
Guccifer 2.0 Slipped Up and Revealed He Was a Russian Intelligence Officer - hownottowrite
https://www.thedailybeast.com/exclusive-lone-dnc-hacker-guccifer-20-slipped-up-and-revealed-he-was-a-russian-intelligence-officer
======
geowwy
Relevent paragraphs:

> [An intelligence researcher] led an investigation at ThreatConnect that
> tried to track down Guccifer from the metadata in his emails. But the trail
> always ended at the same data center in France. Ehmke eventually uncovered
> that Guccifer was connecting through an anonymizing service called Elite
> VPN, a virtual private networking service that had an exit point in France
> but was headquartered in Russia.

> But on one occasion, The Daily Beast has learned, Guccifer failed to
> activate the VPN client before logging on. As a result, he left a real,
> Moscow-based Internet Protocol address in the server logs of an American
> social media company, according to a source familiar with the government’s
> Guccifer investigation. Twitter and WordPress were Guccifer 2.0’s favored
> outlets. Neither company would comment for this story, and Guccifer did not
> respond to a direct message on Twitter.

> Working off the IP address, U.S. investigators identified Guccifer 2.0 as a
> particular GRU officer working out of the agency’s headquarters on
> Grizodubovoy Street in Moscow. (The Daily Beast’s sources did not disclose
> which particular officer worked as Guccifer.)

~~~
bigiain
Opsec is hard - you only need to fuck up once...

~~~
CapacitorSet
If all it takes is "one occasion" for investigators to believe you're Russian,
it's also definitely easy to throw investigations off course.

~~~
Lazare
> If all it takes is "one occasion"

Depends on the occasion, no? There's a difference between "the target account
once used phrasing more typical of a Russian speaker than a Romanian speaker"
and "the target connected to the server from inside GRU headquarters".

> it's also definitely easy to throw investigations off course

Connecting to a server from GRU headquarters isn't something I'd call
"definitely easy". If the claim is true, Occam's Razor suggests that the GRU
was involved in some fashion. What's the alternative? That the DNC compromised
the network of a Russian intelligence agency?

(How much faith to put in an anonymously sourced claim about what was in the
logs of an unnamed social network is a separate question, of course.)

~~~
vageli
Teenagers can hack NASA [0] so I don't think a sufficiently motivated
attacker, possibly backed by a nation state, couldn't pull off something like
this as a false flag.

[0]:
[https://abcnews.go.com/Technology/story?id=119423&page=1](https://abcnews.go.com/Technology/story?id=119423&page=1)

~~~
Lazare
> Teenagers can hack NASA [...] so I don't think a sufficiently motivated
> attacker [...] couldn't pull off something like this

Right, the fact someone could compromise a random government agency _in the
90s_ clearly means someone else could compromise Russian military intelligence
in 2016, because NASA's IT security in the 90s is totally comparable to the
GRU today, absolutely.

> possibly backed by a nation state

Which nation state, exactly?

~~~
refulgentis
Considering a U.S. ally had their tendrils so deep inside GRU that they had a
live video feed, you should probably reevaluate your assigned probabilities.

~~~
equalunique
You mean the recent story which broke by Dutch intel?

There is no public video recording to substantiate their claim. You'd think
this entire debate would be settled if on YouTube we could all just watch
visual proof of Russians hacking the US.

They also claimed that the video feed came from a university building in
Moscow's Red Square. I challenge you to find such a building on a map of the
Red Square.

~~~
refulgentis
Your entire posting history is devoted to obscure conspiracy screeds whenever
Russia is involved – it's truly remarkable your account has persisted this
long.

~~~
equalunique
That's an extremely offensive thing to say. Also, that is not a true
characterization of my comment history. If you do want to discuss that topic,
I am more than happy to engage in discussions supported by sourced material.

------
tardygrad
While pointing fingers at Russia or impeaching Trump may be the options that
feel good at the moment, I hope this is an opportunity to make sure something
like this never happens again.

This is a pipe dream and I'm not sure this is even possible, but I think the
best outcome of this is to pass legislation to try and ensure that:

1\. Political campaigns don't engage in the type of behaviour in the first
place, and

2\. Make communications more public in general - official campaigns of people
running for public office must operate under the light of greater public
scrutiny

Democracy is only possible if accurate information is available, and the
biggest takeaway for me in the last elections was just how many secrets all
political players have.

~~~
aphextron
It all comes down to campaign finance. We need pblicly funded elections with
absolutely no tolerance for private money, and a set equal amount for each
major party candidate. Until Citizens United is overturned, and we get some
kind of legislation like this, money will continue to dominate everything. And
as long as that’s the case, there will _always_ be unethical behavior because
the incentives are too great.

~~~
orangecat
_money will continue to dominate everything_

The Clinton campaign raised and spent much more money than the Trump campaign:
[https://www.bloomberg.com/politics/graphics/2016-presidentia...](https://www.bloomberg.com/politics/graphics/2016-presidential-
campaign-fundraising/)

~~~
siidooloo
How does that contradict what the other person said?

~~~
bduerst
It doesn't, it's just more whataboutism. It also ignores that one campaign was
being assisted by a foreign power, the extent of which is still being
investigated and not fully known.

The U.S. desperately needs campaign finance reform.

~~~
orangecat
_It also ignores that one campaign was being assisted by a foreign power_

To the extent that this is true, campaign finance laws couldn't have stopped
it. If anything, restricting the ability of Americans to express their
opinions makes foreign propaganda even stronger.

~~~
bduerst
>To the extent that this is true, campaign finance laws couldn't have stopped
it

Again, the investigation is still underway and the full extent of the
assistance is still unknown, meaning you can't assert that until the findings
are released.

~~~
thesis
You can't assert that they were assisted by a foreign government until the
investigation is over either... since the extent was unknown aka maybe not at
all.

~~~
espadrine
That is the first time I have heard this position, and I find it indefensible.

“You can't assert that kids died in this school shooting until the
investigation is over, since the extent was unknown.”

It similarly does not work if parents are preparing the funerals.

The Office of the Director of National Intelligence released a report back in
January 2017 decisively stating this:

> _We assess Russian President Vladimir Putin ordered an influence campaign in
> 2016 aimed at the US presidential election._

> _Russia’s goals were to undermine public faith in the US democratic process,
> denigrate Secretary Clinton, and harm her electability and potential
> presidency._

> _[…] We [CIA, FBI, NSA] have high confidence in these judgments._

> _We also assess Putin and the Russian Government aspired to help President-
> elect Trump’s election chances when possible by discrediting Secretary
> Clinton and publicly contrasting her unfavorably to him. All three agencies
> agree with this judgment._

[https://www.dni.gov/files/documents/ICA_2017_01.pdf](https://www.dni.gov/files/documents/ICA_2017_01.pdf)

------
igivanov
For what it is worth, let me quote someone's reddit comment:

>"So many 'slip-ups' pointing to Russia from this guy.. you could be forgiven
for thinking he's not Russian, and was in fact created by the DNC.

>He CHOSE to name his computer account after the founder of the Soviet Secret
Police.

>He CHOSE to create/open and then save documents so the Russian name was
written to metadata.

>He CHOSE to use a Russian VPN service to cloak his IP address.

>He CHOSE to use public web-based email services that would forward his
cloaked IP.

>He CHOSE to use the above to contact various media outlets on the same day.

>Odd behaviour for an elite hacker.

>Also, still today, none of his claims of hacking can be verified."

[https://www.reddit.com/r/worldnews/comments/86gglv/lone_dnc_...](https://www.reddit.com/r/worldnews/comments/86gglv/lone_dnc_hacker_guccifer_20_slipped_up_and/dw4ybzm/)

~~~
shaki-dora
The reason may actually be that Russia always wanted to be caught. They never
thought Trump would win–the prize they were aiming for was general distrust of
the election's integrity.

It's very similar to Russia's choice to poison Litvienko with Polonium–an
unnatural radioactive element that can easily be traced back to the reactor
where it originated. And, similarly, the very recent chemical weapons attack
in the UK, using a nerve agent only ever produced by Russia.

~~~
TazeTSchnitzel
In fairness, the UK came close to not detecting the Polonium (it was just luck
they had the right someone on the team) and they weren't sure Russia could
have known the UK was actually capable of detecting it.

------
rdtsc
Wonder how this jives alongside this other story with a confession letter from
someone saying they were ordered to hack the DNC:

[http://www.newsweek.com/russian-hacker-stealing-clintons-
ema...](http://www.newsweek.com/russian-hacker-stealing-clintons-
emailshacking-dnc-putinsfsb-745555)

\---

Konstantin Kozlovsky, a Russian citizen working for a hacker group called
Lurk, confessed to hacking Clinton’s emails during a hearing about his arrest
in August. An audio recording and minutes from the hearing were posted on
Kozlovsky’s Facebook page, and their authenticity was reportedly confirmed by
The Bell.

\---

He allegedly worked with someone from FSB:

\---

Kozlovsky identified his FSB handler as Dmitry Dokuchaev, a cybersecurity
expert who worked as a hacker before joining the FSB.

Dokuchaev, who used the moniker “Forb,” has been linked to a group of hackers
called Shaltai Boltai, or Humpty Dumpty,

\---

Perhaps the DNC was hacked by both? It was a pretty large target and multiple
state actors gave it a try.

~~~
retsibsi
The book _Russian Roulette_ says that data was stolen from the DNC by two
groups of Russian hackers, who seemed to be acting separately. It says that
one group was linked to Russian military intelligence (presumably the GRU) and
the other was suspected of being linked to Russian intelligence, 'most likely
the SVR'.

~~~
rdtsc
Thanks for the book suggestion.

------
c3534l
I was expecting some real hightech spycraft and intrigue. Nope, the dude
forgot turn on his VPN. Even well-funded state actors can be dumbasses.

~~~
stevenwoo
My VPN sometimes just goes down. There's a little icon in the tray that turns
from green to red. I could set my system to not allow internet access without
the VPN but that mucks about with the boot process and I'm not running
spycraft.

~~~
cynwoody
I'm sure GRU possesses the technical chops to put in place safeguards to
guarantee against ever connecting other than through the VPN. They should do
that and then hire Kaspersky to come over and audit their setup.

------
cocktailpeanuts
Since this is "Hacker News" I would like to ask an honest question: Which is
more likely of the two?

1\. The hacker mistakenly sign in from Russia once.

2\. The hacker intentionally sign in from Russia once.

I really have no bias towards all this issue and don't really care, but I do
care about media making interpretations that mislead the public, which is why
I draw this question.

One widely used hacking technique is to intentionally leave a trail that leads
investigators down the wrong track, not just for hacking but for all crimes.

I'm just having hard time understanding how people are taking for granted that
a competent hacker is more likely to leave a trail by mistake instead of
leaving one intentionally, because in most cases it's the latter.

~~~
notacoward
Which is the more likely of the two?

1\. The hacker actually worked for GRU, which was already known to engage in
such activities, and slipped up once?

2\. Somebody hacked into a GRU office so they could connect from there _one
time_ and hope somebody would notice?

~~~
duncanawoods
3\. Using notepad.exe, Dave typed the GRU IP address into the server log
before passing them on to Susan for her analysis

------
lokopodium
Unwritten Cold War rules pretty much said you don't pursue the opposing
officers unless you catch them on your turf.

It's obvious that the troll factory people and Guccifer 2.0 were acting on
behalf of Russia with the direct approval from Putin. Why bother indicting
individuals?

~~~
toyg
Unwritten cold war rules have gone out of the window.

Russian agents used isotopes and nerve gas in GCHQ’s backyard. The sitting US
President might have received their help to win the election. Russia just made
the only major territory annexation by a superpower since WWII (iirc).

Obviously we didn’t start the fire, as Billy Joel would say, but we certainly
live in interesting times.

~~~
dahdum
We interfere all the time in foreign elections, and so many countries tried to
influence ours I don’t see anything innately wrong with it. Other than
possibly the fact they played a little dirty. So did the DNC (per emails), the
RNC (because why would they be better?), and many political groups.

Unless Trump made a deal with them to do so, this looks like business as usual
to me.

~~~
sgc
Hmm. what about...

Your comment doesn't pass a basic test of moral decency, which is that there
is no reason to point fingers. Actions should be judged based on their own
merits, not what others are doing. That is just deflection.

I doubt you meant it that way, but that is how it came across.

And of course it is a very big deal and not at all palatable to interfere with
the internal politics of another country to destabilize it, regardless of how
often it has been done, the roles of its internal members, or their
cooperation with you.

~~~
dahdum
It’s a connected world, and the US being one of the centers means that nearly
every country has a stake in the outcome. I don’t think it’s wrong of them to
use their influence, as we do. It bothers me, but then I think of what we
should do if Turkey ever came up with a free election. In my opinion that
would be doing everything we can to influence, the slide to dictatorship and
oppression is more unpalatable to me.

~~~
sgc
To me there is a very clear moral line (and practically results vary from
intentions): If your primary motivation is not to improve the life of those
within a country, you must keep out of their politics. Much like I should not
interfere in my neighbor's family life if my goal is to harm rather than heal.
I see no goal from recent interference other than to destabilize, which is
morally akin to a preemptive military strike.

Edit: I also don't think just any improvement would morally justify
interference in another country's sovereignty. There must be a significant
evil that must be overcome so that the interference becomes the lesser evil -
a hard test to pass.

~~~
moduspol
> If your primary motivation is not to improve the life of those within a
> country, you must keep out of their politics.

I don't think this is a clear moral line in international politics.

If your primary motivation is to improve the life of those within _your own_
country, it can be justifiable to get involved in _another country 's_
politics. And that's what is done. Ostensibly to prevent war, enhance regional
stability, etc.

Even just looking from Russia's perspective. If the world's leading country is
so weak that a few phishing attacks can swing the election away from a less
favorable candidate, is it really _morally wrong_ to do that to benefit your
people?

~~~
sgc
There is a big difference between interfering, which is covertly affecting the
outcome, and influencing via direct diplomacy or perhaps even _clearly_
identified advertisements etc. I was referring to the first and not the
second, and could have been clearer on that.

There is no such thing as "a little phishing" in another election. It is the
equivalent of calling something a little hand gesture without mentioning you
shoved your hand into someone's vagina first.

The autarky of self-governance is sacred, and should be respected as such. The
modern world has completely lost its moral compass on these issues, and I have
previously denounced harder lines by the EU and the US interfering in smaller
countries elections / forcing laws down their throats (Eastern European and
Balkan) countries). But as I alluded to in the beginning of this thread: Just
because everyone's doing something does not make it right.

~~~
moduspol
I think I see where you're coming from--I just think it's a little
oversimplifying.

Hillary Clinton was openly calling for a "no fly zone" in an area where
Russian planes were flying. A "no fly zone" is a public declaration that you
will shoot down planes that you don't think should be there. That could have
started WW3, which is not in Russians' interests.

But that's a bit of a stretch. Suppose she had openly advocated for war with
Russia. Would it still be immoral for Russia to deceptively access and share
with Wikileaks e-mails from her campaign and party to shift support away from
her?

Or are there truly no circumstances where one can morally interfere with
another country's election?

~~~
sgc
It's basically an act of war, you are destroying their self-governance. So
when war is moral (ie in defense of self or others against violent oppression
/ other autonomy destroying acts), there is a case to be made. But then you
still need to justify your specific means - which is a direct attack on the
Civilians of the country by taking away their apparent liberty without telling
them that is the case. Obviously that view entails understanding lies as
taking away others' liberty by denial of truth on which to base their
decisions.

The decision would be easier (but not easy) to make if their own government
was deceiving them grossly, in which case your interference could bring more
truth than it obscured. Any moral choice remains predicated on the lack of
availability of better, more direct and honest methods. And of course these
are practical decisions with all the obscurity and uncertainty they entail.

Between the characteristic of an attack on civilians and the potential of
actually bringing in more truth than is obscured if their own government is
sowing lies, I first pointed to helping the citizens of the country as the
only moral option. Without making a decision (I would have to think about it
further), there might be drastic circumstances where there was no other viable
course of action - but again within the context of acts of war and significant
collateral damage.

------
badrabbit
This is why you shouldn't do VPN (or Tor) on end devices. A network device
routing your traffic should do that.

------
petegrif
How can we be confident that some of us on this forum are not trolls working
to discredit the story?

We can't be.

~~~
akvadrako
It seems very likely at least some commenters are paid trolls. If you were
running a $1m disinformation campaign for either side, wouldn't you put assign
a few sock puppets to hacker news?

------
akvadrako
It's nice to finally have some evidence in this story, but it's good to keep
in mind that there is also evidence it's an internal leak. (1) Wikileaks
stated their source wasn't Russia and (2) The timestamps on the leak point to
a local copy over USB2:

[https://theforensicator.wordpress.com/guccifer-2-ngp-van-
met...](https://theforensicator.wordpress.com/guccifer-2-ngp-van-metadata-
analysis/)

------
lamarpye
Interesting story. What is The Daily Beast's batting average? How often do
they make contact with the Truth? Looking at their website, I learned that Joe
Biden could beat up Trump because he took on a gangster name "Corn Pop" back
in the day. Pretty damning stuff.

------
eeks
If GRU agents use only a single hop to ambiguate their connections when
attacking their mightiest foreign opponent then we don't have much to fear
from these guys.

------
cmurf
Trump>Stone>Guccifer 2.0>GRU>Putin

And today Trump ejects his sane national security advisor, H.R. McMaster, in
favor of the hawk who was one of the four architects of the Iraq war, John
Bolton.

John Bolton penned the WSJ article _The Legal Case for Striking North Korea
First_ published Feb 28 2018.

------
ohiovr
So I guess we gotta use esp to figure out what these faded posts are all
about. If you are going to reply to a post, maybe consider not downvoting it?

------
barnesto
this is all moot, right? there was no hack of the DNC servers. it was an
inside job.

[https://lawandcrime.com/high-profile/bombshell-nsa-
experts-s...](https://lawandcrime.com/high-profile/bombshell-nsa-experts-say-
dnc-hack-was-actually-a-leak-and-inside-job/)

or just ask Wikileaks or Kim Dotcom.

------
saas_co_de
Yeah, I am sure The Daily Beast got this story because they are such a well
respected journalistic outlet.

More like nobody at the NYT or WP willing to tarnish their reputation with
this crap. Which is pretty bad given what they will publish.

~~~
dbt00
Spencer Ackerman is a stellar reporter with over 15 years experience writing
for TNR, Wired, and The Guardian. He's gotten a huge of scoops on the national
security beat throughout the years and none of his reporting has ever been
called into question.

~~~
saas_co_de
> none of his reporting has ever been called into question

In 2013, Ackerman was forced to take down one of his Wired stories on what he
claimed was a "North Korean propaganda video", after it was revealed the film
was a satire video by British travel writer Alun Hill.[16]

[https://en.wikipedia.org/wiki/Spencer_Ackerman](https://en.wikipedia.org/wiki/Spencer_Ackerman)

~~~
dbt00
Point taken. He was once taken in by a popular hoax and wrote a post on his
wired blog about it, after which he apologized on twitter.

[https://twitter.com/attackerman/status/311868261945978881](https://twitter.com/attackerman/status/311868261945978881)

To remind everyone where the plot is, I was responding to this phrase:

> Yeah, I am sure The Daily Beast got this story because they are such a well
> respected journalistic outlet.

None of his sourced reporting has ever been called into question. The original
commenter was way off base with this insinuation.

~~~
equalunique
Perhaps this new Daily Beast story is evidence he has been taken in by another
hoax.

------
throwaway84742
From the article: "according to a source familiar with the government’s
Guccifer investigation", "Working off the IP address, U.S. investigators
identified Guccifer 2.0 as a particular GRU officer working out of the
agency’s headquarters on Grizodubovoy Street in Moscow".

IOW, they don't have jack shit, which is why the stuff I quoted above is
buried towards the end of the article. How does one tie an IP address to a
street address? Or to a specific person? And what does "working off" an IP
address even mean? And why would he be running this from the GRU headquarters
rather than from some obscure Russian bunker?

I smell massive quantities of clickbait manure.

------
runciblespoon
This feeds into the Russia plotted to sabotage Hillarys campaign and promote
Trump narrative. Which is most probably a concoction dreamed up by the deep-
state as part of a conspiracy to depose a sitting president. The state
security apparatus engaged in a palace coup against a sitting president.

~~~
dd36
And 9/11 was an inside job and we never landed on the moon.

~~~
jakeogh
It's really convenient to use easily debunked stuff to prevent people from
looking into other things. For example, "flat earth" is not designed to
convince any normal person Earth is actually flat. Paradoxically, you just
"fell for" the actual utility of the "we didn't land on the moon" stuff, sure
you can find genuine people that believe just about anything, but that's just
a side issue. This is very common if you study disinformation a bit.

------
mindslight
So then, if Russian Intelligence is responsible for helping to expose a
significant criminal conspiracy in the US, maybe the news media will stop with
all of the nouveau cold war bullshit and instead just thank them?

~~~
krapp
>So then, if Russian Intelligence is responsible for helping to expose a
significant criminal conspiracy in the US...

Please point to any "significant criminal conspiracy" which was exposed, and
which laws it was in violation of, if possible.

And for bonus points, please tell us why Trump hasn't thrown Hillary into
prison yet, as promised.

~~~
mindslight
The "Democratic National Committee". On its face, election fraud. Besides the
loftier stuff like subverting the will of the people and the authorized
government.

> _And for bonus points, please tell us why Trump hasn 't thrown Hillary into
> prison yet, as promised. _

Because they play golf at the same country clubs, and their IRL actions aren't
bound by the marketing characters they play? It would be kind of like shooting
someone after you beat them in chess - totally uncool.

But I don't see how this is relevant, unless you assume that by criticizing
one ignorance club I must be a cheerleader for its twin?

~~~
krapp
I'm just asking you to back up your assertion that "Russian Intelligence is
responsible for helping to expose a significant criminal conspiracy in the US"
with evidence within the leaked documents... or by actually describing the
specific conspiracy that was exposed.

What election fraud? What is "subverting the will of the people and the
authorized government" supposed to refer to?

I'm not assuming anything, but bold and unsubstantiated assertions of
conspiracy are just noise in threads like this.

------
alva
"Working off the IP address, U.S. investigators identified Guccifer 2.0 as a
particular GRU officer"

Not a network whizz but doesn't that sound unlikely? They would have to have
1. Static IPs 2. Deep enough penetration of their systems to have IP/Officer
mapping -> in which case they would have known this was going on anyways?

Seems necessary to edit:

I understand the NSA is the most powerful player and likely had penetrated
their systems. My point is that if their networks were penetrated anyways, why
are receiving this reasoning about the accident with the VPN? The only
plausible explanation I can see is what another commenter put out which is the
Officer had also used the non-VPNd connection to something personal. Now this
would be a big fuck up

Saying they could identify an individual officer from an IP leads you to
assume they had penetrated the network. In which case, why not disclose that?
That would be the assumption from the other side.

~~~
ryanlol
If it was a residential IP, this would have been very easy. But would GRU
officers really work from home?

~~~
jlgaddis
The rest of the sentence quoted above is "... working out of the agency’s
headquarters on Grizodubovoy Street in Moscow."

~~~
zrobotics
Which could also mean an intelligence officer('s personal machine, who is
known to be) working out of the agency's hq... It implies that the IP was from
GRU HQ, but the only definite statement is that it is this specific officer,
who works at this specific location.

