Intelligence

Guccifer 2.0 – Lone Wolf or a Fancy Bear?

A hacker using the pseudonymous Guccifer 2.0, claimed responsibility for the cyber-attack on the Democratic National Committee (DNC).

Yesterday, we blogged about the cyber-attack on the Democratic National Committee (DNC) that led a dossier of the presumptive Republican presidential nominee, Donald Trump. According to the US-based cyber security company CrowdStrike, two sophisticated Russian espionage groups, COZY BEAR and FANCY BEAR were behind the attacks basing that conclusion on specific techniques, tactics, and protocols (TTPs) uncovered during the company’s investigation of the breach – a lot can change in twenty-four hours!

Shortly after that blog was filed, a hacker going by the persona Guccifer 2.0, claimed responsibility for the DNC breach.  Guccifer 2.0 is a play on a Romanian hacker calling himself Guccifer.  Guccifer is believed to be the man behind hacking into Hillary Clinton’s personal email server, compromising thousands of sensitive US State Department documents,

Guffifer 2.0 ’s blog questions CrowdStrike’s conclusion that those behind the DNC attacks were sophisticated stating, “I’m very pleased the company appreciated my skills so highly))) But in fact, it was easy, very easy.”  That’s not all.  To prove his point, Guccifer 2.0 released several sensitive DNC documents including donor lists, strategy lists, and even a document titled “NATIONAL SECURITY TRANSITION PLANNING” detailing a timeline of activities of transitioning Secretary Hilary Clinton into the role of President after the November election.

This twist of events has called into question once again the value of attribution and it accuracy.  As a threat intelligence analyst myself, the difficulty in pinpointing attribution to a particular individual, group, or even nation is very difficult and not without its critics.  Security research Bruce Schneier accurately captured the attribution problem in his blog writing:

And while it now seems that North Korea did indeed attack Sony, the attack it most resembles was conducted by members of the hacker group Anonymous against a company called HBGary Federal in 2011. In the same year, other members of Anonymous threatened NATO, and in 2014, still others announced that they were going to attack ISIS. Regardless of what you think of the group’s capabilities, it’s a new world when a bunch of hackers can threaten an international military alliance.

And it’s an important point.  At the geostrategic perspective, proper attribution of these types of attacks is critical, especially if the US election system appears to be a victim.

Whether or not the DNC beach will damage the campaigns of the presidential hopefuls is yet to be seen, but that isn’t necessarily the most important thing to consider.  At stake is the election, arguably, of the most powerful person in the world. In a country that values its democracy so highly, any view that the election process has been compromised may have a serious impact on the public’s perception of the President elect’s legitimacy.  Not only is attribution hard, it’s also vital for decision makers.

Just because attribution is hard, doesn’t mean we shouldn’t do it – even if we, as researchers get it wrong at times.  I personally have seen the value of attribution not just at the nation-state level but on a much smaller scale, where the motivations of the hacker were less about global ambitions and more about financial gain.  Watching cyber intelligence people in the private sector struggling with resources are far more empowered when making their arguments about funding their efforts when they turn the conversation from “How?” to “Who?”  Amazing how quickly you grab a penny-pinching COO’s attention when you have pictures of hackers who just ran amok through you ERP system!

So has Guccifer 2.0 really called into question CrowdStrike’s conclusions? 

Absolutely not!  They’re an excellent threat intelligence shop and I’m confident they’ve done their homework.  International espionage is a tricky game and a good defense is a good diversion.  So is Guccifer 2.0 actually a Russian espionage threat actor?  We don’t know, and may never know, but clearly Guccifer 2.0, whoever he is, he has access to leaked DNC documents, but for further proof is needed before I’m a disciple.  It would have been a lot more believable if Guccifer 2.0 had walked through the attack in a YouTube video. Even then, you’d still have people disbelieving his claims.

In the end, we’re all left to draw your own conclusions, but keep in mind that disinformation is a powerful asset. Don’t always believe what you see.

Written by: Rick Gamache

Rick Gamache is a freelance writer with 25 years’ experience in the cyber security field. His past work includes the Managing Director of Wapack Labs, CIO of the Red Sky Alliance, and lead FISMA auditor for the US Navy’s destroyer program.  Rick has written several high-level cyber and general risk reports with an emphasis on the Nordic countries, India, Russia, and Ukraine and has traveled extensively, speaking on strategic cyber threat intelligence matters as they relate global supply chains.

LinkedIn – https://www.linkedin.com/in/rick-gamache-cissp-021ab43

Twitter – https://twitter.com/thecissp

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Russian Hackers, Guccifer 2.0)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

8 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

12 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

17 hours ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

20 hours ago

Finnish police linked APT31 to the 2021 parliament attack

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…

1 day ago

TheMoon bot infected 40,000 devices in January and February

A new variant of TheMoon malware infected thousands of outdated small office and home office…

1 day ago

This website uses cookies.