Conversations with a hacker: What Guccifer 2.0 told me
- Published
Who or what is Guccifer 2.0? US intelligence agencies believe the mysterious hacker persona was central to efforts to interfere with last year's American election and responsible for distributing hacked documents that embarrassed the Democratic Party. But now Guccifer 2.0 has broken a two-month silence to deny any connection to Russia. In the run up to Donald Trump's victory, BBC Trending's Mike Wendling struck up an online dialogue with Guccifer 2.0 to try to probe the hacker's motives.
It turned out that talking to one of the world's most notorious hackers was easier than you might think. Just send him a tweet.
In the summer of 2016 the hacker, going by the name Guccifer 2.0, leaked a trove of documents from the Democratic National Committee (DNC) to Wikileaks, which then made the material public.
The revelations were embarrassing for the Democrats and the Hillary Clinton campaign, and resulted in the resignation of party chair Debbie Wasserman-Shultz.
Although Guccifer 2.0 took his name from a Romanian hacker - the original Guccifer hacked emails belonging to American and Romanian officials, external, and is currently in prison - suspicion immediately fell on Russia.
Metadata attached to the leaked documents was in Russian not Romanian. Analysts determined that Guccifer 2.0 had used a Russian server. A host of security experts traced the leak to Russian intelligence.
Lorenzo Franceschi-Bicchierai, a journalist with Vice's Motherboard, chatted with the hacker in Romanian, external in the days after the DNC hack. The problem was, Guccifer didn't seem to speak the language very well.
"He did answer some questions in Romanian," but the answers were very basic, Franceschi-Bicchierai told BBC Trending.
"I showed those answers to people who did speak Romanian and they all agreed he wasn't a Romanian speaker," Franceschi-Bicchierai says. "We later put the conversation to linguists and not everyone agreed that he was a Russian speaker but he was definitely not a native Romanian speaker."
BBC Trending Radio
Listen to more on this story on BBC Trending radio on the BBC World Service.
During our exchanges in October - and until the present day - Guccifer 2.0 continued to deny having anything to do with Russia.
He also claimed to have more incriminating documents on Hillary Clinton - documents which he urged me to publish.
The information was sent to me via encrypted email. But despite the cloak-and-dagger presentation, the material was ultimately disappointing - a mishmash of old stories, publically available documents which were rather dull, and others which were obvious forgeries.
I asked him about his motivations. He said he believed that people have the right to know what's going on in the election process.
Trying to get friendly journalists to write sympathetic stories is a common tactic of Russia's online intelligence operations, says Lee Foster of FireEye, one of the big computer security firms which has been looking into the Guccifer 2.0 hacks.
"This is actually something that we've coined 'direct advocacy'," Foster says. "These false hactivists reach out to journalists but also other individuals, security blogs, and so on to get them to publicise the activity that they've been engaged in and sometimes even to spin particular narratives around those leaks as well."
Foster says he's highly confident that the Russian authorities are behind the Guccifer persona. For its part, Moscow denies being behind the leaks, and Julian Assange of Wikileaks says Russia wasn't the source of the leaked DNC emails.
I asked Guccifer about Russia.
After that, he stopped responding to my messages.
In the run-up to the US election in November, Guccifer warned that the Democrats, external would attempt to rig the vote. But after Donald Trump's victory, he went silent.
Last week US intelligence chiefs released a declassified version of a report, external which has been presented to President Obama and President-Elect Trump.
One of the report's key judgements read: "We assess with high confidence that Russian military intelligence (General Staff Main Intelligence Directorate or GRU) used the Guccifer 2.0 persona and DCLeaks.com to release US victim data obtained in cyber operations publicly and in exclusives to media outlets and relayed material to WikiLeaks."
It added: "Guccifer 2.0, who claimed to be an independent Romanian hacker, made multiple contradictory statements and false claims about his likely Russian identity throughout the election. Press reporting suggests more than one person claiming to be Guccifer 2.0 interacted with journalists."
So could there be several people involved in operating the Guccifer 2.0 persona? Lee Foster from FireEye believes so.
"It may be one person who actually looks after the twitter account or it may be part of a team," he told Trending. "But what we certainly can say based on the scale of the activity that we're seeing - that encompasses everything from this initial breach all the way through to the creation of these fake personas to push the information through to the trolling activity trying to push narratives around these leaks - this is not a one person effort. There's quite clearly a concerted and very well resourced and frankly sophisticated operation that is making all of this stuff come together."
Late on Thursday, Guccifer broke his two-month silence to respond to the US intelligence agencies report. "Here I am again, my friends!" he announced on his blog, external.
"I'd like to make it clear enough that these accusations are unfounded," the hacker wrote. "I have totally no relation to the Russian government. I'd like to tell you once again I was acting in accordance with my personal political views and beliefs."
Several observers noted that Guccifer's English had markedly improved.
More from BBC Trending
Visit the Trending Facebook page, external
Donald Trump has promised a full report on hacking within 90 days of taking office.
Lee Foster from FireEye says we shouldn't get too hung up on the Guccifer 2.0 brand.
"What doesn't really matter here is the personas themselves. What matters is to what extent does type of activity continue and potentially expand as well. We're already on the trolling side seeing a redirection towards European elections coming up, particularly France and Germany in 2017," he says.
After the report, and his blog re-emergence, I tried once more to contact Guccifer 2.0 on Twitter.
He hasn't responded.
Blog by Mike Wendling, external
Next story: 'Why I dropped the case against the man who groped me'
Samya Gupta, a 21-year-old law student from the north Indian state of Uttar Pradesh, was napping on a seat near the back of a bus when she felt something on her breasts. READ MORE
You can follow BBC Trending on Twitter @BBCtrending, external, and find us on Facebook, external. All our stories are at bbc.com/trending.