This story is over 5 years old.

Hacker Guccifer 2.0 Gives Rambling Speech at Cybersecurity Conference

The hacker blamed tech companies for data breaches and leaked new stolen data.
Image: Brian A Jackson/Shutterstock

The hacker who claimed to be behind the breach on the Democratic National Committee, who goes by the name Guccifer 2.0, was slated to talk via livestream at a London cybersecurity conference on Tuesday.

But, perhaps unsurprisingly, Guccifer 2.0, whom experts believe is just a front for Russian government hackers, was a no show. Instead, someone else read out loud a rambling statement purportedly sent by the hacker.


Guccifer 2.0 presentation PSBE Futures GroupSeptember 13, 2016

In the long statement, Guccifer 2.0 talks about who's really to blame for data breaches (spoiler alert: definitely not hackers like him), accuses Twitter of censoring his "twits," and blames government contractors as the real culprits because they make buggy software.

"As a result they pose a threat to the critical infrastructure elements and the national security as a whole. Total computerization along with inadequate software development may cause a lot of troubles," Guccifer 2.0 said, according to a transcript obtained by Motherboard. "That's why it's better to use paper sometimes. We should start now to prevent electronic apocalypse and rise of the machines in the future. Or else it would be too late."

Read more: Why Did Guccifer 2.0 Evolve from Sloppy Hacktivist to Professional Leaker?

Guccifer 2.0 also released around 600 megabytes of data, allegedly stolen from NGP VAN, a company that provides services to the DNC. The hacker claimed in an interview with Motherboard earlier this summer that he broke into the DNC by finding a flaw in NGP VAN. NGP VAN did not respond to a request for comment, but there's no evidence that a flaw in the company's software was the way in for the hacker. ThreatConnect, a security firm that's followed the DNC breach since the beginning, said that Guccifer 2.0's claims regarding NGP VAN don't make any sense.


It's unclear why Guccifer 2.0 didn't connect via livestream as it was advertised. The conference organizers did not respond to a request for comment. Guccifer 2.0 also did not respond to a Twitter message.

Here's the full transcript of Guccifer 2.0's rambling message, read out loud during the conference.

Hello everyone This is Guccifer 2.0.

I'm sure you know me because my name is in the conference program list. As I see it, this is the place to discuss cyber security and cyber threats. And may be to propose some solutions. Let's figure out who poses the real threat to begin with.

Cyber security firms are quick to blame hackers for their activity. Yeah, they cause a lot of troubles for business and politics. But, who poses a real cyber threat? what do you think? Is it Guccifer? Or Snowden? Or Assange? Or Lazar? No. It seems obvious. It's plain as day you would say. But still my answer is no. Large IT companies pose a real cyber threat nowadays.

You may perfectly know some of them or may not. But their responsibility for the future of our world is growing from day to day. And I will explain to you why.

So. What's wrong with large IT companies? First. On their way to a global progress and big money they are collecting users' personal data, which is the same as spying on people, because many of us don't even realise they track us online and collect our info. Companies store these data making it vulnerable for leaks.


Second. They create conditions that make people store their info in cloud services. It seems convenient but it's extremely vulnerable because it's thousand times easier to steal the data from the cloud than from a personal cell phone for instance.

The next reason, and the crucial one, is software vulnerability. Tech companies hurry to finish the work and earn money. So they break development cycle very often omitting the stage of testing. As a result, clients have raw products installed on their systems and networks with a great number of bugs and holes.

Fourth. It's well known that all large companies look forward to receiving governmental contracts. They develop governmental websites, communication systems, electronic voting systems, and so on and have their products installed to critical infrastructure objects on the national level. They are aggressively lobbying their interests. You can see it at the diagram that they spent millions of dollars for lobbying. That doesn't mean they will produce better software. That means they will get even more money in return.

Fifth. This is censorship. For example Twitter censors unwelcome users. I can judge it by myself here. You can see how Guccifer 2 hashtag unnaturally abruptly stops trending. It seems impossible that all Twitter users just stop twitting about Guccifer 2 leaks, in a moment. That's why people started Guccifer 3, 4, 5 hashtags to avoid censorship. People also told me their twits [sic] were not shown in the Twitter live wall unlike to their account's wall.


So, the cyber aggressiveness is progressing nowadays. The number of cyber attacks is steadily growing. What's the reason? What's wrong with the cyber defense? Well. they take wrong measures. They search for cyber criminals, sentence them. But two more hackers appear instead of one convicted.

The real problem is inside. This is just the same as in offline world. This is not enough to prosecute criminals. It requires preventive measures, to fight criminality by elimination of the possibility of crime.

So, what's the right question we should ask about cyber crime? Who hacked a system? Wrong. The right question is: who made it possible that a system was hacked? In this regard, what question should you ask me? How I hacked the DNC??? Now you know this is a wrong question. Who made it possible, that I hacked into the DNC. This is the question.

And I suppose, you already know the answer. This is NGP VAN Company that operates the DNC network. And this is its CEO Stu Trevelyan who is really responsible for the breach. Their software is full of holes. And you knew about it even before I came on stage. You may remember Josh Uretsky, the national data director for Sander's presidential campaign. He was fired in December, 2015 after improperly accessing proprietary data in the DNC system.

As it was agreed, he was intentionally searching for voter information belonging to other campaigns. However, he is not to blame. The real reason voter information became available for non-authorized users was NGP VAN's raw software which had holes and errors in the code.


And this is the same reason I managed to get access to the DNC network. Vulnerabilities in the NGP VAN software installed on its server which they have plenty of. Shit! Yeah? This scheme shows how NGP VAN is incorporated in the DNC infrastructure.

It's for detailed examination, if you are interested. And here are a couple of NGP VAN's documents from their network. If you r [sic] interested in their internal documents. You can have them via the link on the screen. The password is usual. It's also on the screen. You may also ask the conference producers for them later.

So, as you see there's no need to breach into separate users accounts or separate systems. You just need to hack their tech company. This is the feature. Big IT companies lead us to a disaster. In their pursuit for money they release raw software, so their clients are highly vulnerable. It became usual to blame everything on hackers while IT companies just pretend they are working hard to patch bugs and to plug holes. And they even ask for more and more money to correct their own mistakes. As a result they pose a threat to the critical infrastructure elements and the national security as a whole. Total computerization along with inadequate software development may cause a lot of troubles. That's why it's better to use paper sometimes.

We should start now to prevent electronic apocalypse and rise of the machines in the future. Or else it would be too late. As the financial corporations are ruling the world now so the IT companies will rule it in the near future. What should we do? You would tell me I could report a bug to the company as it's commonly done. What do you think they would answer me? Thanks? Or this is not crucial? Or maybe they would even give me some money. Yeah But what could it change? Nothing. Yeah. Really. Nothing at all.

We need to shake the situation, to make our voices sound. Yeah, I know if they find me I'm doomed to live like Assange, Snowden, Manning or Lazar. In exile or in prison. But it's worth it for they are the heroes, heroes of new era.

Thanks for ur attention. See you online!

Get six of our favorite Motherboard stories every day by signing up for our newsletter.