A cybersecurity firm on Tuesday said the hacker who claimed credit for acquiring thousands of emails from the Democratic National Committee is likely Russian, not Romanian as he let on.
Virginia-based Threat Connect followed several clues left by hacker “Guccifer 2.0” – who took responsibility for stealing the emails and giving to WikiLeaks to distribute – and determined he was using a Russian VPN, or Virtual Private Network, to mask his location.
A reporter with political blog the Hill provided Threat Connect with redacted emails between himself and the hacker, which “raised our confidence in our current assessments and hypotheses,” the cybersecurity company said.
The company was also given emails shared between the hacker and deep web news site Vocative and determined the hack was the work of a Russian propaganda effort and not perpetrated by an independent actor.
In analyzing the hidden code in the emails – including more from news blog The Smoking Gun – the cybersecurity firm found that the hacker seemed to be using a French IP address and AOL email account, which provides certain user identifiers.
“The fact that Guccifer 2.0 is indeed leveraging a French AOL account stands out from a technical perspective,” Threat Connect said. “Very few hackers with Guccifer 2.0’s self-acclaimed skills would use a free webmail service that would give away a useful indicator like the originating IP address. Most seasoned security professionals will be familiar with email providers that are more likely to cooperate with law enforcement and how much metadata a provider might reveal about their users.”
Threat Connect then came to the conclusion that Guccifer 2.0 is not working alone, but rather with a press relations team who is controlling the AOL account and interactions with the media.
The findings underpin the theory – though don’t completely prove – that the Russians are attempting to influence U.S. elections to help GOP nominee Donald Trump win the presidency. Trump on Wednesday offered words of encouragement to Russia, asking the foreign government to find Hillary Clinton’s lost emails, the New York Times reported.
“Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing,” Trump said, staring at the cameras during a press conference. “I think you will probably be rewarded mightily by our press.”
The email dump also revealed the Democratic Party’s attempt at derailing the Bernie Sanders campaign through misinformation. It’s just the latest scandal to plague Clinton just as she’s set to accept the party’s nomination.
In an interview with Britain’s ITV News last month, WikiLeaks founder Julian Assange said his organization had damning proof of corruption, including an email sent from Clinton while she served as secretary of state to her staffers instructing them to remove the “Classified” indicator from a document and send it via an unsecured fax line. It’s this small and “silly” skirting of procedure that makes Clinton unfit for the presidency, not to mention what she would do to suppress journalists, Assange said. WikiLeaks has published more than 30,000 of Clinton’s emails as of last month.
Assange said another revelation had to do with the overthrow of Libya and the rise of ISIS.
“Hillary was overriding the Pentagon’s reluctance to overthrow Muammar Gaddafi because they predicted that the post-war outcome would be something like what it is, which is ISIS taking over the country,” Assange said. “It’s Hillary who is the leading champion in office to do that. She has a long history of being a liberal war hog.”
WikiLeaks published 20,000 DNC emails on Friday and shortly after the FBI said it was opening an investigation into the hack.
“A compromise of this nature is something we take very seriously, and the FBI will continue to investigate and hold accountable those who pose a threat in cyberspace,” the FBI said in a statement Monday.
The Federal Bureau of Investigation warned the DNC about a potential cyber attack months before it actually did anything about it, CNN reported. By the time the DNC brought in consultants from private security firm in April and the hackers were discovered in the system in June, they had already been there for a year gathering intelligence.