"Guccifer 2.0" is a persona which claimed to be the hacker(s) who gained unauthorized access to the Democratic National Committee (DNC) computer network and then leaked its documents to the media, the website WikiLeaks, and a conference event. Some of the documents "Guccifer 2.0" released to the media appear to be forgeries cobbled together from public information and previous hacks, which had been mixed with disinformation. According to indictments in February 2018, the persona is operated by Russian military intelligence agency GRU.12 Russians indicted in Mueller investigation
CNN.com, July 13, 2018
On July 13, 2018, Special Counsel Robert Mueller indicted 12 GRU agents for allegedly perpetrating the cyberattacks. The U.S. Intelligence Community concluded that some of the genuine leaks from "Guccifer 2.0" were part of a series of cyberattacks on the DNC committed by two Russian military intelligence groups, and that "Guccifer 2.0" is actually a persona created by Russian intelligence services to cover for their interference in the 2016 U.S. presidential election. This conclusion is based on analyses conducted by multiple private sector cybersecurity individuals and firms, including CrowdStrike,Dmitri Alperovitch
Bears in the Midst: Intrusion into the Democratic National Committee
Crowdstrike (June 15, 2016).
Ellen Nakashima

''Washington Post'' (June 20, 2016).
Fidelis Cybersecurity,Michael Kan
Russian hackers were behind DNC breach, says Fidelis Cybersecurity
IDG News Service (June 20, 2016).
FireEye's Mandiant, SecureWorks,SecureWorks Counter Threat Unit Threat Intelligence
Threat Group-4127 Targets Hillary Clinton Presidential Campaign
, SecureWorks (June 16, 2016).
ThreatConnect,Threatconnect Research Team
Shiny Object? Guccifer 2.0 and the DNC Breach
Threatconnect (June 29, 2016).
Trend Micro, and the security editor for ''Ars Technica''.Dan Goodin
"Guccifer" leak of DNC Trump research has a Russian's fingerprints on it: Evidence left behind shows leaker spoke Russian and had affinity for Soviet era
''Ars Technica'' (June 16, 2016).
The Russian government denies involvement in the theft, and "Guccifer 2.0" denied links to Russia. WikiLeaks founder Julian Assange said multiple parties had access to DNC emails and that there was "no proof" Russia was behind the attack. In March 2018, Special Counsel Robert Mueller took over investigation of Guccifer 2.0 from the FBI while it was reported that forensic determination had found the Guccifer 2.0 persona to be a "particular military intelligence directorate (GRU) officer working out of the agency's headquarters on Grizodubovoy Street in Moscow".


On June 21, 2016, in an interview with ''Vice,'' "Guccifer 2.0" said he is Romanian, which is the nationality of Marcel Lazar Lehel, the Romanian hacker who originally used the "Guccifer" pseudonym. On June 30, 2016 and January 12, 2017, "Guccifer 2.0" stated that he is not Russian. However, despite stating that he was unable to read or understand Russian, metadata of emails sent from Guccifer 2.0 to ''The Hill'' showed that a predominantly-Russian-language VPN was used.Joe Uchill
Evidence mounts linking DNC email hacker to Russia
''The Hill'' (July 26, 2016).
When pressed to use the Romanian language in an interview with ''Motherboard'' via online chat, "he used such clunky grammar and terminology that experts believed he was using an online translator." Linguistic analysis by Shlomo Engelson Argamon showed that Guccifer 2.0 is most likely "a Russian pretending to be a Romanian". Some cybersecurity experts have concluded that "Guccifer 2.0" is likely a creation of the Russian state-sponsored hacking groups thought to have executed the attack, invented to cover up Russian responsibility.Rob Price
Yes, Russia really did hack the Democratic National Committee
''Business Insider'' (June 21, 2016).
Lorenzo Franceschi-Bicchierai
'Guccifer 2.0' Is Likely a Russian Government Attempt To Cover Up Their Own Hack
VICE News (June 16, 2016).
The cybersecurity firm CrowdStrike, which was hired by the DNC to analyze the data breach, "posits that Guccifer 2.0 could be 'part of a Russian Intelligence disinformation campaign'", i.e. a creation to deflect blame for the theft. Russia has made use of the invention of "a lone hacker or an hacktivist to deflect blame" in the past, deploying this strategy in previous cyberattacks on the German government and the French network TV5Monde. Thomas Rid of King's College London, a cybersecurity expert, says it is "'more likely than not' that the whole operation, including the Guccifer 2.0 part, was orchestrated by Russian spies." The hackers responsible for the DNC email leak (a group called Fancy Bear by CrowdStrike) seem to have not been working on the DNC's servers on April 15 which in Russia is a holiday in honor of the Russian military's electronic warfare services. On July 18, 2016, Russian government spokesman Dmitry Peskov denied Russian government involvement in the DNC theft. On July 25, 2016, during an interview with ''Democracy Now!,'' Julian Assange, editor in chief of WikiLeaks, said no one knows WikiLeaks' sources. He adds that "the dates of the emails that ikiLeakspublished are significantly after all—or all but one, it is not clear—of the hacking allegations that the DNC says have occurred." The same day, Assange told NBC News that "it's what's in the emails that's important, not who hacked them." When asked by NBC News if WikiLeaks might have been used to distribute documents stolen as part of a Russian intelligence operation, Assange replied: "There is no proof of that whatsoever. We have not disclosed our source."J. Clara Chan
WikiLeaks' Julian Assange Denies Russian Role in DNC Hack: 'No Proof Whatsoever'
''The Wrap'' (republished on Yahoo News) (July 25, 2016).
Assange said this was "a diversion that's being pushed by the Hillary Clinton campaign." Assange in 2012 hosted a program on RT, a Russian state-run news channel. U.S. intelligence analyst Malcolm Wrightson Nance said Assange has long disliked Clinton. In an October 2016 joint statement, the United States Department of Homeland Security and the Office of the Director of National Intelligence stated: In March 2018, ''The Daily Beast'', citing U.S. government sources, reported that Guccifer 2.0 is in fact a Russian GRU officer, explaining that Guccifer once forgot to use a VPN, leaving IP logs on "an American social media company" server. The IP address was used by U.S. investigators to identify Guccifer 2.0 as "a particular GRU officer working out of the agency's headquarters on in Moscow." In April 2018, ''BuzzFeed'' reported that messages showed WikiLeaks' interest in Guccifer 2.0's emails and files. On July 13, 2018, the United States Department of Justice (DOJ) indicted 12 Russian Intelligence Officers and revealed that Guccifer 2.0 was a persona used by GRU. Twitter suspended the persona's account on July 14, 2018 for "being connected to a network of accounts previously suspended for operating in violation of our rules." The account had been dormant for at least a year and a half.

Computer hacking claims

On June 14, 2016, according to ''The Washington Post'', the DNC acknowledged a hack which was claimed by Guccifer 2.0. On July 18, 2016, Guccifer 2.0 provided exclusively to ''The Hill'' numerous documents and files covering political strategies, including correlating the banks that received bailout funds with Republican Party and Democratic Party donations. On July 22, 2016, Guccifer 2.0 stated he hacked, then leaked, the DNC emails to WikiLeaks. "Wikileaks published #DNCHack docs I'd given them!!!", tweeted Guccifer 2.0. On September 13, 2016, during a conference, an unknown and remote representative of Guccifer 2.0 released almost 700 megabytes (MB) worth of documents from the DNC. ''Forbes'' also obtained a copy of those. Still according to ''Forbes'', on September 12, 2016, ahead of that conference, Guccifer posted a public Twitter message in which he confirmed that his representative was legitimate. The Russian government denied any involvement. The DNC, the DCCC, U.S. intelligence officials, and other experts speculated about Russia involvement. NGP VAN, who state they are the "leading technology provider" for the Democratic campaigns, declined to comment on Guccifer 2.0's recent statements. On October 4, 2016, Guccifer 2.0 released documents and claimed that they were taken from the Clinton Foundation and showed "corruption and malfeasance" there.Lily Hay Newman
Even a Fake Clinton Foundation Hack and Can Do Serious Damage
''Wired'' (October 7, 2016).
Security experts quickly determined that the release was a hoax; the release did not contain Clinton Foundation documents, but rather consisted of documents previously released from the DNC and DCCC thefts, data aggregated from public records, and documents that were fabricated altogether as propaganda. Singled out as particularly absurd was the idea that Clinton's team would have actually named a file "Pay for Play" on their own server, as Guccifer 2.0's screenshots of the alleged "hack" show. Former Trump confidant Roger Stone was in contact with Guccifer 2.0 during the campaign.

Post-election activities

The Guccifer 2.0 persona went dark just before the U.S. presidential election, and resurfaced on January 12, 2017, following the public release of the Steele dossier that asserted the Trump campaign was cooperating with the Russians in their interference in the 2016 presidential election. The dossier also asserted that "Romanian hackers" had performed the hacks. The Guccifer 2.0 persona made a blog post denying that they had any relation to the Russian government, and calling the technical evidence suggesting links to the Russian government "a crude fake." In the blog post, Guccifer 2.0 indicated they had gained access to the DNC servers through a vulnerability in their NGP VAN software.

Timeline of Guccifer 2.0

;2016 * June: Around this time, the conspirators charged in the July 2018 indictment stage and release tens of thousands of stolen emails and documents using fictitious online personas, including "DCLeaks" and "Guccifer 2.0". * June 15: "Guccifer 2.0" (GRU) claims credit for the DNC hacking and posts some of the stolen material to a website. CrowdStrike stands by its "findings identifying two separate Russian intelligence-affiliated adversaries present in the DNC network in May 2016." ''Gawker'' publishes an opposition research document on Trump that was stolen from the DNC. "Guccifer 2.0" sent the file to Gawker. * June 22: WikiLeaks reaches out to "Guccifer 2.0" via Twitter. They ask "Guccifer 2.0" to send them material because it will have a bigger impact if they publish it. They also specifically ask for material on Clinton they can publish before the convention. * July 6: "Guccifer 2.0" releases another cache of DNC documents and sends copies to ''The Hill''. * July 13: "Guccifer 2.0" releases over 10,000 names from the DNC in two spreadsheets and a list of objectionable quotes from Sarah Palin. * July 14: "Guccifer 2.0" sends Assange an encrypted one-gigabyte file containing stolen DNC emails, and Assange confirms that he received it. WikiLeaks publishes the file's contents on July 22. * July 18: "Guccifer 2.0" dumps a new batch of documents from the DNC servers, including personal information of 20,000 Republican donors and opposition research on Trump. * August 5: Stone writes an article for ''Breitbart News'' in which he insists "Guccifer 2.0" hacked the DNC, using statements by "Guccifer 2.0" on Twitter and to ''The Hill'' as evidence for his claim. He tries to spin the DNC's Russia claim as a coverup for their supposed embarrassment over being penetrated by a single hacker. The article leads to "Guccifer 2.0" reaching out to and conversing with Stone via Twitter. * August 12: ** Journalist Emma Best has two simultaneous conversations by Twitter direct message with "Guccifer 2.0" and WikiLeaks. Best tries to negotiate the hosting of stolen DNC emails and documents on archive.org. WikiLeaks wants Best to act as an intermediary to funnel the material from "Guccifer 2.0" to them. The conversation ends with "Guccifer 2.0" saying he will send the material directly to WikiLeaks. ** "Guccifer 2.0" releases a cache of documents stolen from the Democratic Congressional Campaign Committee. * August 13: ** Twitter and WordPress temporarily suspend Guccifer 2.0's accounts. Stone calls "Guccifer 2.0" a hero. * August 15: ** A candidate for Congress allegedly contacts Guccifer 2.0 to request information on the candidate's opponent. Guccifer 2.0 responds with the requested stolen information. ** Guccifer 2.0 begins posting information about Florida and Pennsylvania races stolen from the DCCC. ** The GRU stops its five-attempts-per-second attack on the Illinois State Board of Elections servers. * August 16: Stone sends "Guccifer 2.0" an article he wrote for ''The Hill'' on manipulating the vote count in voting machines. "Guccifer 2.0" responds the next day, "@RogerJStoneJr paying u back". * August 22: ** Florida GOP campaign advisor Aaron Nevins contacts Guccifer 2.0 and asks for material. Nevins sets up a Dropbox account and "Guccifer 2.0" transfers 2.5 gigabytes of data into it. Nevins analyzes the data, posts the results on his blog, HelloFLA.com, and sends "Guccifer 2.0" a link. "Guccifer 2.0" forwards the link to Stone. ** "Guccifer 2.0" allegedly sends DCCC material on Black Lives Matter to a reporter, and they discuss how to use it in a story. "Guccifer 2.0" also gives the reporter the password for accessing emails stolen from Clinton's staff that were posted to "Guccifer 2.0's" website but had not yet been made public. On August 31, ''The Washington Examiner'' publishes a story based on the material the same day the material is released publicly on Guccifer 2.0's website. * August 23: ''The Smoking Gun'' reaches out to "Guccifer 2.0" for comment on its contacts with Stone. "Guccifer 2.0" accuses ''The Smoking Gun'' of working with the FBI. * August 31: "Guccifer 2.0" leaks campaign documents stolen from House Minority Leader Nancy Pelosi's hacked personal computer. * September 3–5: Wealthy Republican donor Peter W. Smith gathers a team to try to acquire the 30,000 deleted Clinton emails from hackers. He believes Clinton's private email server was hacked and copies of the emails were stolen. Among the people recruited are former GCHQ information-security specialist Matt Tait, alt-right activist Charles C. Johnson, former Business Insider CTO and alt-right activist Pax Dickinson, "dark web expert" Royal O'Brien, and Jonathan Safron. Tait quickly abandons the team after learning the true purpose of the endeavor. Hackers contacted in the search include "Guccifer 2.0" and Andrew Auernheimer (a.k.a. "weev"). The team finds five groups of hackers claiming to have the emails. Two of the groups are Russian. Flynn is in email contact with the team. Smith commits suicide on May 14, 2017, about ten days after telling the story to ''The Wall Street Journal'' but before the story is published in June. * September 15: "Guccifer 2.0" sends a Twitter direct message to DCLeaks informing them that WikiLeaks is trying to contact them to set up communications using encrypted emails. * October 5: Trump Jr. retweets a WikiLeaks tweet announcing an "860Mb ic archive of various Clinton campaign documents from "Guccifer 2.0". * October 7: At 12:40 p.m. EDT, The DHS and the ODNI issue a joint statement accusing the Russian government of breaking into the computer systems of several political organizations and releasing the obtained material via DCLeaks, WikiLeaks, and "Guccifer 2.0", with the intent "to interfere with the U.S. election process." ;2017 * January 12: "Guccifer 2.0" denies having any relation to the Russian government. * March 10: Roger Stone admits to communicating with Guccifer 2.0. * March 13: Senate Intelligence Committee Chairman Richard Burr says Roger Stone's communications with Guccifer 2.0 are part of the Committee's ongoing investigation. ;2018 * March 22: ''The Daily Beast'' reports that Guccifer 2.0, the "lone hacker" who took credit for providing WikiLeaks with stolen emails from the Democratic National Committee, was in fact an officer of Russia's military intelligence directorate (GRU) and that Mueller has taken over the investigation into his criminal activities and his direct contact with Stone. * June 18: Lawyers for Andrew Miller, a former associate of Roger Stone, challenge in court a subpoena he received for information about Stone, WikiLeaks, "Guccifer 2.0", "DCLeaks", and Julian Assange. Miller's lawyer Alicia Dearn asserts at the hearing that Miller had asked for immunity regarding political action committee transactions involving himself and Stone.

See also

* DC Leaks * Guccifer * Hillary Clinton controversies * ''Mueller Report'' * Podesta emails * Russian interference in the 2016 United States elections


External links

Guccifer 2.0 website

WikiLeaks searchable DNC email database
{{Hacking in the 2010s Category:Hacking in the 2010s Category:Unidentified people Category:Unidentified criminals Category:People associated with Russian interference in the 2016 United States elections Category:Hackers Category:Russians associated with interference in the 2016 United States elections