The Slatest

Investigation Into DNC Hacker Guccifer Reportedly Leads to Russian Intelligence Officer in Moscow

People holding Russian flags gather on Manezhnaya Square outside the Kremlin for a rally celebrating the fourth anniversary of Russia's annexation of Crimea in Moscow on March 18, 2018. / AFP PHOTO / Kirill KUDRYAVTSEV        (Photo credit should read KIRILL KUDRYAVTSEV/AFP/Getty Images)
People holding Russian flags gather on Manezhnaya Square outside the Kremlin for a rally celebrating the fourth anniversary of Russia’s annexation of Crimea in Moscow on March 18, 2018.
KIRILL KUDRYAVTSEV/Getty Images

A Daily Beast report Thursday says there is new evidence tracking Guccifer 2.0, the online persona of the hacker that swiped DNC emails and provided them to WikiLeaks, back to an officer in Russia’s military intelligence directorate (GRU). Confirming this link to Moscow, which aligns with what American intelligence agencies have believed “with high confidence” would likely have geopolitical ramifications for the U.S., as well as legal implications for the Trump presidency.

Throughout 2016, Guccifer claimed to be a “lone hacker,” but the consensus view among security experts was that the persona was a composite. An investigation into emails from Guccifer, who communicated with people on social media, through blog posts, and elsewhere, provided investigators the break they needed to track down who was behind the account that wreaked havoc on the 2016 election. From the Daily Beast:

…an investigation at ThreatConnect that tried to track down Guccifer from the metadata in his emails. But the trail always ended at the same data center in France. [An intelligence researcher] eventually uncovered that Guccifer was connecting through an anonymizing service called Elite VPN, a virtual private networking service that had an exit point in France but was headquartered in Russia. But on one occasion, The Daily Beast has learned, Guccifer failed to activate the VPN client before logging on. As a result, he left a real, Moscow-based Internet Protocol address in the server logs of an American social media company, according to a source familiar with the government’s Guccifer investigation. Working off the IP address, U.S. investigators identified Guccifer 2.0 as a particular GRU officer working out of the agency’s headquarters on Grizodubovoy Street in Moscow. (The Daily Beast’s sources did not disclose which particular officer worked as Guccifer.)

Guccifer was born on June 15, 2016, shortly before the release of the DNC emails, and made occasional appearances online throughout the campaign. Trump adviser Roger Stone interacted with the hacker via direct messages on Twitter. “Sometime after its hasty launch, the Guccifer persona was handed off to a more experienced GRU officer, according to a source familiar with the matter,” the Daily Beast reports. “The timing of that handoff is unclear, but Guccifer 2.0’s last blog post, from Jan. 12, 2017, evinced a far greater command of English that the persona’s earlier efforts.”