The Evidence Guccifer 2.0 is Russian Intel
Collected in one place
On October 7th 2016 the US Intelligence Community made a strong statement attributing hacks, leaks, and various attribution fronts where the actions of Russian intelligence. They stated that the purpose of the hacks was to collect data, and the purpose of the leaks is to influence the US election.
Statement From US Intelligence
The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations. The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts. These thefts and disclosures are intended to interfere with the US election process. — Source
A number of people have complained about the lack of US IC evidence to support this claim. The US IC does not make public attribution claims lightly. This is only the fourth time they have done so. The do not accuse nuclear powers of interfering in the general election because of what they read in the morning horoscope. It is a safe assumption that there is evidence that was used to back up this statement, even if we, the public, do not get to see it.
Fortunately, though, there is a large amount of public data and evidence which does provide weight to back up the ODNI statement.
OSINT Evidence Available
There is plenty of open source intelligence available which shows that there is sufficient evidence to support the claim that Guccifer 2.0 is an attribution front for Russian intelligence services. One may examine the evidence and decide that it is not sufficient, but to ignore it, or state that it doesn’t exist, reveals more about the correspondent than the evidence.
Evidence from News Media
Written by Thomas Rid In the wee hours of June 14, the Washington Post revealed that "Russian government hackers" had…motherboard.vice.com
On the day many expected WikiLeaks to dump incendiary documents about Democratic presidential nominee Hillary Clinton…motherboard.vice.com
After almost a month of complete silence, the hacker known as Guccifer 2.0, who is likely a persona created by Russian…motherboard.vice.com
A week after a hacker going by the name of 'Guccifer 2.0' claimed responsibility for the hack on the Democratic…motherboard.vice.com
On Wednesday, a hacker calling themselves "Guccifer 2.0" claimed responsibility for hacking into the servers of the…motherboard.vice.com
Emails sent by Guccifer 2.0 to The Hill show evidence that the hacker used Russian-language anonymity software - a…thehill.com
AUGUST 12--The e-mail from Google arrived at 4:09 AM on March 22 and contained an ominous alert for its recipient,…www.thesmokinggun.com
Such a public accusation could result in a further deterioration of the already icy relationship between Washington and…www.nytimes.com
On March 19 of this year, Hillary Clinton's campaign chairman John Podesta received an alarming email that appeared to…motherboard.vice.com
Indirect Evidence via News Media
Former senior U.S. national security officials are dismayed at Republican presidential candidate Donald Trump 's…www.chicagotribune.com
WASHINGTON Republican vice presidential candidate Mike Pence said evidence implicates Russia in recent email hacks tied…www.reuters.com
On an April afternoon earlier this year, Russian president Vladimir Putin headlined a gathering of some four hundred…www.esquire.com
Two senior U.S. intelligence officials reiterated their belief that the Russian government has leaked stolen emails in…www.wsj.com
In a war against hackers, Dmitri Alperovitch and CrowdStrike are our special forces (and Putin's worst nightmare). At…www.esquire.com
Evidence from Threat Intelligence Companies
Threat Connect shows the reuse of Russian infrastructure for the DCCC hack (from which data was stolen, altered, and then released by Guccifer 2.0.) ThreatConnect made a number of different posts linking Guccifer 2.0 to Russia:
- A detailed ACH analysis shows that Guccifer 2.0 is not a good fit for a hacktivist, but is a good fit for an attribution front
- Guccifer 2.0 does not talk like someone who is technically competent with cyber security
- Infrastructure reuse
And of course, there are the original CrowdStrike attribution of the DNC (and later DCCC) hacks to Russian APT groups:
Follow @CrowdStrike and @DAlperovitch for the latest on these threats June 15, 2016 UPDATE: CrowdStrike stands fully by…www.crowdstrike.com
Re: "When you shoot at the king, you best not miss." spacerog () spacerogue net (Jun 16)seclists.org
On 17 Jun 2016, at 23:39, Jeffrey Carr wrote: I agree entirely, Allen. The market incentives are huge for a company to…seclists.org
Evidence from the Russians
There is a nice narrative structure fitting everything into a timeline, collecting evidence into a central location.
Putin, Wikileaks, the NSA and the DNC email fiasco that gave Trump and Clinton another reason to be at odds. On an April…www.esquire.com
And Bruce Schneier put together a collection of links to data back in July.
Amazingly enough, the preponderance of the evidence points to Russia as the source of the DNC leak. I was going to…www.schneier.com
Hard to ignore
There is a large volume of data all pointing the same way. The data is consistent, and there have been no plausible or viable alternative hypothesis that fits the available public facts. This makes for a fairly good case. One that is, at the very least, hard to ignore. Certainly one that cannot be dismissed as “without evidence.”