Anti-Phishing, DMARC , Email Threat Protection , Fraud Management & Cybercrime

Analysis: VPN Fail Reveals 'Guccifer 2.0' is 'Fancy Bear'

'This is a Classic Cock-Up, and Everybody Makes Them,' Says Alan Woodward
Analysis: VPN Fail Reveals 'Guccifer 2.0' is 'Fancy Bear'
Professor Alan Woodward of the University of Surrey

Evidence continues to mount that Russian intelligence created the "Guccifer 2.0" hacker online persona as a "plausible deniability" cover for dumping information stolen from the U.S. Democratic National Committee and other targets, says Alan Woodward, a University of Surrey computer science professor.

The latest piece of the puzzle comes via Daily Beast reporting that U.S. investigators found that Guccifer 2.0 failed to activate a VPN at least once, and that the exposed IP address traced not only to Moscow, but to the building housing the headquarters of Russia's military intelligence agency, known as the GRU (see Report: Guccifer 2.0 Unmasked at Last).

Intelligence agencies often build ghosts, or pretend personas, to give themselves plausible deniability, typically discarding them with some frequency to throw investigators off the scent. In Guccifer 2.0's case, the self-proclaimed "lone hacker" claimed to be Romanian. But the apparent persona operated for a long period of time, thus making it more likely that the persona's operators would make a mistake, Woodward says.

"I think this is a classic cock-up and everybody makes them, and the more you do with a persona online, the more likely you are to expose it," Woodward says of the VPN gaffe.

'Balance of Probabilities'

After years of third-party research, there is now wide agreement that a hacking team tied to the GRU called Fancy Bear, aka APT28, perpetrated the DNC hack. Guccifer 2.0 subsequently handed the files, some of which had been altered, to WikiLeaks for distribution, making the organization an apparent, perhaps unwitting, stooge for Russian intelligence.

Where online operations are concerned, making a 100 percent reliable attribution as to which organization or actual individual was behind an attack is rarely possible, security experts say. "It's all about balance of probabilities," Woodward says. Even so, "I would say that in this case, it's looking like the Russians and the GRU in particular."

In this interview (click on player beneath image to listen), Woodward also details:

  • Evidence tying Russia's GRU to the Guccifer 2.0 online persona.
  • Crafting online personas, both for supposed individuals such as Guccifer 2.0 as well as via automated bots.
  • The difficulty ascertaining the identity of people with whom you're communicating online, even if you're doing so securely.

Woodward is a visiting professor at the department of computing at University of Surrey, and a non-executive director at TeenTech, which encourages teenagers to pursue careers in the fields of science, engineering and technology.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.