Based on what I've read there is a high chance he is from Moldova, and now works for one of the big IT companies. Probably in his mid 30s. Lives in US or Canada.
A few things point to it:
* He thinks Moldova is part of Romania. That is a contentious issue. He mentioned it specifically. To do so, they'd have to care about it a bit. Doesn't like the Russians it seems, that hints to it as well.
* He listed possibilities about how someone could be a hacker not just be part of the Russian FSB -- working for a multi-national IT company.
* Age based on what he considers are typical "cool" role models for this age. He listed Rambo and Terminator -- those were the typical boys' role models growing up in the early 90s in Eastern Europe (especially ex-Soviet Union).
* Cares and knows about DNC and specific candidates. Guessing they are following the election process, so probably live in US or Canada.
I was struck by his correct usage of "its" and "it's". That is something many native english speakers do not get right. He clearly speaks and writes english very well or has someone editing his posts. That would agree with your suggestion he is living in the US or Canada.
You would think though if he was living in the US or Canada, he would at least make a more up-to-date pop reference than Rambo or Terminator. If he was living in the west, he would probably at least cite Mr. Robot or some "betrayed" hero like Jason Bourne.
Seems like this Guccifer 2.0 figure really is just in this for the fame and glory. No real hacker with a different agenda would reveal so much about him/herself (assuming the info is true). It puzzles me. It's almost as if this new Guccifer wants to be caught just like the last one. As if his prosecution by the FBI will finally validate his status as a great hacker, the one who hacked the DNC amid one of the most historic elections in US history.
Far fetched speculation, I wonder if FBI specifically instructed those who were hacked to tell the world it is the evil Russians. It played well with their victim's PR story (it is understandably we couldn't resist such a powerful enemy) but it also worked to flush him out with a blog post like this.
Say, they suspected he was Romanian or from Moldova (a lot of Moldovans do not like the Russian govt.) so telling the world "this was a Russian super-hacker" was a way to get him angry and force him to try to repair his image so to speak.
I think in the end because of of that blog post he might have revealed too much and is at a greater risk of getting caught now than he suspects.
While most of what he said strikes me as "likely true" this struck me as being utter nonsense:
> The DNC had NGP VAN software installed on their system so I used the 0-day exploit and then deployed my backdoor.
The NGP VAN is a service, not a piece of software, and most of the software NGP provide isn't internet accessible. Plus there's also the sticky issue of how he would get ahold of it to fuzz it.
On this issue I believe CrowdStrike. He purchased malware on the black market ($1.5K per this FAQ) and then emailed it to tons of people at the DNC until some moron clicked.
This FAQ has a few obvious lies like that in it, like his poor English is another obvious lie since they are so inconsistent with it.
I think they read about the NGP VAN and then made up the zero day story to make themselves seem more badass. This individual strikes me as your typical script kiddy, in particular considering how much they glorify Guccifer (1) who themselves was a script kiddy.
PS - Crowdstrike are still wrong about the Russian intelligence claims, they never had one shred of proof, even after posting their supposed "proof" it was all just generic hacktools and things you can buy on Tor.
> The DNC had NGP VAN software installed on their system so I used the 0-day exploit and then deployed my backdoor.
I was the tech director for Bernie 2016, and this part tripped my bullshit meter as well. The VAN is a SaaS, not an on-premise solution. The DNC has some servers that have tight integrations with VAN (e.g. direct db access as opposed to using the API) but saying they had "NGP VAN software installed on their system" is a stretch at best, and those certainly aren't the same servers that the DNC uses to store their oppo research and such.
NGP-VAN does run on Azure though, FWIW. I don't know what OS the DNC's servers run on, but it wouldn't shock me if it was Windows as well.
If I had to guess, this whole part is a red herring. I'm sure either guccifer social-engineered folks at the DNC and/or the DNC was storing their oppo research on old servers with shitty security. The NGP VAN was an easy name to throw out and divert attention since their own security issues have been well-publicized in the past.
"You asked me several times if I’m a man or a woman. I’m a man. I’ve never met a female hacker of the highest level. Girls, don’t get offended, I love you."
If you take this part, the references about Terminator and Rambo, and the complaints that Clinton 'didn't earn any money herself' (does he mean because she is was just the presidents wife?), and the admiration for Trump paint a pretty clear picture in my mind.
I agree with the others here that middle European mid-thirties sounds likely. I'll add single and frustrated -- because of the sexist comments. From what he wrote on this page, he seems to know just as much about the US elections as an average well informed European would know, so that part sounds plausible. Nothing here sounds like the work of a state actor; a solo script kiddie sounds like the best explanation. For some reason I believe almost everything in this FAQ; Occam's razor and all.
Yeah, he's an idiot or trolling. There's a few on this list... first Google result I found... that make him look positively amateur if we're talking likely skill required for results achieved:
A few are new to me for some reason (maybe memory loss). I particularly respect the ones from 80's-90's as one had to put more work into learning the craft back then. It was a combo of information scattered across BBS's plus lots of experimentation alone and in groups.
"Build a wall across the Mexican border and force the Mexican's to pay for it" is an extremely clear proposal, and it's been repeated often enough that I'm willing to believe that Mr. Trump sincerely believes it's what we should do.
That doesn't make it, y'know, actually feasible, or a remotely good idea even if it were.
I was wondering about that. Trump inherited his money and built it up with plenty bankruptcies in the process. He's also terrible to employees. With that, I could see two positions for a hacker to take: opposing him as a fake in business and elite snob; respecting him as a fellow troll that hacks the business and legal systems for his own benefit. Not the claim he made, though.
All guessing of course, but disagree with the insinuation it points to Russians still.
- Rambo is not just a lame attempt at sprinkling in an American cultural reference. It is exactly what an Easter European boy in his 30s would have been looking up to back in the day.
- Other than just Russian security services can find translators. English speaking / translating ability is not a rare, expert-only domain. Could have asked a friend.
I guess at the end of the day, nobody likes to be hacked by a random loner guy. It feels more validating to be targeted by KGB's successor. As it explains away the security failures -- "Well these people torture and kill, should be glad we only got hacked by them, could have been a lot worse ...".
For example:
https://twitter.com/pwnallthethings/status/74852434881898905... No, not every fixed security issue gets a CVE. Not even 1% of them. This is why while auditing a target you'll try to get a copy of the software version they run, and any newer versions to identify patched bugs.
Why is it that .ru intelligence is even pegged as a likely candidate here? Literally nothing pointing towards them, you don't have to be an intelligence agency to pop some DNC boxes.
I would look at the motive. State actors will use the information for economic and security benefit, not broadcast to the world. A guy who wants attention, to be thought of in the same vein as Assange and Snowden, will announce it to the world.
Plus, I think if the system was as easy to access (via $1.5k 0day hack purchased online, and was disabled via reboot on June 12th), then I think lots of other people had access, including state actors. I don't think they would announce it to the world, just quietly use the information.
Also, I don't think Guccifer wants to influence the election, as he seems to have an impoverished understanding of the facts. I think he just wants to show off.
As for a coverup? I don't think it would be as loud or as prolonged as this (Streisand effect). It seems there is even more forthcoming info, too.
That article seems to be mostly speculation, though. Maybe Guccifer is a Russian, but not affiliated with the Russian government (aka Putin aka Ivan the Terrible).
But apparently this is The Cold War 2.0, and whenever Russians may be involved, this means that the Russian government is involved...
“Let’s spell this out,” Rid said. “We have a foreign intelligence agency that is picking sides, that is doing a sophisticated hack and influence operation in support of the presumptive nominee of the Republican Party in the US general elections. That’s craziness, if that’s actually the case.”
Yeah, having foreign intelligence agencies interfere in sovereign elections does suck.
I have this conversation with people often. They think I am an obnoxious IT guy, but I think we love reaching for convenient answers.
Both sides, lone wolf or Russian state sponsorship, I don't seem off. Both extremes are easy win for easily placated minds, so I worry when I feel myself just gravitating to them.
That being siad, it saddens me when reputable infosec people (by their own measure) use Medium. Haha.
I'm surprised at how many people are "trusting the client" here. Analyzing what is being said, as though any of it were the truth. As if the FSB couldn't type all this up just as easily as some thirty year old single guy from Moldova. Not only that, but this is so over the top ("I'm the best hacker ever!!!one") that I'm surprised people are taking it seriously. To me, this really just sounds like someone or some group of people trying to make themselves sound like a hacker, complete with hacker folk heroes like Snowden and Assange.
> As for me, I see great differences between Hillary Clinton and Donald Trump. Hillary seems so much false to me, she got all her money from political activities and lobbying, she is a slave of moguls, she is bought and sold. She never had to work hard and never risked everything she had. Her words don’t meet her actions. And her collision with the DNC turned the primaries into farce.
> Opposite to her, Donald Trump has earned his money himself. And at least he is sincere in what he says. His position is straight and clear.
This feels state-sponsored, perhaps a product of Russia. Catching my attention:
* Emphasis on disparaging Clinton is interesting as current Admin policy is decidedly (and effectively) counter to Russian interests.
* Referring to Intel community using the reverent European bureaucratic term "Special Services".
* The boastful lone hacker, but calls himself Guccifer 2.0. Obligatory reference to Lazar midway through the manifesto.
* Real political and security drama in the UK and Europe, but focuses on a comparatively boring Clinton campaign, dropping leaks just as a stumbling Trump campaign needs them the most - and all the while Trump, who is largely reviled in Europe, is praised in the FAQ.
I'd be amused to learn this was homegrown. I have the increasing sense the Clintons made more than their share of powerful enemies at home as I begin to read the "Crisis of Character" book.
[+] [-] rdtsc|9 years ago|reply
A few things point to it:
* He thinks Moldova is part of Romania. That is a contentious issue. He mentioned it specifically. To do so, they'd have to care about it a bit. Doesn't like the Russians it seems, that hints to it as well.
* He listed possibilities about how someone could be a hacker not just be part of the Russian FSB -- working for a multi-national IT company.
* Age based on what he considers are typical "cool" role models for this age. He listed Rambo and Terminator -- those were the typical boys' role models growing up in the early 90s in Eastern Europe (especially ex-Soviet Union).
* Cares and knows about DNC and specific candidates. Guessing they are following the election process, so probably live in US or Canada.
[+] [-] jontas|9 years ago|reply
[+] [-] jn1234|9 years ago|reply
[+] [-] jswny|9 years ago|reply
[+] [-] rdtsc|9 years ago|reply
Say, they suspected he was Romanian or from Moldova (a lot of Moldovans do not like the Russian govt.) so telling the world "this was a Russian super-hacker" was a way to get him angry and force him to try to repair his image so to speak.
I think in the end because of of that blog post he might have revealed too much and is at a greater risk of getting caught now than he suspects.
[+] [-] Someone1234|9 years ago|reply
> The DNC had NGP VAN software installed on their system so I used the 0-day exploit and then deployed my backdoor.
The NGP VAN is a service, not a piece of software, and most of the software NGP provide isn't internet accessible. Plus there's also the sticky issue of how he would get ahold of it to fuzz it.
On this issue I believe CrowdStrike. He purchased malware on the black market ($1.5K per this FAQ) and then emailed it to tons of people at the DNC until some moron clicked.
This FAQ has a few obvious lies like that in it, like his poor English is another obvious lie since they are so inconsistent with it.
I think they read about the NGP VAN and then made up the zero day story to make themselves seem more badass. This individual strikes me as your typical script kiddy, in particular considering how much they glorify Guccifer (1) who themselves was a script kiddy.
PS - Crowdstrike are still wrong about the Russian intelligence claims, they never had one shred of proof, even after posting their supposed "proof" it was all just generic hacktools and things you can buy on Tor.
[+] [-] schneidmaster|9 years ago|reply
I was the tech director for Bernie 2016, and this part tripped my bullshit meter as well. The VAN is a SaaS, not an on-premise solution. The DNC has some servers that have tight integrations with VAN (e.g. direct db access as opposed to using the API) but saying they had "NGP VAN software installed on their system" is a stretch at best, and those certainly aren't the same servers that the DNC uses to store their oppo research and such.
NGP-VAN does run on Azure though, FWIW. I don't know what OS the DNC's servers run on, but it wouldn't shock me if it was Windows as well.
If I had to guess, this whole part is a red herring. I'm sure either guccifer social-engineered folks at the DNC and/or the DNC was storing their oppo research on old servers with shitty security. The NGP VAN was an easy name to throw out and divert attention since their own security issues have been well-publicized in the past.
[+] [-] awinder|9 years ago|reply
Oof.
[+] [-] cloakandswagger|9 years ago|reply
If there are substantially fewer women in tech, why is it unreasonable to think there are practically no skilled female hackers?
(And note that when I use the term 'hacker' I'm referring to the illegal, blackhat variety, not the 'I turned my oven into a WiFi hotspot!' kind)
[+] [-] tomp|9 years ago|reply
[+] [-] jakobegger|9 years ago|reply
I agree with the others here that middle European mid-thirties sounds likely. I'll add single and frustrated -- because of the sexist comments. From what he wrote on this page, he seems to know just as much about the US elections as an average well informed European would know, so that part sounds plausible. Nothing here sounds like the work of a state actor; a solo script kiddie sounds like the best explanation. For some reason I believe almost everything in this FAQ; Occam's razor and all.
[+] [-] nickpsecurity|9 years ago|reply
http://www.computersciencedegreehub.com/10-notorious-female-...
A few are new to me for some reason (maybe memory loss). I particularly respect the ones from 80's-90's as one had to put more work into learning the craft back then. It was a combo of information scattered across BBS's plus lots of experimentation alone and in groups.
[+] [-] cdubzzz|9 years ago|reply
This must be satire...
[+] [-] vec|9 years ago|reply
That doesn't make it, y'know, actually feasible, or a remotely good idea even if it were.
[+] [-] nickpsecurity|9 years ago|reply
[+] [-] shritesh|9 years ago|reply
[+] [-] rdtsc|9 years ago|reply
- Rambo is not just a lame attempt at sprinkling in an American cultural reference. It is exactly what an Easter European boy in his 30s would have been looking up to back in the day.
- Other than just Russian security services can find translators. English speaking / translating ability is not a rare, expert-only domain. Could have asked a friend.
I guess at the end of the day, nobody likes to be hacked by a random loner guy. It feels more validating to be targeted by KGB's successor. As it explains away the security failures -- "Well these people torture and kill, should be glad we only got hacked by them, could have been a lot worse ...".
[+] [-] ryanlol|9 years ago|reply
For example: https://twitter.com/pwnallthethings/status/74852434881898905... No, not every fixed security issue gets a CVE. Not even 1% of them. This is why while auditing a target you'll try to get a copy of the software version they run, and any newer versions to identify patched bugs.
https://twitter.com/pwnallthethings/status/74852495484558131... There's really no inconsistency here, "non-public" generally means "not very well audited"
Why is it that .ru intelligence is even pegged as a likely candidate here? Literally nothing pointing towards them, you don't have to be an intelligence agency to pop some DNC boxes.
[+] [-] Kristine1975|9 years ago|reply
[+] [-] randomname2|9 years ago|reply
[1] http://motherboard.vice.com/read/guccifer-20-is-likely-a-rus...
[+] [-] chillingeffect|9 years ago|reply
Plus, I think if the system was as easy to access (via $1.5k 0day hack purchased online, and was disabled via reboot on June 12th), then I think lots of other people had access, including state actors. I don't think they would announce it to the world, just quietly use the information.
Also, I don't think Guccifer wants to influence the election, as he seems to have an impoverished understanding of the facts. I think he just wants to show off.
As for a coverup? I don't think it would be as loud or as prolonged as this (Streisand effect). It seems there is even more forthcoming info, too.
[+] [-] Kristine1975|9 years ago|reply
But apparently this is The Cold War 2.0, and whenever Russians may be involved, this means that the Russian government is involved...
[+] [-] saynsedit|9 years ago|reply
Yeah, having foreign intelligence agencies interfere in sovereign elections does suck.
[+] [-] 616c|9 years ago|reply
https://medium.com/@jeffreycarr/the-dnc-breach-and-the-hijac...
I have this conversation with people often. They think I am an obnoxious IT guy, but I think we love reaching for convenient answers.
Both sides, lone wolf or Russian state sponsorship, I don't seem off. Both extremes are easy win for easily placated minds, so I worry when I feel myself just gravitating to them.
That being siad, it saddens me when reputable infosec people (by their own measure) use Medium. Haha.
[+] [-] fapjacks|9 years ago|reply
[+] [-] chasing|9 years ago|reply
> Opposite to her, Donald Trump has earned his money himself. And at least he is sincere in what he says. His position is straight and clear.
So... good hacker. Crappy political commentator.
[+] [-] meritt|9 years ago|reply
2) Call yourself Guccifer 2.0
3) Post a well-written-in-English FAQ that conveniently attacks Clinton with the same tired shit meanwhile praising Trump.
This is some extremely thinly veiled bullshit.
[+] [-] guard-of-terra|9 years ago|reply
Mine is roughly the same btw, for as much as I care.
[+] [-] rrggrr|9 years ago|reply
* Emphasis on disparaging Clinton is interesting as current Admin policy is decidedly (and effectively) counter to Russian interests.
* Referring to Intel community using the reverent European bureaucratic term "Special Services".
* The boastful lone hacker, but calls himself Guccifer 2.0. Obligatory reference to Lazar midway through the manifesto.
* Real political and security drama in the UK and Europe, but focuses on a comparatively boring Clinton campaign, dropping leaks just as a stumbling Trump campaign needs them the most - and all the while Trump, who is largely reviled in Europe, is praised in the FAQ.
I'd be amused to learn this was homegrown. I have the increasing sense the Clintons made more than their share of powerful enemies at home as I begin to read the "Crisis of Character" book.
[+] [-] Exuma|9 years ago|reply
[+] [-] echelon|9 years ago|reply
https://en.wikipedia.org/wiki/Guccifer
[+] [-] Kristine1975|9 years ago|reply
Hacker 'Guccifer 2.0' publishes DNC campaign docs with strategies for defending Clinton
The handle is a reference to https://en.wikipedia.org/wiki/Guccifer
[+] [-] tacos|9 years ago|reply
[+] [-] Kristine1975|9 years ago|reply
[+] [-] guard-of-terra|9 years ago|reply
This guy's writing reminds me of Bill Cipher uncomfortably.