Lone hacker claims to have broken into US Democrat servers
Guccifer 2 posts files as 'proof' – says rest sent to Wikileaks
A lone hacker claims to have been the person who broke into the Democratic National Committee (DNC) servers, and has posted several files online as "proof."
The hacker, going by the name Guccifer 2, created a new Wordpress blog Wednesday and posted several confidential files as well as a taunting rebuke to the security company, CrowdStrike, that the DNC called in to investigate the breach.
He also claims to have sent "thousands of files and mails" to Wikileaks which he says will "publish them soon."
CrowdStrike had previously said the hack was carried out by two professional hacking teams with close ties to the Russian government.
In the post, Guccifer 2 mocks that suggestion: "CrowdStrike announced that the Democratic National Committee (DNC) servers had been hacked by 'sophisticated' hacker groups. I'm very pleased the company appreciated my skills so highly))) But in fact, it was easy, very easy."
He also questions the company's assertion that no financial, donor or personal information had been accessed or stolen, and in response posts several Excel files that list donors and potential donors alongside their names, locations and donated amounts. Along with those comes a 237-page attack document on Donald Trump labeled confidential.
The documents appear genuine in the sense that they do contain legitimate donor information, although much of the data within the files is several years old. Did they come from the DNC servers? It's unclear.
As for the Trump attack doc, that does appear genuine – its sheer length and detail making it unlikely to be a fake, if nothing else – and its claimed author in the file's metadata is Democratic strategist Warren Flood.
That doesn't mean, however, that Guccifer 2 accessed the DNC's servers (the documents could have been stored elsewhere) and it doesn't mean that Guccifer 2 is a lone hacker either – it could be one of two Russian hacking organizations posing as an individual.
CrowdStrike, for its part, is standing by its analysis that it was Russian government hackers. It posted an update to its original analysis stating: "On June 15, 2016 a blog post to a WordPress site authored by an individual using the moniker Guccifer 2.0 claiming credit for breaching the Democratic National Committee. This blog post presents documents alleged to have originated from the DNC.
"Whether or not this posting is part of a Russian Intelligence disinformation campaign, we are exploring the documents' authenticity and origin. Regardless, these claims do nothing to lessen our findings relating to the Russian government's involvement, portions of which we have documented for the public and the greater security community."
So the broader questions are: were the DNC servers hacked by multiple people – professional Russian hackers as well as some lone hacker? And was more information grabbed than the DNC previously recognized?
The first question will be difficult to answer unless Guccifer 2 is real and foolish enough to try to prove the lone-hacker status. The second will be answered in the next week if Wikileaks does in fact post more documents. We shall wait and see. ®