"Guccifer 2.0" is a persona which claimed to be the hacker(s) that hacked into the Democratic National Committee (DNC) computer network and then leaked its documents to the media, the website WikiLeaks, and a conference event. Some of the documents "Guccifer 2.0" released to the media appear to be forgeries cobbled together from public information and previous hacks, which had been mixed with disinformation. According to indictments in February 2018, the persona is operated by Russian military intelligence agency GRU. On July 13, 2018, Special Counsel Robert Mueller indicted 12 GRU agents for allegedly perpetrating the cyberattacks. The U.S. Intelligence Community concluded that some of the genuine leaks from "Guccifer 2.0" were part of a series of cyberattacks on the DNC committed by two Russian military intelligence groups, and that "Guccifer 2.0" is actually a persona created by Russian intelligence services to cover for their interference in the 2016 U.S. presidential election. This conclusion is based on analyses conducted by various private sector cybersecurity individuals and firms, including CrowdStrike, Fidelis Cybersecurity, FireEye's Mandiant, SecureWorks, ThreatConnect, Trend Micro, and the security editor for Ars Technica. The Russian government denies involvement in the theft, and "Guccifer 2.0" denied links to Russia. WikiLeaks founder Julian Assange said multiple parties had access to DNC emails and that there was "no proof" Russia was behind the attack. In March 2018, Special Counsel Robert Mueller took over investigation of Guccifer 2.0 from the FBI while it was reported that forensic determination had found the Guccifer 2.0 persona to be a "particular military intelligence directorate (GRU) officer working out of the agency's headquarters on Grizodubovoy Street in Moscow".
On June 21, 2016, in an interview with Vice, "Guccifer 2.0" said he is Romanian,[1][2] which is the nationality of Marcel Lehel Lazar, the Romanian hacker who originally used the "Guccifer" pseudonym. On June 30, 2016 and January 12, 2017, "Guccifer 2.0" stated that he is not Russian.[3][4][5] However, despite stating that he was unable to read or understand Russian, metadata of emails sent from Guccifer 2.0 to The Hill showed that a predominantly-Russian-language VPN was used.[6] When pressed to use the Romanian language in an interview with Motherboard via online chat, "he used such clunky grammar and terminology that experts believed he was using an online translator."[6] Linguistic analysis by Shlomo Engelson Argamon showed that Guccifer 2.0 is most likely "a Russian pretending to be a Romanian".[7][8]
Some cybersecurity experts have concluded that "Guccifer 2.0" is likely a creation of the Russian state-sponsored hacking groups thought to have executed the attack,[9][10][11][12][13][14][15] invented to cover up Russian responsibility.[15][16] The cybersecurity firm CrowdStrike, which was hired by the DNC to analyze the data breach,[17] "posits that Guccifer 2.0 could be 'part of a Russian Intelligence disinformation campaign'", i.e. a creation to deflect blame for the theft.[16] Russia has made use of the invention of "a lone hacker or an hacktivist to deflect blame" in the past, deploying this strategy in previous cyberattacks on the German government and the French network TV5Monde.[15] Thomas Rid of King's College London, a cybersecurity expert, says it is "'more likely than not' that the whole operation, including the Guccifer 2.0 part, was orchestrated by Russian spies."[15] The hackers responsible for the DNC email leak (a group called Fancy Bear by CrowdStrike) seem to have not been working on the DNC's servers on April 15 which in Russia is a holiday in honor of the Russian military's electronic warfare services.[18]
On July 18, 2016, Russian government spokesman Dmitry Peskov denied Russian government involvement in the DNC theft.[19] On July 25, 2016, during an interview with Democracy Now!, Julian Assange, editor in chief of WikiLeaks, said no one knows WikiLeaks' sources. He adds that "the dates of the emails that [WikiLeaks] published are significantly after all—or all but one, it is not clear—of the hacking allegations that the DNC says have occurred."[20] The same day, Assange told NBC News that "it's what's in the emails that's important, not who hacked them."[21] When asked by NBC News if WikiLeaks might have been used to distribute documents stolen as part of a Russian intelligence operation, Assange replied: "There is no proof of that whatsoever. We have not disclosed our source."[22] Assange said this was "a diversion that's being pushed by the Hillary Clinton campaign."[22] Assange in 2012 hosted a program on RT, a Russian state-run news channel.[23][24] U.S. intelligence analyst Malcolm Wrightson Nance said Assange has long disliked Clinton.[25]
In an October 2016 joint statement, the United States Department of Homeland Security and the Office of the Director of National Intelligence stated:
The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from U.S. persons and institutions, including from U.S. political organizations. The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts. These thefts and disclosures are intended to interfere with the U.S. election process. Such activity is not new to Moscow—the Russians have used similar tactics and techniques across Europe and Eurasia, for example, to influence public opinion there. We believe, based on the scope and sensitivity of these efforts, that only Russia's senior-most officials could have authorized these activities.[26]
In March 2018, The Daily Beast, citing U.S. government sources, reported that Guccifer 2.0 is in fact a Russian GRU officer, explaining that Guccifer once forgot to use a VPN, leaving IP logs on "an American social media company" server. The IP address was used by U.S. investigators to identify Guccifer 2.0 as "a particular GRU officer working out of the agency's headquarters on Grizodubovoy Street (ru) in Moscow."[27]
In April 2018, BuzzFeed reported that messages showed WikiLeaks' interest in Guccifer 2.0's emails and files.[28]
On July 13, 2018, the United States Department of Justice (DOJ) indicted 12 Russian Intelligence Officers and revealed that Guccifer 2.0 was a persona used by GRU.[29]
Twitter suspended the persona's account on July 14 for "being connected to a network of accounts previously suspended for operating in violation of our rules." The account had been dormant for at least a year and a half.[30]
On June 14, 2016, according to The Washington Post , the DNC acknowledged a hack[31] which was claimed by Guccifer 2.0.[3][32][33][34][35][36]
On July 18, 2016, Guccifer 2.0 provided exclusively to The Hill numerous documents and files covering political strategies,[37] including but not limited to correlating the banks that received bailout funds with Republican Party and Democratic Party donations.[37]
On July 22, 2016, Guccifer 2.0 stated he hacked, then leaked, the DNC emails to WikiLeaks.[3][32][33][34][35][36] "Wikileaks published #DNCHack docs I'd given them!!!", tweeted Guccifer 2.0.[35]
On September 13, 2016, during a conference, an unknown and remote representative of Guccifer 2.0 released almost 700 megabytes (MB) worth of documents from the DNC.[38] Forbes also obtained a copy of those.[39] Still according to Forbes, on September 12, 2016, ahead of that conference, Guccifer posted a public Twitter message in which he confirmed that his representative was legitimate.[39] The Russian government denied any involvement.[38] The DNC, the DCCC, U.S. intelligence officials, and other experts speculated about Russia involvement.[38] NGP VAN, who state they are the "leading technology provider" for the Democratic campaigns, declined to comment on Guccifer 2.0's recent statements.[39]
On October 4, 2016, Guccifer 2.0 released documents and claimed that they were taken from the Clinton Foundation and showed "corruption and malfeasance" there.[40] Security experts quickly determined that the release was a hoax; the release did not contain Clinton Foundation documents, but rather consisted of documents previously released from the DNC and DCCC thefts, data aggregated from public records, and documents that were fabricated altogether as propaganda.[40][41] Singled out as particularly absurd was the idea that Clinton's team would have actually named a file "Pay for Play" on their own server, as Guccifer 2.0's screenshots of the alleged "hack" show.[40][42][43] Former Trump confidant Roger Stone was in contact with Guccifer 2.0 during the campaign.[44]
The Guccifer 2.0 persona went dark just before the U.S. presidential election, and resurfaced on January 12, 2017, following the public release of the Steele dossier that asserted the Trump campaign was cooperating with the Russians in their interference in the 2016 presidential election. The dossier also asserted that "Romanian hackers" had performed the hacks.
The Guccifer 2.0 persona made a blog post denying that they had any relation to the Russian government, and calling the technical evidence suggesting links to the Russian government "a crude fake."[45] In the blog post, Guccifer 2.0 indicated they had gained access to the DNC servers through a vulnerability in their NGP VAN software.[46]
The content is sourced from: https://handwiki.org/wiki/Biography:Guccifer_2.0