Sips from the Firehose
A blog that seeks to filter the internet into a refreshing, easily-gulped beverage


Jan 16

Guccifer hacker is back; claims not to be Russian

Posted: under Conspiracy Theories, Politics & New Media, Ukraine.
Tags: , , , , , ,

Guccifer hacker – the one who leaked DNC emails – taunts US government

I guess this is the world we live in now.

With increasing attention being paid to the way that hacks of formerly secure and private information is destablilizing governments around the world, the hacker known as “Guccifer” has emerged from hiding (?) and posted a sarcastic message on his/her/their blog:

I really hope you’ve missed me a lot. Though I see they didn’t let you forget my name. The U.S. intelligence agencies have published several reports of late claiming I have ties with Russia.

I’d like to make it clear enough that these accusations are unfounded. I have totally no relation to the Russian government. I’d like to tell you once again I was acting in accordance with my personal political views and beliefs.

Sure you were. Sure you were.

It must be noted that the original “Guccifer” is in jail , and this “nym” only came up after the hacking operation against the Democratic National Committee was exposed, and people started pointing fingers at the Kremlin. More on that in a bit.

Guccifer hacker operating out of Kremlin

Fireworks over the Kremlin

Guccifer had previously claimed to be Romanian. However, according to IT News, this claim proved to be false:

There’s good reason to doubt Guccifer’s claims. He or she — or they — previously claimed to be Romanian, but a journalist previously reported testing out Guccifer’s Romanian skills and found them lacking.

Guccifer 2.0’s re-emergence after a two-month hiatus from Twitter and his blog is certainly designed to stir the pot. Especially after Donald Trump spent weeks doubting Russian involvement in the hack and only this week changed his tune to match that of U.S. intelligence agencies.

It was based on that intelligence assessment that President Obama ordered sanctions against Russia and also vowed covert action.

Digging deeper into the provenance of the Guccifer hacker, we find that it’s not really the intelligence agencies and the Obama administration that’s pointing the finger at the Russians – it’s pretty much every reputable internet security outfit as well.

considering a long trail of breadcrumbs pointing back to Russia left by the Guccifer hacker, as well as other circumstantial evidence, it appears more likely that Guccifer 2.0 is nothing but a disinformation or deception campaign by Russian state-sponsored hackers to cover up their own hack—and a hasty and sloppy one at that.

The main element pointing to Russia is the timeline of the events. For a year, hackers with ties to the Russian government—likely the FSB and the military GRU—were inside the servers of the DNC, stealing documents and even reading chats and emails, according to CrowdStrike and The Washington Post. Then, after the IT people at the DNC noticed weird network activities and called in CrowdStrike, the hackers got kicked out. This led to the operation being exposed in the media.

So when you start looking closer, some things leap out at you: The leaked documents contain metadata indicating they’ve been opened and processes on multiple virtual machines, as the independent cybersecurity researcher known as Pwn All The Things pointed out on Twitter on Wednesday. Some of these machines had different configurations, including one with the Cyrillic language setting and the username of “Iron Felix,” referencing Felix Dzerzhinsky, the first head of the Soviet intelligence services.

Again: this “lone hacker” uses many VMs, speaks Russian; username is founder of USSR secret police & likes laundering docs via Wikileaks.

Not exactly hard to connect the dots there.

Comments (0)