The Cable
The Cable goes inside the foreign policy machine, from Foggy Bottom to Turtle Bay, the White House to Embassy Row.

New Evidence Strengthens Guccifer 2.0’s Russian Connections

Researchers poke yet another hole in Moscow's disinformation campaign.

By
MOSCOW, Feb. 23, 2016: Russian Prime Minister Dmitry Medvedev, Russian President Vladimir Putin and Russian Defense Minister Sergei Shoigu, from left to right, view the honor guard during a wreath-laying ceremony in Moscow, Russia, on Feb. 23, 2016. Several officials of the Russian government attended a wreath-laying ceremony at the Tomb of the Unknown Soldier with the eternal flame to mark the Defender of the Fatherland Day here on Tuesday. (Xinhua/Dai Tianfang via Getty Images)
MOSCOW, Feb. 23, 2016: Russian Prime Minister Dmitry Medvedev, Russian President Vladimir Putin and Russian Defense Minister Sergei Shoigu, from left to right, view the honor guard during a wreath-laying ceremony in Moscow, Russia, on Feb. 23, 2016. Several officials of the Russian government attended a wreath-laying ceremony at the Tomb of the Unknown Soldier with the eternal flame to mark the Defender of the Fatherland Day here on Tuesday. (Xinhua/Dai Tianfang via Getty Images)
MOSCOW, Feb. 23, 2016: Russian Prime Minister Dmitry Medvedev, Russian President Vladimir Putin and Russian Defense Minister Sergei Shoigu, from left to right, view the honor guard during a wreath-laying ceremony in Moscow, Russia, on Feb. 23, 2016. Several officials of the Russian government attended a wreath-laying ceremony at the Tomb of the Unknown Soldier with the eternal flame to mark the Defender of the Fatherland Day here on Tuesday. (Xinhua/Dai Tianfang via Getty Images)

Guccifer 2.0, the persona that has surfaced to take responsibility for hacking the servers of the Democratic National Committee, is all but certainly not who he says he is.

Guccifer 2.0, the persona that has surfaced to take responsibility for hacking the servers of the Democratic National Committee, is all but certainly not who he says he is.

Now cybersecurity researchers at ThreatConnect, an intelligence firm, have revealed additional evidence connecting Guccifer with Russian web-services. This new evidence, in the researchers’ view, strengthens their belief that Guccifer is not an independent hacker but a Russian disinformation operation.

“It’s the latest in a body of evidence,” says Toni Gidwani, director of research operations at ThreatConnect, that Guccifer is a persona manufactured by Russian intelligence to deflect attention from their breach of DNC servers. “There are an increasing number of data points that point toward Russia.”

Late Tuesday, the New York Times reported that U.S. intelligence agencies have told the White House that they had “high confidence” that Russian government hackers were responsible for breaking into the DNC’s servers and stealing documents and emails from the party’s computers. That story cited “federal officials who have been briefed on the evidence” but cautioned that the Russian hackers’ motive remains unclear — whether the infiltration was a typical act of espionage or an attempt to swing the outcome of the November’s presidential election. According to the Times, U.S. intelligence officials believe Guccifer is a creation of Russian military intelligence to deflect blame from Moscow’s agents.

White House and intelligence officials declined to comment on the Times report.

After the DNC and security firm Crowdstrike reported that Russian spies had breached the party’s servers, Guccifer surfaced almost immediately to take the blame. And immediately his credibility came into question. He claimed to be Romanian but couldn’t speak Romanian. His claims to be an ideologically motivated hacker didn’t add up. His actions fit a pattern of behavior by Russian intelligence services.

Since he surfaced online, Guccifer has been corresponding with journalists, pushing documents on them and trying to convince them to write stories about their contents. Researchers at ThreatConnect took one of those exchanges — with reporter Kevin Collier at the website Vocativ — and mined it for technical details that might reveal clues about Guccifer’s identity.

ThreatConnect’s researchers found that whoever was corresponding with Collier under the Guccifer moniker was doing so with a French AOL address. This is something no half-way decent hacker would do — and Crowdstrike has said the operatives who breached the DNC displayed superb tradecraft.

AOL email accounts reveal what is known as the sender’s originating IP address, which is basically a calling card for that person’s location.

Researchers at ThreatConnect took that information and followed it down the digital rabbit hole. Guccifer, as it turned out, had been using a VPN, which allows a web user to mask his location. ThreatConnect determined that that VPN was a Russian-based service, Elite VPN.

On their own, these two pieces of evidence say little about Guccifer. But taken together with the broader body of evidence, they are yet more circumstantial evidence strongly pointing toward Moscow’s involvement in hacking the DNC’s servers.

Since Guccifer first surfaced, ThreatConnect has been exhaustively studying his statements and online identity, identifying numerous inconsistencies. A July 20 analysis by the firm of Guccifer’s statements about his use of zero day vulnerabilities — these are highly prized security problems in software and hardware used to break into computer systems — revealed a hacker who had no idea what he was talking about.

Guccifer claimed that he had broke into DNC systems using such vulnerabilities, but ThreatConnect’s analysis revealed that as a highly dubious claim. He misused technical terms that any hacker capable of finding and deploying zero day vulnerabilities would be familiar with. He referenced specific tools that an attacker going after the software used by the DNC would be unlikely to deploy.

The haphazard nature of this information campaign fits with Russian practice, Gidwani says. Moscow’s spies specialize in sowing doubt and creating discord, and that propaganda strategy doesn’t require the creation of an air-tight persona, Gidwani argues.

Xinhua/Dai Tianfang via Getty Images

Twitter: @EliasGroll
Tags: Hillary Clinton, Media, Russia, U.S. 2016 Election, Vladimir Putin

Read More

A family picture shows Andriy Oprysko, right, a 47-year-old seaman—one of 24 Ukrainian sailors who have been held captive by Moscow since the incident on the Kerch Strait—posing with his son, also named Andriy Oprysko.
A family picture shows Andriy Oprysko, right, a 47-year-old seaman—one of 24 Ukrainian sailors who have been held captive by Moscow since the incident on the Kerch Strait—posing with his son, also named Andriy Oprysko.

Trump Meets Putin at G-20 While Ukrainian Sailors Remain Jailed

The U.S. president drew a red line when 24 Ukrainians were seized last year. Now his sit-down with the Russian president is back on.

Dispatch |
Amy Mackinnon
Russian President Vladimir Putin and his Chinese counterpart, Xi Jinping, tour the Kremlin in Moscow on June 5.
Russian President Vladimir Putin and his Chinese counterpart, Xi Jinping, tour the Kremlin in Moscow on June 5.

Xi and Putin, Best Friends Forever?

A transcript of the two leaders’ remarks in Moscow.

Transcript |
FP Editors
The Ukrainian actor and comedian Volodymyr Zelensky on set in Kiev, Ukraine, during filming of “Servant of the People” on Feb. 6.
The Ukrainian actor and comedian Volodymyr Zelensky on set in Kiev, Ukraine, during filming of “Servant of the People” on Feb. 6.

Who’s Laughing Now: Zelensky or Putin?

Ukraine’s incoming comedian president has sent mixed signals on Russia. But the Kremlin may not sit still while he figures out a policy.

Dispatch |
Justin Lynch

Editors’ Picks

  1. 1
    The Bomb Was Horrifying. The Alternatives Would Have Been Worse.
  2. 2
    Is Netflix’s ‘The Diplomat’ Factual or Farcical?
  3. 3
    America’s Goal Should Be a Democratic China
  4. 4
    The Battle for Eurasia
  5. 5
    A BRICS Currency Could Shake the Dollar’s Dominance
  6. 6
    Is Saudi-Israeli Normalization Worth It?

More from Foreign Policy

Keri Russell as Kate Wyler walks by a State Department Seal from a scene in The Diplomat, a new Netflix show about the foreign service.
Keri Russell as Kate Wyler walks by a State Department Seal from a scene in The Diplomat, a new Netflix show about the foreign service.

At Long Last, the Foreign Service Gets the Netflix Treatment

Keri Russell gets Drexel furniture but no Senate confirmation hearing.

Chinese President Xi Jinping and French President Emmanuel Macron speak in the garden of the governor of Guangdong's residence in Guangzhou, China, on April 7.
Chinese President Xi Jinping and French President Emmanuel Macron speak in the garden of the governor of Guangdong's residence in Guangzhou, China, on April 7.

How Macron Is Blocking EU Strategy on Russia and China

As a strategic consensus emerges in Europe, France is in the way.

Chinese President Jiang Zemin greets U.S. President George W. Bush prior to a meeting of APEC leaders in 2001.
Chinese President Jiang Zemin greets U.S. President George W. Bush prior to a meeting of APEC leaders in 2001.

What the Bush-Obama China Memos Reveal

Newly declassified documents contain important lessons for U.S. China policy.

A girl stands atop a destroyed Russian tank.
A girl stands atop a destroyed Russian tank.

Russia’s Boom Business Goes Bust

Moscow’s arms exports have fallen to levels not seen since the Soviet Union’s collapse.

Trending

  1. 6 Swing States Will Decide the Future of Geopolitics
    Analysis |
    Cliff Kupchan

  2. Has Hvaldimir, Putin’s Secret Weapon, Defected?
    Analysis |
    Elisabeth Braw

  3. The Battle for Eurasia
    Analysis |
    Hal Brands

  4. Pakistani Authorities Give Imran Khan a Taste of His Own Medicine
    Analysis |
    Lynne O’Donnell

  5. Is Saudi-Israeli Normalization Worth It?
    Analysis |
    Aaron David Miller, Steven Simon