Conversations with a hacker: What Guccifer 2.0 told me

14 January 2017

Generic picture of mysterious hacker — Image caption,
US intelligence agencies dispute that Guccifer 2.0 is just one individual

By BBC Trending

What's popular and why

Who or what is Guccifer 2.0? US intelligence agencies believe the mysterious hacker persona was central to efforts to interfere with last year's American election and responsible for distributing hacked documents that embarrassed the Democratic Party. But now Guccifer 2.0 has broken a two-month silence to deny any connection to Russia. In the run up to Donald Trump's victory, BBC Trending's Mike Wendling struck up an online dialogue with Guccifer 2.0 to try to probe the hacker's motives.

It turned out that talking to one of the world's most notorious hackers was easier than you might think. Just send him a tweet.

Tweets: Reporter: We're doing a story about you this weekend on the BBC World Service. Would be great to hear your thoughts. Hacker: hi. u can send me your questions here

In the summer of 2016 the hacker, going by the name Guccifer 2.0, leaked a trove of documents from the Democratic National Committee (DNC) to Wikileaks, which then made the material public.

The revelations were embarrassing for the Democrats and the Hillary Clinton campaign, and resulted in the resignation of party chair Debbie Wasserman-Shultz.

Although Guccifer 2.0 took his name from a Romanian hacker - the original Guccifer hacked emails belonging to American and Romanian officials, and is currently in prison - suspicion immediately fell on Russia.

Metadata attached to the leaked documents was in Russian not Romanian. Analysts determined that Guccifer 2.0 had used a Russian server. A host of security experts traced the leak to Russian intelligence.

Lorenzo Franceschi-Bicchierai, a journalist with Vice's Motherboard, chatted with the hacker in Romanian in the days after the DNC hack. The problem was, Guccifer didn't seem to speak the language very well.

"He did answer some questions in Romanian," but the answers were very basic, Franceschi-Bicchierai told BBC Trending.

"I showed those answers to people who did speak Romanian and they all agreed he wasn't a Romanian speaker," Franceschi-Bicchierai says. "We later put the conversation to linguists and not everyone agreed that he was a Russian speaker but he was definitely not a native Romanian speaker."

Listen to more on this story on BBC Trending radio on the BBC World Service.

During our exchanges in October - and until the present day - Guccifer 2.0 continued to deny having anything to do with Russia.

He also claimed to have more incriminating documents on Hillary Clinton - documents which he urged me to publish.

Tweets. Guccifer: But I can tell u something interesting. Reporter: OK go ahead. Guccifer: i have some inside information from dnc. unfortunately i can't prove it by docs. but for sure this info will be good for journalist investigation. r u interested in it?

The information was sent to me via encrypted email. But despite the cloak-and-dagger presentation, the material was ultimately disappointing - a mishmash of old stories, publically available documents which were rather dull, and others which were obvious forgeries.

I asked him about his motivations. He said he believed that people have the right to know what's going on in the election process.

Tweets. Guccifer: I do believe that people have right to know what's going on inside the election process in fact. Reporter: So it's not just for the fame and glory? Are you upset at Wikileaks stealing your thunder ... or do you still support Assange? They have made some interesting revelations Guccifer: i'm glad. together with assange we'll make america great again - smily emojis. Reporter: are you a Trump supporter? In your FAQ you say you don't support him. Assange is not a fan either.

Tweets. Guccifer: i don't vote for trump. Reporter: Well if you're Russian (or Romanian or whatever) you can't vote for anybody, right? Guccifer: i vote for freedom. Follow me and make a good story.

Trying to get friendly journalists to write sympathetic stories is a common tactic of Russia's online intelligence operations, says Lee Foster of FireEye, one of the big computer security firms which has been looking into the Guccifer 2.0 hacks.

"This is actually something that we've coined 'direct advocacy'," Foster says. "These false hactivists reach out to journalists but also other individuals, security blogs, and so on to get them to publicise the activity that they've been engaged in and sometimes even to spin particular narratives around those leaks as well."

Foster says he's highly confident that the Russian authorities are behind the Guccifer persona. For its part, Moscow denies being behind the leaks, and Julian Assange of Wikileaks says Russia wasn't the source of the leaked DNC emails.

I asked Guccifer about Russia.

Tweets. Reporter: What do you think about Putin? Guccifer: i don't live in russia. i'm not interested in russia and its government. Reporter: Not even a little bit? But you don't live in the USA either - and you are very interested in American politics. I mean, I'm interested in Russia (and the UK and the US too). Guccifer: i'm little bit angry with that. all of u attribute me to russia, but i'm tired of it. i don't care about that country.

After that, he stopped responding to my messages.

In the run-up to the US election in November, Guccifer warned that the Democrats would attempt to rig the vote. But after Donald Trump's victory, he went silent.

Last week US intelligence chiefs released a declassified version of a report which has been presented to President Obama and President-Elect Trump.

One of the report's key judgements read: "We assess with high confidence that Russian military intelligence (General Staff Main Intelligence Directorate or GRU) used the Guccifer 2.0 persona and DCLeaks.com to release US victim data obtained in cyber operations publicly and in exclusives to media outlets and relayed material to WikiLeaks."

It added: "Guccifer 2.0, who claimed to be an independent Romanian hacker, made multiple contradictory statements and false claims about his likely Russian identity throughout the election. Press reporting suggests more than one person claiming to be Guccifer 2.0 interacted with journalists."

So could there be several people involved in operating the Guccifer 2.0 persona? Lee Foster from FireEye believes so.

"It may be one person who actually looks after the twitter account or it may be part of a team," he told Trending. "But what we certainly can say based on the scale of the activity that we're seeing - that encompasses everything from this initial breach all the way through to the creation of these fake personas to push the information through to the trolling activity trying to push narratives around these leaks - this is not a one person effort. There's quite clearly a concerted and very well resourced and frankly sophisticated operation that is making all of this stuff come together."

Guccifer2.0/Wordpress

Late on Thursday, Guccifer broke his two-month silence to respond to the US intelligence agencies report. "Here I am again, my friends!" he announced on his blog.

"I'd like to make it clear enough that these accusations are unfounded," the hacker wrote. "I have totally no relation to the Russian government. I'd like to tell you once again I was acting in accordance with my personal political views and beliefs."

Several observers noted that Guccifer's English had markedly improved.

Visit the Trending Facebook page

Donald Trump has promised a full report on hacking within 90 days of taking office.

Lee Foster from FireEye says we shouldn't get too hung up on the Guccifer 2.0 brand.

"What doesn't really matter here is the personas themselves. What matters is to what extent does type of activity continue and potentially expand as well. We're already on the trolling side seeing a redirection towards European elections coming up, particularly France and Germany in 2017," he says.

After the report, and his blog re-emergence, I tried once more to contact Guccifer 2.0 on Twitter.

Tweets: We're doing a story about you this weekend on the BBC World Service. Would be great to hear your thoughts

He hasn't responded.

Blog by Mike Wendling

Next story: 'Why I dropped the case against the man who groped me'

Samya Gupta/Facebook

Samya Gupta, a 21-year-old law student from the north Indian state of Uttar Pradesh, was napping on a seat near the back of a bus when she felt something on her breasts. READ MORE

You can follow BBC Trending on Twitter @BBCtrending, and find us on Facebook. All our stories are at bbc.com/trending.

BBC Trending Radio

More from BBC Trending