The Evidence Guccifer 2.0 is Russian Intel

On October 7th 2016 the US Intelligence Community made a strong statement attributing hacks, leaks, and various attribution fronts where the actions of Russian intelligence. They stated that the purpose of the hacks was to collect data, and the purpose of the leaks is to influence the US election.

Statement From US Intelligence

OSINT Evidence Available

There is plenty of open source intelligence available which shows that there is sufficient evidence to support the claim that Guccifer 2.0 is an attribution front for Russian intelligence services. One may examine the evidence and decide that it is not sufficient, but to ignore it, or state that it doesn’t exist, reveals more about the correspondent than the evidence.

Evidence from News Media

Indirect Evidence via News Media

Evidence from Threat Intelligence Companies

Threat Connect shows the reuse of Russian infrastructure for the DCCC hack (from which data was stolen, altered, and then released by Guccifer 2.0.) ThreatConnect made a number of different posts linking Guccifer 2.0 to Russia:

  1. Guccifer 2.0 does not talk like someone who is technically competent with cyber security
  2. Infrastructure reuse

Early Analysis

Evidence from the Russians


There is a nice narrative structure fitting everything into a timeline, collecting evidence into a central location.

Hard to ignore

There is a large volume of data all pointing the same way. The data is consistent, and there have been no plausible or viable alternative hypothesis that fits the available public facts. This makes for a fairly good case. One that is, at the very least, hard to ignore. Certainly one that cannot be dismissed as “without evidence.”

Information Security Researcher :: :: ::