This very big deal has been brought to you by a very clumsy mistake. Guccifer 2.0, credited with providing Wikileaks with the internal e-mail communications of the Democratic National Committee, turns out to be no “lone hacker” after all. Thanks to an inadvertent error, forensic investigators have pinpointed him to Moscow, the Daily Beast reported last night:
Guccifer 2.0, the “lone hacker” who took credit for providing WikiLeaks with stolen emails from the Democratic National Committee, was in fact an officer of Russia’s military intelligence directorate (GRU), The Daily Beast has learned. It’s an attribution that resulted from a fleeting but critical slip-up in GRU tradecraft. …
Ehmke led an investigation at ThreatConnect that tried to track down Guccifer from the metadata in his emails. But the trail always ended at the same data center in France. Ehmke eventually uncovered that Guccifer was connecting through an anonymizing service called Elite VPN, a virtual private networking service that had an exit point in France but was headquartered in Russia.
But on one occasion, The Daily Beast has learned, Guccifer failed to activate the VPN client before logging on. As a result, he left a real, Moscow-based Internet Protocol address in the server logs of an American social media company, according to a source familiar with the government’s Guccifer investigation. Twitter and WordPress were Guccifer 2.0’s favored outlets. Neither company would comment for this story, and Guccifer did not respond to a direct message on Twitter.
Working off the IP address, U.S. investigators identified Guccifer 2.0 as a particular GRU officer working out of the agency’s headquarters on Grizodubovoy Street in Moscow.
This comes as no surprise to most observers, who had long ago assimilated the US intel community’s consensus that the DNC hack came from a Russian operation. That still leaves a number of people who insisted that Guccifer 2.0 was a lone hacker — including Wikileaks founder Julian Assange and Roger Stone, both of whom denied the e-mails came from Russian sources during the 2016 campaign. In order to get around Guccifer 2.0’s provenance, the Seth Rich conspiracy theory sprang into being — that the e-mails got stolen rather than hacked and passed along to Wikileaks directly. This revelation should put paid to that notion.
This might also heighten the legal issues surrounding Assange, too. He’s holed up in the Ecuadorian embassy in London even though Sweden has ended its pursuit of him on unrelated charges of sexual assault. Assange has suggested that the US has a secret FISA arrest warrant out for him, which is why he’s refused to leave the embassy even after wearing out his welcome with the Ecuadorians. After learning this, it’s not clear why the US hasn’t issued a public extradition request. Assange might well have been duped by Guccifer 2.0 and the Russian GRU, or he might have been a willing participant in their operation. Either way, I’d bet the FBI and Robert Mueller would like to interrogate him to find out.
TDB’s Spencer Ackerman and Kevin Poulson argue that the news also “move[s] the investigation closer to Trump himself.” Er, not really, although it clearly rebuts Trump’s earlier claims that the DNC hack might not have been conducted by Russia. We already knew that Roger Stone had been in contact with Guccifer 2.0 because Stone publicly declared it a years ago. That contact came after the hack, Stone insisted, and whether or not it’s true, Stone’s contact with Guccifer 2.0 has been well known for a long time. There’s nothing in the rest of this story to suggest that the revelation provides any more connection to Trump and his campaign than the data points already known.
It does, however, make more public the connection between the Russian government and the hacking campaign. Robert Mueller’s indictment of Russian suspects in the election-interference operation suggested such connections, but this would be direct evidence of Kremlin-ordered penetration into American political organizations. That presents the Trump administration with a conundrum; Trump clearly has tried to keep top-level relations with Putin on a friendly course, but this is just as clearly an unfriendly and hostile action against the sovereignty and integrity of American leadership. Now that this is out, Trump needs to demonstrate that such actions will not go without consequences of some sort, even beyond the sanctions Steve Mnuchin just rolled out.
The Department of Justice scheduled a presser earlier this morning, which seemed at first tied to this revelation. Instead, Rod Rosenstein announced an indictment against nine Iranians connected to the IRGC for hacking more than 300 universities and dozens of private-sector companies in the US.
JUST IN: U.S. charges nine Iranians with conducting "massive cyber theft campaign on behalf of the Islamic Revolutionary Guard Corps." pic.twitter.com/OHsE5qx9f7
— ABC News (@ABC) March 23, 2018
This requires a response that goes beyond an indictment, too, even if the response isn’t necessarily public.