and George H.W. Bush.” NBC said he is a 44-year-old former taxi driver from Romania whose nickname, Guccifer, is “pronounced GOO-chi-fer” and combines “the style of Gucci and the light of Lucifer.”
The original Guccifer and Guccifer 2.0 are different.
In fact, Guccifer 2.0 says he was inspired by the Romanian hacker, writing on his blog, “Marcel Lazar is another hero of mine. He inspired me and showed me the way. He proved that even the powers that be have weak points.”
4. Guccifer 2.0 Said ‘He’ Was Inspired by Julian Assange & Edward Snowden & He Gave an Interview Once to a Magazine
On his website, Guccifer 2.0 writes, “Assange, Snowden, and Manning are the heroes of the computer age. They struggle for truth and justice; they struggle to make our world better, more honest and clear. People like them make us hope for tomorrow. They are the modern heroes, they make history right now.” Assange is WikiLeaks’ founder. Snowden is a former NSA contractor who exposed U.S. surveillance. Bradley Manning is a soldier convicted of espionage.
Guccifer 2.0 gave a June 2016 interview to Motherboard magazine. In the Motherboard interview, Guccifer 2.0 claims: “i’m a hacker, manager, philosopher, women lover. I also like Gucci! I bring the light to people. I’m a freedom fighter! So u can choose what u like!” Read the full interview transcript here.
He again denied being affiliated with Russia, saying, “No because I don’t like Russians and their foreign policy. I hate being attributed to Russia.” He said he hacked the DNC server in summer 2015 and remained inside it until the DNC rebooted its system in June, 2016.
5. Guccifer 2.0 Said ‘He’ Targeted The DNC Because The U.S. Election is ‘Exciting’ & He Doesn’t Like Hillary But Doesn’t Like Everything About Trump, Either
Guccifer 2.0 wrote on “his” blog that “none of the candidates has my sympathies. Each of them has skeletons in the closet and I think people have a right to know the truth about the politicians.” He called Hillary “false,” saying she “got all her money from political activities and lobbying, she is a slave of moguls, she is bought and sold. She never had to work hard and never risked everything she had. Her words don’t meet her actions. And her collision with the DNC turned the primaries into farce.”
He wrote that he likes that “Donald Trump has earned his money himself. And at least he is sincere in what he says. His position is straight and clear” but says he doesn’t necessarily support Trump because he opposes his “ideas about closing borders and deportation policy. It’s a nonsense, absolute bullshit.”
Guccifer 2.0 wrote that he targeted the DNC in part because the U.S. election is exciting and the hack would make him famous. On his website, he writes, “As for the DNC, first, the U.S. election race is one of the most exciting events that attracts people from all over the world. My hack wouldn’t go unnoticed in any case. And now I have my own fans who put me in a line with Assange and Snowden, so my bet has played I think.”
He said he was able to hack into the DNC servers by exploiting software on their system and then installing “my Trojan like virus on their PCs. I just modified the platform that I bought on the hacking forums for about $1.5k.”