Article Image
IPFS News Link • Investigations

Guccifer 2.0's Hidden Agenda

•, by Tim Leonard

In December, I reported on digital forensics evidence relating to Guccifer 2.0 and highlighted several key points about the mysterious persona that Special Counsel Robert Mueller claims was a front for Russian intelligence to leak Democratic Party emails to WikiLeaks:

Guccifer 2.0 fabricated evidence to claim credit for hacking the DNC (using files that were really Podesta attachments).

Guccifer 2.0's Russian breadcrumbs mostly came from deliberate processes & needless editing of documents.

Guccifer 2.0's Russian communications signals came from the persona choosing to use a proxy server in Moscow and choosing to use a Russian VPN service as end-points (and they used an email service that forwards the sender's IP address, which made identifying that signal a relatively trivial task.)

considerable volume of evidence pointed at Guccifer 2.0's activities being in American timezones (twice as many types of indicators were found pointing at Guccifer 2.0's activities being in American timezones than anywhere else).

The American timezones were incidental to other activities (eg. bloggingsocial mediaemailing a journalistarchiving files, etc) and some of these were recorded independently by service providers.

A couple of pieces of evidence with Russian indicators present had accompanying locale indicators that contradicted this which suggested the devices used hadn't been properly set up for use in Russia (or Romania) but may have been suitable for other countries (including America)