The Daily Beast reports exclusively that Guccifer 2.0, the hacker who claimed he alone broke into the DNC in 2016 and gave the stolen emails to WikiLeaks, accidentally has revealed he is a GRU (Russian military intelligence) officer as experts long have suspected.
It’s an attribution that resulted from a fleeting but critical slip-up in GRU tradecraft.
That forensic determination has substantial implications for the criminal probe into potential collusion between President Donald Trump and Russia. The Daily Beast has learned that the special counsel in that investigation, Robert Mueller, has taken over the probe into Guccifer and brought the FBI agents who worked to track the persona onto his team.
(...)
Trump’s longtime political adviser Roger Stone admitted being in touch with Guccifer over Twitter’s direct messaging service. And in August 2016, Stone published an article on the pro-Trump-friendly Breitbart News calling on his political opponents to “Stop Blaming Russia” for the hack. “I have some news for Hillary and Democrats—I think I’ve got the real culprit,” he wrote. “It doesn’t seem to be the Russians that hacked the DNC, but instead a hacker who goes by the name of Guccifer 2.0.”
(...)
Guccifer 2.0 sprang into existence on June 15, 2016, hours after a report by a computer security firm forensically tied Russia to an intrusion at the Democratic National Committee. In a series of blog posts and tweets over the following seven months—conspicuously ending right as Trump took office and not resuming—the Guccifer persona published a smattering of the DNC documents while gamely projecting an image as an independent Romanian hacktivist who’d breached the DNC on a lark. As Stone’s Breitbart piece demonstrated, Guccifer provided Moscow with a counter-narrative for the election interference.
The Daily Beast explains how cyber security experts knew Guccifer 2.0 was not whom he claimed to be but had trouble proving it.
ThreatConnect ... tried to track down Guccifer from the metadata in his emails. But the trail always ended at the same data center in France. [Intelligence researcher Kyle] Ehmke eventually uncovered that Guccifer was connecting through an anonymizing service called Elite VPN, a virtual private networking service that had an exit point in France but was headquartered in Russia.
But on one occasion, The Daily Beast has learned, Guccifer failed to activate the VPN client before logging on. As a result, he left a real, Moscow-based Internet Protocol address in the server logs of an American social media company, according to a source familiar with the government’s Guccifer investigation. Twitter and WordPress were Guccifer 2.0’s favored outlets ...
Working off the IP address, U.S. investigators identified Guccifer 2.0 as a particular GRU officer working out of the agency’s headquarters on Grizodubovoy Street in Moscow ...
Security firms and declassified U.S. intelligence findings previously identified the GRU as the agency running “Fancy Bear,” the ten-year-old hacking organization behind the DNC email theft, as well as breaches at NATO, Obama’s White House, a French television station, the World Anti-Doping Agency, and countless NGOs, and militaries and civilian agencies in Europe, Central Asia, and the Caucasus.
Read More: EXCLUSIVE: ‘Lone DNC Hacker’ Guccifer 2.0 Slipped Up and Revealed He Was a Russian Intelligence Officer (The Daily Beast)