| Roger Stone, Trump confidant, acknowledges ‘innocuous’ Twitter conversation with DNC hackers
[ Guccifer 2.0 is a persona used by Russian state sponsored hackers. See second story below. ]
By Andrew Blake - The Washington Times - Friday, March 10, 2017
Roger Stone, President Trump’s former campaign advisor, engaged privately last year with a persona involved in hacking the Democratic National Committee, he told The Washington Times Friday, but insisted the conversations were “completely innocuous.”
“It was so perfunctory, brief and banal I had forgotten it,” the political consultant told The Times on Friday with respect to a private Twitter exchange he had with “Guccifer 2.0,” a pseudonymous entity explicitly tied to the DNC hack.
Guccifer 2.0 appeared last summer shortly after it was revealed that the DNC’s computer network had been breached by hackers. The self-described Romanian hacktivist claimed in a June 15 blog post that he had compromised the DNC — not Russian hackers, as experts had indicated — and said he had supplied WikiLeaks with a trove of documents ultimately published by the antisecrecy website the following month.
Mr. Stone wrote an article for Breitbart News on Aug. 5 attributing the DNC breach to Guccifer 2.0, not Russia, and swapped a handful of direct messages with the persona in the weeks that followed, according to copies of the conversations provided to the Times.
In one of the messages dated Aug. 14, Mr. Stone said he was “delighted” that Twitter had reinstated Guccifer 2.0’s account following a brief suspension. Two days later, Mr. Stone again privately messaged the Twitter account and asked for it to retweet a column he had written about the prospects of the 2016 presidential election being “rigged.”
“wow. thank u for writing back, and thank u for an article about me!!!” Guccifer 2.0 wrote Mr. Stone in the interim,
washingtontimes.com
Emails sent by Guccifer 2.0 to The Hill show evidence that the hacker used a Russian-language anonymity protection service — a language he has claimed he could not read or even recognize.
The news comes amid mounting reports linking Guccifer 2.0’s hack of Democratic National Committee (DNC) emails to Russian intelligence.
Guccifer 2.0 communicates with journalists using different disposable web-based email accounts each time. With The Hill, he communicated using addresses from ProtonMail and Mail.com.
To further protect his anonymity, he connected to the webmail accounts using a Virtual Private Network (VPN). Users send VPN servers the address of a site they would like to reach, and the VPN accesses it in their stead – masking the users' internet addresses.
Metadata of emails sent from Guccifer 2.0 to The Hill was shared with the cybersecurity firm ThreatConnect. In the interest of protecting Guccifer 2.0’s identity, his account information was not included.
The Mail.com metadata includes the internet address of who is mailing outgoing messages — in Guccifer 2.0’s case, the VPN.
Vocativ reported Tuesday that ThreatConnect had discovered the hacker used a predominantly-Russian-language VPN when he corresponded with them through a French AOL account. ThreatConnect matched that same internet address from the same VPN to the Mail.com email.
VPNs often let users route their traffic through a variety of servers in a variety of countries. Guccifer 2.0 routed his traffic through a French internet address operated by the Elite VPN service.
But that French internet address was not available for public use – it was not one of the French servers Elite VPN allowed its clients to select. Instead, the French server appears to have only been used by a select, criminal clientele in the past, including text message scammers.
Elite VPN’s website is written in Russian, with links to English translations. Parts of the site, including graphics, are only written in Russian, and when ThreatConnect went through the process of signing up for an account, they found the signup process written entirely in Russian.
Guccifer 2.0 has long claimed to be Romanian. In an online chat interview with Motherboard, Guccifer 2.0 claimed not to know how to speak Russian. In it, Motherboard asked a question in Russian, and Guccifer replied "What's this? Is it russian?"
The site then asked if he understood Russian.
"R u kidding?" wrote Guccifer 2.0.
In the same interview, when forced to answered questions in Romanian, he used such clunky grammar and terminology that experts believed he was using an online translator.
The two active payment services for Elite VPN are options that are popular in Russia, including the Moscow-based Web Money. The site also includes a link to a long-defunct Costa Rican payment processor that was seized by law enforcement in 2013.
There are other anonymity services besides VPNs — including Tor — and a large international community of other VPNs both better known and better esteemed than Elite VPN. But the Edward Snowden documents and recent investigations by U.S. law enforcement show a U.S. interest in cracking through the anonymity of these so-called proxy servers.
“They might be making sure they are leveraging proxy infrastructure within their own borders,” said Rich Barger, ThreatConnect director of threat intelligence.
The fact that Guccifer 2.0’s VPN is Russian is not the first indicator that Russia was involved in the attack on the DNC. The email hack leveraged the same tools, methods and command servers seen in other attacks linked to Russian intelligence, including on the German Parliament.
“The noose is tightening around Russia,” said Barger.
Guccifer 2.0 leaked a number of documents to the press, including convention strategies, donor information and opposition research. The first few packages of files were released to the public directly; the last two were first sent to The Hill. Guccifer has also claimed responsibility for leaking emails to WikiLeaks, something WikiLeaks refuses to confirm or deny.
http://thehill.com/business-a-lobbying/289296-guccifer-20-used-russian-language-vpns-to-leak-documents
|
|
