Why Did Guccifer 2.0 Evolve from Sloppy Hacktivist to Professional Leaker?

The hacker persona, likely created by Russian spies, has become much more calculated in the last few weeks.

|
Aug 15 2016, 8:55pm

Image: John Williams RUS/Shutterstock and Wikimedia Commons

After almost a month of complete silence, the hacker known as Guccifer 2.0, who is likely a persona created by Russian spies to cover up their own hacks, is back with a bang.

"It's time for new revelations now," the hacker or hackers wrote in a new blog post on Friday, which has been since removed from Wordpress (but lives on in an archived version). "All of you may have heard about the DCCC hack. As you see I wasn't wasting my time! It was even easier than in the case of the DNC breach."

Guccifer claimed responsibility for last year's breach on the Democratic Congressional Campaign Committee, or DCCC, and dumped the phone numbers and private email addresses of Democratic members of the US House of Representatives. Three days later, on Monday, Guccifer 2.0 dumped more documents, this time on the Florida congressional primaries.

While the new dumps by themselves don't appear to reveal anything particularly interesting, they underline the evolution of the Guccifer 2.0 persona from careless, mistake-prone, would-be hacktivist to a more sophisticated, professionally-run leaking operation.

Guccifer 2.0 persona has gone from careless, mistake-prone, would-be hacktivist to a more sophisticated, professionally-run leaking operation.

When he first emerged, Guccifer 2.0 used broken English and smileys typical of Russian internet users. In an apparent mistake, the hacker uploaded stolen documents with metadata modified in Russian, and used the name of the famous founder of the Soviet Secret Police.

In other words, as Thomas Rid laid out in an extensive and detailed analysis, all signs indicate Guccifer 2.0 was part of the same hacking operation—likely launched by Russia—that resulted in the breach the Democratic National Committee.

Initially, the hacker's motives for coming out and claiming the hack seemed to be to simply prove that CrowdStrike, the security company that had pointed the finger at Russia, was wrong. In its first blog post, Guccifer 2.0 went as far as to write "Fuck CrowdStrike!!!!!!!!!"

At the time, to my own surprise, Guccifer 2.0 also agreed to do an interview. And during our online chat, he claimed to be a Romanian hacker who didn't really care about US politics but simply wanted to fight the "illuminati." Bizarrely, however, the hacker couldn't really speak Romanian, and his language might have betrayed his real origins, according to linguists consulted by Motherboard (an independent forensic linguistic analysis later also agreed that the hacker's mother language is likely Russian).

"The US presidential elections are becoming a farce."

Weeks later, the hacker's language has shifted. He now uses clear, grammatically-correct English. Gone are the Russian smileys, as well as the Russian metadata. The hacker is also not talking to the media anymore, and has become much more political.

In his blog post on Friday, he wrote that "the US presidential elections are becoming a farce," echoing the accusation of Republican candidate Donald Trump, who's said the upcoming elections will be "rigged."

While there's still no smoking gun proving Guccifer 2.0 was created by Russian intelligence services, it's becoming more and more clear every day that its motives align with Vladimir Putin's interests—interfering and raise a fuss surrounding the US elections—and he's getting better at it.

Stories