Stories

Go deeper: The Russian intelligence agents behind Guccifer 2.0

Photo illustration: Jaap Arriens/NurPhoto via Getty Images

The latest Mueller indictment names the Russian intelligence agents behind the Guccifer 2.0 persona, the public face of the cyber break-in at the Democratic National Committee.

The big picture: Though the WikiLeaks email leaks got nearly all the attention, other press outlets — including The Hill, The Smoking Gun and Gawker — also received leaked documents from the hackers of the Democratic National Committee and Democratic Congressional Committee. Guccifer 2.0 was the persona used to leak those documents to the press — including me, then a reporter at The Hill.

Flashback:

  • Guccifer 2.0 also released a smaller amount of documents on his own Wordpress blog.
  • He interacted with people over Twitter direct messages, including — famously — Trump confidant Roger Stone.
  • New in the indictment, he also provided documents to a U.S. congressional candidate about his opponent.
  • We knew, from the files leaked to The Hill, that Guccifer 2.0 had stolen recruitment documents when the Democrats searched for candidates to run in various elections.

Who he is: Guccifer 2.0 borrowed his name from Guccifer, a famous Romanian hacker that struck celebrities — including Clinton insiders — in the past. The original Guccifer was obsessed with linking victims to the Illuminati.

  • Guccifer 2.0 claimed to be from Romania and ended his first WordPress post "F*ck the Illuminati and their conspiracies." He soon dropped the Illuminati schtick.
  • Guccifer 2.0's first leaks came immediately after a Washington Post story attributed the DNC hack to Russia, and most experts believe that the persona was an attempt to salvage what they could out of a blown operation.

What we know: Guccifer 2.0 always presented himself as a single apolitical hacker. It was pretty clear to most people who chatted with him that Guccifer 2.0 was actually more than one person. It was also fairly clear from security research, intelligence reports and the documents he selected for leaks that he was largely interested in sandbagging the Democratic campaign nationally, and especially in swing states.

Based on the indictment:

  • We now know who made up the team that procured and leaked the documents — Viktor Boris Ovich, Boris Alekseyevich Antonov, Dmitriy Sergeyevich Badin, Ivan Sergeyevich Yermakov, Aleksey Viktorovich Lukashev, Sergey Aleksandrovich, Nikolay Yuryevich Kozachek, Pavel Vyacheslavovich Yershov, Artem Andreyevich Malyshev, Aleksandr Vladimirovich Osad Chuk, Aleksey Aleksandrovich Potemkin and Anatoliy Sergeyevich Kovalev.
  • Russian intelligence operatives ran searches of several of the phrases in Guccifer 2.0's first WordPress post hours before the post went live, implying some kind of advance knowledge.
  • One reporter who received documents — not me — asked about timing of when to publish.

The fallout: Washington Post columnist Josh Rogin tweeted after the Russia indictment that "American reporters who took stories from Guccifer 2.0 or DC Leaks have to wonder if they weren't used as a tool of a foreign military intelligence operation against our country."

  • We did wonder about that. At The Hill, we always tried to make it clear that Guccifer 2.0 was likely a Russian asset. We never published full documents — though we did summarize some — and only printed stories we believed explained some aspect of Russia's intent with the campaign.
  • With Kevin Collier, I was one of two reporters who had ThreatConnect perform forensic analysis on emails from Guccifer 2.0 that ultimately determined he used a Russian anonymity service known as a VPN. (I scrubbed the emails of any identifying information other than the IP address to protect my source's anonymity).
  • The first reporter to conduct an interview with Guccifer 2.0, Motherboard's Lorenzo Franceschi-Bicchierai, quickly established that Guccifer 2.0 did not speak Romanian.

Go deeper: