SCOOP: An officer with Russia's military intelligence agency made a crucial slip-up in tradecraft – one that revealed his secret identity as Guccifer 2.0. @kpoulsen & I report. https://t.co/unXztJlG2q
— Spencer Ackerman (@attackerman) March 22, 2018
From Spencer Ackerman and Kevin Poulsen at The Daily Beast:
Guccifer 2.0, the “lone hacker” who took credit for providing WikiLeaks with stolen emails from the Democratic National Committee, was in fact an officer of Russia’s military intelligence directorate (GRU), The Daily Beast has learned. It’s an attribution that resulted from a fleeting but critical slip-up in GRU tradecraft.
That forensic determination has substantial implications for the criminal probe into potential collusion between President Donald Trump and Russia. The Daily Beast has learned that the special counsel in that investigation, Robert Mueller, has taken over the probe into Guccifer and brought the FBI agents who worked to track the persona onto his team.
Mueller’s office declined to comment for this story. But the attribution of Guccifer 2.0 as an officer of Russia’s largest foreign intelligence agency would cross the Kremlin threshold—and move the investigation closer to Trump himself.
Proving that link definitively was harder. Ehmke led an investigation at ThreatConnect that tried to track down Guccifer from the metadata in his emails. But the trail always ended at the same data center in France. Ehmke eventually uncovered that Guccifer was connecting through an anonymizing service called Elite VPN, a virtual private networking service that had an exit point in France but was headquartered in Russia.But on one occasion, The Daily Beast has learned, Guccifer failed to activate the VPN client before logging on. As a result, he left a real, Moscow-based Internet Protocol address in the server logs of an American social media company, according to a source familiar with the government’s Guccifer investigation. Twitter and WordPress were Guccifer 2.0’s favored outlets. Neither company would comment for this story, and Guccifer did not respond to a direct message on Twitter.
Working off the IP address, U.S. investigators identified Guccifer 2.0 as a particular GRU officer working out of the agency’s headquarters on Grizodubovoy Street in Moscow. (The Daily Beast’s sources did not disclose which particular officer worked as Guccifer.)
Security firms and declassified U.S. intelligence findings previously identified the GRU as the agency running “Fancy Bear,” the ten-year-old hacking organization behind the DNC email theft, as well as breaches at NATO, Obama’s White House, a French television station, the World Anti-Doping Agency, and countless NGOs, and militaries and civilian agencies in Europe, Central Asia, and the Caucasus.
Much, much more at the link. Including a recounting of how the GRU officer posing as Guccifer 2.0’s stolen data was used by Republican campaigns aside from the presidential election. Now that Special Counsel Mueller can tie Guccifer 2.0 directly to the GRU (Russian military intelligence), it means that the counterintelligence portion of his investigation will not be contained just to the presidential campaign. Any Republican campaign official and/or operation; any Republican candidate, whether they won their race or not; and any conservative group that got and/or used Guccifer 2.0’s stolen Democratic information are highly likely to also be in the Special Counsel’s crosshairs.
As is the case with all the breaking Cambridge Analytica news this week, Ackerman’s and Poulsen’s reporting provides significant new information about another major and significant bridging node in Russia’s active measures and cyberwarfare network. This provides those of us paying attention and following the news reporting on Putin’s Cold War against the US, as well as our allies and partners, important information of who was doing what, when, and on whose behalf. It also tells us that the counterintelligence component of the Special Council’s investigation is still cranking away on determining the full dimensions and parameters of Putin’s active measures and cyberwarfare campaign against the US.