"Guccifer 2.0" is a person or persona stating they were the hacker(s) that hacked into the Democratic National Committee (DNC) computer network and then leaked its documents to the media, the website WikiLeaks, and a conference event. Some of the documents they say they released appear to be forgeries cobbled together from public information and previous hacks, which they then salted with disinformation.
Contents
The U.S. Intelligence Community concluded that some of the genuine leaks that Guccifer 2.0 has said were part of a series of cyberattacks on the DNC were committed by two Russian intelligence groups. This conclusion is based on analyses conducted by various private sector cybersecurity individuals and firms, including CrowdStrike, Fidelis Cybersecurity, Fireeye's Mandiant, SecureWorks, ThreatConnect, and the security editor for Ars Technica. The Russian government denies involvement in the theft, and "Guccifer 2.0" denied links to Russia. WikiLeaks founder Julian Assange said that multiple parties had access to DNC emails and that there was "no proof" that Russia was behind the attack. According to various cybersecurity firms and U.S. government officials, Guccifer 2.0 is a persona that was created by Russian intelligence services to cover for their interference in the 2016 U.S. presidential election.
Identity
On June 21, 2016, in an interview with Vice "Guccifer 2.0" stated that he is Romanian. On June 30, 2016 and January 12, 2017, "Guccifer 2.0" stated that he is not Russian. However, despite stating that he was unable to read or understand Russian, metadata of emails sent from Guccifer 2.0 to The Hill showed that a Russian-language-only VPN was used. When pressed to use the Romanian language in an interview with Motherboard via online chat, "he used such clunky grammar and terminology that experts believed he was using an online translator."
Cybersecurity experts have concluded that "Guccifer 2.0" is likely a creation of the Russian state-sponsored hacking groups thought to have executed the attack, invented to cover up Russian responsibility. The cybersecurity firm CrowdStrike, which was hired by the DNC to analyze the data breach, "posits that Guccifer 2.0 could be 'part of a Russian Intelligence disinformation campaign'," i.e., a creation to deflect blame for the theft. Russia has made use of the invention of "a lone hacker or an hacktivist to deflect blame" in the past, deploying this strategy in previous cyberattacks on the German government and the French network TV5Monde. Thomas Rid of King's College London, a cybersecurity expert, states that it is "'more likely than not' that the whole operation, including the Guccifer 2.0 part, was orchestrated by Russian spies." As of July 2016, U.S. intelligence was not yet certain whether the breaches were normal espionage or part of a concerted effort by Russia and WikiLeaks to attempt to manipulate the 2016 U.S. presidential election. The hackers responsible for the DNC email leak (a group called Fancy Bear by CrowdStrike) seem to have not been working on the DNC's servers on April 15 which in Russia is a holiday in honor of the Russian military's electronic warfare services.
On July 18, 2016, Russian government spokesman Dmitry Peskov denied Russian government involvement in the DNC theft. On July 25, 2016, during an interview with Democracy Now!, Julian Assange, editor in chief of WikiLeaks, said that no one knows WikiLeaks' sources. He adds that "the dates of the emails that [WikiLeaks] published are significantly after all—or all but one, it is not clear—of the hacking allegations that the DNC says have occurred." The same day, Assange told NBC News that "it's what's in the emails that's important, not who hacked them." When asked by NBC News if WikiLeaks might have been used to distribute documents stolen as part of a Russian intelligence operation, Assange replied: "There is no proof of that whatsoever. We have not disclosed our source." Assange said that this was "a diversion that’s being pushed by the Hillary Clinton campaign." Assange has hosted a program on RT, a Russian state-run news channel. U.S. intelligence analyst Malcolm Wrightson Nance stated that Assange has long disliked Clinton, and WikiLeaks' official Twitter account has issued many political tweets condemning her campaign. Assange has not publicly endorsed either Clinton or Trump, calling both choices "horrific."
Computer hacking claims
On June 14, 2016, according to The Washington Post, the DNC acknowledged a hack which was claimed by Guccifer 2.0.
On July 18, 2016, Guccifer 2.0 provided exclusively to The Hill numerous documents and files covering political strategies, including but not limited to correlating the banks that received bailout funds with Republican Party and Democratic Party donations.
On July 22, 2016, the Guccifer 2.0 stated he hacked, then leaked, the DNC emails to WikiLeaks. "Wikileaks published #DNCHack docs I'd given them!!!", tweeted Guccifer 2.0.
On September 13, 2016, during a conference, an unknown and remote representative of Guccifer 2.0 released almost 700 megabytes (MB) worth of documents from the DNC. Forbes also obtained a copy of those. Still according to Forbes, on September 12, 2016, ahead of that conference, Guccifer posted a public Twitter message in which he confirmed that his representative was legitimate. The Russian government denied any involvement. The DNC, the DCCC, U.S. intelligence officials, and other experts speculated about Russia involvement. NGP VAN, who state they are the "leading technology provider" for the Democratic campaigns, declined to comment on Guccifer 2.0's recent statements.
On October 4, 2016, Guccifer 2.0 released documents and claimed that they were taken from the Clinton Foundation and showed "corruption and malfeasance" there. Security experts quickly determined that the release was a hoax; the release did not contain Clinton Foundation documents, but rather consisted of documents previously released from the DNC and DCCC thefts, data aggregated from public records, and documents that were fabricated altogether as propaganda. Singled out as particularly absurd was the idea that Clinton's team would have actually named a file "Pay for Play" on their own server, as Guccifer 2.0's screenshots of the alleged "hack" show.
Post-election blog post
The Guccifer 2.0 persona went dark just before the U.S. presidential election, and only resurfaced on January 12, 2017, following the public release of a dossier by former MI6 agent Christopher Steele that asserted that Trump was linked to the Russian intelligence community. The Guccifer 2.0 persona made a blog post denying that they had any relation to the Russian government, and calling the technical evidence suggesting links to the Russian government "a crude fake." In the blog post, Guccifer 2.0 indicated they had gained access to the DNC servers through a vulnerability in their NGP VAN software.