
ThreatConnect Follows Guccifer 2.0 to Russian VPN Service - uptown
https://www.threatconnect.com/guccifer-2-all-roads-lead-russia/
======
matt_wulfeck
> Very few hackers with Guccifer 2.0’s self-acclaimed skills would use a free
> webmail service that would give away a useful indicator like the originating
> IP address. Most seasoned security professionals will be familiar with email
> providers that are more likely to cooperate with law enforcement and how
> much metadata a provider might reveal about their users.

Unless of course they want you to follow breadcrumbs and jump to conclusions.

This whole thing is stupid and I don't think we can trust any organization
that says "Aha! We know who the _real_ actor is!"

------
ComodoHacker
TL;DR: The server which emails to media was sent from (IP 95.130.15.34 from
email headers) has the same SSH key fingerprint as other servers that belong
to Elite VPN service (vpn-service.us) with Russian origins.

PR/research ratio of the article: 80%

Russian VPN is the most reasonable choice if you are doing a leak about US
politics and don't want to be traced by US.

------
jscheel
Even if the leak ultimately comes from Russia, there is still no evidence that
this is a state-sponsored act. At this point, to claim that Moscow is
controlling the dissemination of information is conjecture, and needs to be
backed up with more proof than a lack of technical expertise and the location
of a vpn.

------
SixSigma
Remember when the US decided North Korea hacked Sony ? [1]

President Obama used an executive order to impose more sanctions

[1]
[https://en.wikipedia.org/wiki/Sony_Pictures_Entertainment_ha...](https://en.wikipedia.org/wiki/Sony_Pictures_Entertainment_hack#U.S._accusations_against_North_Korea)

------
breakingcups
Of course no-one else but a Russian person could have signed up for a Russian
VPN company that has an English version of its webpage..

------
levsky
15 _' ThreatConnect' \+ 42_'we ' = 57 times... Good job! Have a pizza now,
demon fighters

