Now there is enough evidence to proof Russia was responsible for the DNC hack. Emails sent to The Hill by the renowned hacker Guccifer 2.0 show that they used Russian language anonymity software. Guccifer 2.0 has on previous occasions denied any knowledge of the Russian language. DNC acknowledged the data breach and blamed it on Russian intelligence a few weeks ago.
Guccifer 2.0 used email addresses from ProtonMail and Mail.com to communicate to The Hill. Guccifer 2.0 is known to interact with journalists using different disposable email accounts. The same happened when talking to The Hill.
The hacker is extremely cautious to maintain anonymity. The emails sent to The Hill passed through a Virtual Private Network (VPN). VPNs mask users IP addresses by sending emails in the stead of the user. The Hill shared Guccifer 2.0 emails’ metadata with ThreatConnect, a cyber-security firm. But they did not include the account’s information to protect the identity of the hacker.
ThreatConnect discovered that the email Metadata of emails sent through Mail.com account contained the internet address of the sender. Since the hacker used a VPN, the sender details are the particulars of the VPN service he used.
According to a report by Vocativ on Tuesday, ThreatConnect deduced that the hacker used a primarily Russian language VPN when he engaged them in a conversation using a French AOL account. The internet address used to correspond with Vocativ is the same matched the internet address of Mail.com emails sent by Guccifer 2.0.
VPN services allow users to transmit internet traffic through a variety of servers located in many countries. Guccifer 2.0’s internet traffic passed through a French server belonging to the Elite VPN service. However, the French server is not for public use. Elite VPN allows a few clients to select the server. Interestingly, the server seems to attract a criminal clientele including text message scammers.
Elite VPN website by default is in The Russian language. There are links on the site to translate the content to English. Nevertheless, some of the content, such as graphic content, is not available in any other language but Russian. ThreatContent went ahead to sign up for an account. The cyber-security firm reported that the signup process is in Russian.
Guccifer 2.0 claims to be Romanian. He claimed this during an online interview with Motherboard. When the interviewer asked a question in Russian Guccifer, 2.0 replied “What is that? Russian?” The interviewer compelled him to answer questions in Romanian during the same interview. The hacker responded in such scanty Romanian that analysts were sure he used an online translator.
But, the fact that Guccifer 2.0’s preferred VPN service is Russian is not the only thing linking the DNC hack to Russia. The email hack exploited tools, command servers, and methods similar to other attacks carried out by the Russian Intelligence, such as the German Parliament attack.
Guccifer 2.0 has in the past few weeks leaked some docs from the hack to the press. He is also believed to be the source of DNC emails published by Wikileaks last week.