Forensic analysis has reaffirmed the belief that Russian actors are behind the hack of the Democratic Party, researchers reported Tuesday, adding that the hackers were doing a poor job of covering their tracks.
The discovery was made by researchers at ThreatConnect analyzing emails shared by Vocativ from “Guccifer 2.0,” the hacker who claims to have leaked hacked documents to secret-sharing website WikiLeaks. Researchers noted two main factors that provided clues revealing the hacker’s identity.
The first, they stated, was that the subject used a “virtual private network” connected to previous cyberattacks, including a Russian bride scam. VPNs are used to mask a user’s IP address, making them more difficult to trace.
The second issue they noted was the fact that the perpetrator was using a French AOL account to communicate. Hackers typically don’t use AOL accounts because of security disadvantages, including the fact that IP addresses are easier to locate.
“In our original hypothesis, we suspected Guccifer 2.0 might be leveraging French infrastructure to communicate with the global media, and we have validated this finding with the help of the media,” ThreatConnect’s researchers stated. “As more details continue to surface surrounding Guccifer 2.0, we continue to identify heavy traces of Russian activity, from the specific Russian-based VPN service provider, domain registrants, and registrars as well as various discrete events that have circumstantial marks of Russian origins.”
Related Story: http://www.washingtonexaminer.com/article/2593837
The researchers effectively conclude the “Guccifer 2.0” persona consists of Russian messaging professionals with no technical expertise. “As we pointed out in our previous analysis, we conclude Guccifer 2.0 is an apparition created under a hasty Russian D&D campaign,” researchers wrote.
“Those who are operating under the Guccifer 2.0 Twitter, WordPress and Email communications are likely made up a cadre of non-technical politruk attempting to establish ‘Guccifer 2.0’ as a static fixture on the world stage,” they added. “Their use of Russian VPN services with French infrastructure may shed light on a method Russian intelligence operatives use, domestic services coupled with foreign infrastructure, to help hide their hand and deter any potential attribution to Russia.”
