Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Politics

More Evidence Ties Alleged DNC Hacker Guccifer 2.0 To Russian Intelligence (techcrunch.com) 210

An anonymous reader shares a report: It may be a while since you've heard the handle "Guccifer 2.0," the hacker who took responsibility for the infamous DNC hack of 2016. Reports from the intelligence community at the time, as well as common sense, pegged Guccifer 2.0 not as the Romanian activist he claimed to be, but a Russian operative. Evidence has been scarce, but one slip-up may have given the game away. An anonymous source close to the U.S. government investigation of the hacker told the Daily Beast that on one single occasion, Guccifer 2.0 failed to log into the usual VPN that disguised their traffic. As a result, they left one honest IP trace at an unnamed social media site.

That IP address, "identified Guccifer 2.0 as a particular GRU officer working out of the agency's headquarters on Grizodubovoy Street in Moscow," the Daily Beast reported. (The GRU is one of the Russia's security and intelligence organs.) Previous work by security researchers had suggested this, but it's the first I've heard of evidence this direct. Assuming it's genuine, it's a sobering reminder of how fragile anonymity is on the internet -- one click and the whole thing comes crashing down.

This discussion has been archived. No new comments can be posted.

More Evidence Ties Alleged DNC Hacker Guccifer 2.0 To Russian Intelligence

Comments Filter:
  • by Anonymous Coward on Friday March 23, 2018 @09:17AM (#56312619)

    no wonder reddit wont cough up the logs

  • by NuclearCat ( 899738 ) on Friday March 23, 2018 @09:19AM (#56312645) Journal
    Yes, we should believe. I rather prefer to believe detailed technical reports like EFF do, with all details, than this bullshit with "well informed anonymous sources" that often turns to be "our imagination".
    • Verify it yourself (Score:4, Informative)

      by Anonymous Coward on Friday March 23, 2018 @10:30AM (#56313215)

      The other part of the story you can check for yourself. i.e. that he was handed off to another agent who speaks much better English. There you have a verifiable item by reading the early and late Guccifer comments, and it passes a quick sanity check.

      But also "anonymous sources" seem to be nearly 100% accurate when it comes to Trumps stuff and the WH 100% INaccurate. Remember "Trump plans to sack US HR McMaster", remember all the denials from the Whitehouse? and guess what, he's sacked. It was so well known as true, that it barely registered as news.

      And the Steele dossier, I think even the Fox news lying heads know that's real, this guys resignation email hit hard because it was true, if it was false it wouldn't have affected them:

      "As a Russia analyst for many years, it also has appalled me that hosts who made their reputations as super-patriots and who, justifiably, savaged President Obama for his duplicitous folly with Putin, now advance Putin's agenda by making light of Russian penetration of our elections and the Trump campaign. Despite increasingly pathetic denials, it turns out that the "nothing-burger" has been covered with Russian dressing all along. And by the way: As an intelligence professional, I can tell you that the Steele dossier rings true--that's how the Russians do things.. The result is that we have an American president who is terrified of his counterpart in Moscow."

      That's 100% true, and Fox are 100% sacks of lying shits who'd sell out their country for their sponsor. Hannity you are a fucking lying sack of Putin shit.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        100% true, eh? I guess it's just as true as when President Obama mocked then-candidate Mitt Romney for calling out Russia at the debate -- followed by all of the talking heads also mocking Romney and applauding Obama's awareness? It's almost as if the talking heads for either party on the media networks try to support their favored candidate. Nope, that must not be it though because the other mainstream media sources are all Democrat-favoring and thus must be 100% factual. They would never stoop so low as t

    • Well, the person leaking this information is committing a crime. So oddly enough, they don't want to advertise their identity. Nor release to the public a lot of presumably classified information backing it up.

  • by bigtech ( 722116 ) on Friday March 23, 2018 @09:23AM (#56312673)
    who has admitted contact with Guccifer 2.0 during the campaign.
  • by Anonymous Coward

    Uploaded at 22MB/sec (capital B), or so goes the narrative. That's a nice upload circuit. Why is is suspiciously close to the expected transfer rate of a USB2 drive? Gee I wonder.

    • Because once data is "hacked" from one server, it is physically impossible to move it onto another computer and/or device. It had to remain on this guy's hard disk in Russia.

      Or perhaps that's not actually true....

    • by AHuxley ( 892839 )
      It was just another domestic version of the Pentagon Papers. People walking out with party political documents they saw all day and telling the world about US politics.
  • Every newbie hacker knows how to reroute his traffic or even (in some cases) make it appear to come from somewhere else. You just claim a "professional hacker" can't pull off what any scriptkiddy manages to do? Masking your IP address is hacking 101.

    Please. Give me better evidence than that. Quite bluntly, if I wanted to send you on a wild goose chase, I'd make sure to include one such "blunder".

    • by roccomaglio ( 520780 ) on Friday March 23, 2018 @09:41AM (#56312799)
      It seems amazing that the GRU internet access would have IPs pointing back to them. The end point of their network would be set to something innocuous by default. This would be done be done at the network level, so it would be impossible to screw up and give your real ip. This is equivalent to "the professional assassin slipped up and left his passport on top of the victim".
      • by alvinrod ( 889928 ) on Friday March 23, 2018 @10:19AM (#56313125)
        I don't necessarily buy into all of this myself, but why do people tend to treat the government and its operatives as infallible masterminds? If they were so capable in these regards, why is so much else a complete cluster fuck?

        Even if you want to argue that the intelligence organizations are not staffed by your typical rank and file idiots, highly skilled, very intelligent people are still capable of making mistakes. Even though the odds of those are quite small by themselves, doing something enough times makes it likely to have slipped up somewhere.
        • It's also much easier to screw up digitally than physically... and much harder to undo.

        • by AHuxley ( 892839 )
          Re "I don't necessarily buy into all of this myself, but why do people tend to treat the government and its operatives as infallible masterminds?"
          Why would someone in Russia do the one any only thing that would get Russia detected?
          A super easy to find tail back to Russia?
          Russian code litter led to be found?
          Russian spy method are then all over the Western media in real time?
          Reading about the GRU and code litter would tell Russian about its fictional "missions" in the US news?
          Who would allow the USA to
        • Governments have processes. Twice so if Russian. "The average Ruskie, son, don't take a dump without a plan." isn't just a quote from a movie, it's reality. For some people, process is what should be followed. For some, something that must be followed. But I haven't seen a Russian for whom it isn't just something that IS BEING followed because IT IS BEING FOLLOWED. There is no can, should, may or must. There is only IS. No option. No question. No discussion. This is how it is done if it is done or it isn't

      • Making their external IP appear to be an innocuous business wouldn't help much. It would not take long to notice a whole lot of attacks are coming from that innocuous IP and figure out it's not so innocuous. And probably not that hard to tie it back to the GRU by correlating the attacks with other information.

        VPNs let them change their IP far more frequently, preventing that correlation. Now, they should have configured their system to automatically connect to the VPN and refuse to send all packets that

        • If the GRU is supposed the Russian version of the NSA, then it seems unlikely that anybody could just accidentally forget to turn on the VPN. There would be a dozen safeguards to prevent that from happening.

          • And yet the NSA's "toolkit" is public. There would be a dozen safeguards to prevent that from leaking.....

    • by CaptainDork ( 3678879 ) on Friday March 23, 2018 @09:47AM (#56312855)

      I think most of us have fucked up on occasion.

    • Re: (Score:2, Flamebait)

      by barc0001 ( 173002 )

      > Masking your IP address is hacking 101.

      And even super smart people accidentally fucking up that one time out of 10,000 and getting caught has also been "getting caught 101" since the beginning of time.

      How'd they nail that Silk Road guy? Because he fucked up with his gmail address once. How'd they nail Berkowitz (aka the Son of Sam)? A parking ticket.

      • by Entrope ( 68843 )

        If you'll believe some anonymous US intelligence source that, contrary to the findings of many courts in copyright infringement lawsuits, an IP address uniquely identifies a person, I have a bridge to sell you. And a prime island in New York City, only occupied by one rather large green lady.

        • > If you'll believe some anonymous US intelligence source that, contrary to the findings of many courts in copyright infringement lawsuits, an IP address uniquely identifies a person, I have a bridge to sell you. And a prime island in New York City, only occupied by one rather large green lady.

          Cool, will you throw in Coney Island too? I've always wanted an amusement park.

          Nobody with a brain would correlate IP = person. However let's assume this is US intelligence source is correct that Guccifer had act

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      How easy is masking your IP address as a particular GRU officer working out of the agency’s headquarters on Grizodubovoy Street in Moscow?

      "Guccifer 2.0 sprang into existence on June 15, 2016, hours after a report by a computer security firm forensically tied Russia to an intrusion at the Democratic National Committee. In a series of blog posts and tweets over the following seven months—conspicuously ending right as Trump took office and not resuming—the Guccifer persona published a smatter

      • Depends on the protocol used. DNS reflection DDoS attacks are based on the fact that UDP is connectionless and it's trivially easy to make the server answer the wrong IP. TCP is far more tricky since you have to spoof the handshake without knowing when and how the answers come, but even that's doable (depending on how well the server is hardened).

        I have to give you that it's nontrivial to fake a lengthy transaction because your chance of not fucking up sink with every challenge-response pair, but it's doabl

    • If you could manage to read aaaaaaalllllllll the way to the 4th sentence of the summary, you'll find out he forgot to turn on the VPN once.

      I eagerly await your claim that no one ever makes a mistake.

      • Without going into detail: I actually cannot "forget" to turn the VPN on when I'm working. Case in point, I can't even deliberately circumvent it if I wanted. And I would be incredibly surprised if something like the Russian secret service doesn't have something like this in place if even our rather insignificant outfit has these security precautions in place.

    • by pots ( 5047349 )
      Did you read the summary? He was masking his IP address, as you'd expect. Expect he made a mistake one time, as you'd expect. And they caught it with their ubiquitous surveillance, as you'd expect. That's how it usually works - you are the leetest haxxor ever... until you screw up that one time.

      There's nothing weird or surprising about this evidence, it's a typical story about this sort of thing.
      • This is the part I have problems with: How is it possible THAT he screws up?

        I'm in IT security. And sometimes we need to use VPN services so it doesn't spook the admins when they see unusual traffic from a range they know well (because it would lead to "quick, ramp up the defenses, we're being audited"). And even we, "hacking" systems that we ARE ALLOWED TO hack because the owner of the systems hires us, set up an infrastructure that takes the whole VPN problem out of our hands so we CANNOT fuck up. It is s

  • Hello there, my capitalist pigs! Why are you watching this channel, when my own comrades are already watching me and Yuri, and U.S.A! There is nothingk of interest here, but maybe you want to save a Nigerian prince, so if you just send me the winning powerball ticket, we can split the winnings 50-50!

    But the best news is that I will no longer use the nick Guccifer. I think Keyser Soze has a better ring to it.

  • by some old guy ( 674482 ) on Friday March 23, 2018 @10:03AM (#56312983)

    The professional excellence and utter dishonesty of both the Russian state intelligence apparatus and the American deep state make any informed, verifiable determination impossible. The spooks and their masters are pretty damned good at their obfuscation and disinformation games.

    Rather than hitch oneself to a favorite political or ideological bandwagon, I prefer to adhere to a finely-crafted and well-tuned cynicism that demands treating this and every other spy versus spy story as low comedy.

    It makes for passable diversion as I read such stories while comfortably relaxing in Diogenes' pithos.

    • by devloop ( 983641 )
      NONE of this BS matters. We *know* States spy on and hack other States all the time. WHAT MATTERS is what the Media chooses ignore: The content of the material that was hacked. How the DNC rigged the primaries to screw Sanders and progressive voters. THAT is what gave us Trump, running the most corrupt, least likable establishment candidate the Dem Party has run in years. They'd rather have a psycho pathological liar in the WH than a progressive who'll govern for The People, not for the mega corps tha
  • board.

    Or so I've read.

    https://medium.com/@jashobell/the-daily-beast-is-owned-by-iac-and-chelsea-clinton-sits-on-their-board-of-directors-d6978d1e9ee5

  • Somebody we can exonerate, and put under oath? Somebody who can be put in prison if any of this is true?

  • Look, I'm unconvinced that Guccifer 2.0 is a GRU agent, and it's going to take a lot more than two-bit analysis of easily forged logs to convince me of this.

    Now if you'll excuse me, I have work to do. Apparently some people out there still don't believe that Hillary Clinton was running a child-sex-slave ring in the basements of multiple pizza parlours nationwide, and I've got to set them straight.

    • - Guccifer 2.0 story relies entirely on the usual anonymous sources

      - dailybeast broke the story and Chelsea Clinton sits on the board of their parent company IAC
      http://iac.com/about/leadership/board-directors/chelsea-clinton
      https://www.marketwatch.com/story/daily-beast-parent-iac-beats-quarterly-expectations-2017-02-01
      for all we know, the anonymous source was Hillary Clinton.

      - IP addresses are easy to spoof and therefore do not mean much

      - It seems unlikely that the GRU internet access would have IPs pointin

  • Do you seriously think the FSB would use a computer that can be traced back to the street address of the FSB.

On a clear disk you can seek forever. -- P. Denning

Working...