Robert Mueller’s team has taken over the investigation of Guccifer 2.0, who communicated with (and was defended by) longtime Trump adviser Roger Stone.
Guccifer 2.0, the “lone hacker” who took credit for providing WikiLeaks with stolen emails from the Democratic National Committee, was in fact an officer of Russia’s military intelligence directorate (GRU), The Daily Beast has learned. It’s an attribution that resulted from a fleeting but critical slip-up in GRU tradecraft.
That forensic determination has substantial implications for the criminal probe into potential collusion between President Donald Trump and Russia. The Daily Beast has learned that the special counsel in that investigation, Robert Mueller, has taken over the probe into Guccifer and brought the FBI agents who worked to track the persona onto his team.
While it’s unclear what Mueller plans to do with Guccifer, his last round of indictments charged 13 Russians tied to the Internet Research Agency troll farm with a conspiracy “for the purpose of interfering with the U.S. political and electoral processes, including the presidential election of 2016.” It was Mueller’s first move establishing Russian interference in the election within a criminal context, but it stopped short of directly implicating the Putin regime.
Mueller’s office declined to comment for this story. But the attribution of Guccifer 2.0 as an officer of Russia’s largest foreign intelligence agency would cross the Kremlin threshold—and move the investigation closer to Trump himself.
Proving that link definitively was harder. Ehmke led an investigation at ThreatConnect that tried to track down Guccifer from the metadata in his emails. But the trail always ended at the same data center in France. Ehmke eventually uncovered that Guccifer was connecting through an anonymizing service called Elite VPN, a virtual private networking service that had an exit point in France but was headquartered in Russia.
But on one occasion, The Daily Beast has learned, Guccifer failed to activate the VPN client before logging on. As a result, he left a real, Moscow-based Internet Protocol address in the server logs of an American social media company, according to a source familiar with the government’s Guccifer investigation. Twitter and WordPress were Guccifer 2.0’s favored outlets. Neither company would comment for this story, and Guccifer did not respond to a direct message on Twitter.
Working off the IP address, U.S. investigators identified Guccifer 2.0 as a particular GRU officer working out of the agency’s headquarters on Grizodubovoy Street in Moscow. (The Daily Beast’s sources did not disclose which particular officer worked as Guccifer.)
Security firms and declassified U.S. intelligence findings previously identified the GRU as the agency running “Fancy Bear,” the ten-year-old hacking organization behind the DNC email theft, as well as breaches at NATO, Obama’s White House, a French television station, the World Anti-Doping Agency, and countless NGOs, and militaries and civilian agencies in Europe, Central Asia, and the Caucasus.
On July 22, 2016, WikiLeaks began releasing its cache of approximately 19,000 emails and 8,000 attachments stolen in the hack. While Trump promoted the leak on Twitter and in rallies, his surrogate Roger Stone pushed back against the Kremlin attribution. In his August 2016 article for Breitbart, he argued that Guccifer 2.0 was the Romanian hacktivist he claimed to be. “Guccifer 2.0 is the real deal,” he wrote.
You must be logged in to reply to this topic.