On Saturday, Twitter kicked off two accounts connected to the 2016 US presidential election hacking and the subsequent leak of documents stolen during the breaches: Guccifer 2.0 and DCLeaks.
The move came within hours of Friday’s indictment of 12 Russian intelligence officers who the US Department of Justice (DOJ) has fingered in connection to attacks on the computers and email systems of the Democratic National Committee (DNC) in the months leading up to the election,
Both accounts were fronted by fictitious personas and used to release tens of thousands of stolen emails and documents, according to the indictment.
DCLeaks.com was created as a place to publish stolen documents more than a month before any documents were actually leaked from the breach, the DOJ says. The hacking group Fancy Bear has been linked to the spearphishing campaign that weaseled Gmail account credentials out of Hillary Clinton campaign chairman John Podesta and other DNC members.
Both the Guccifer 2.0 and DCLeaks accounts had reportedly been dormant for at least a year and a half prior to Twitter shutting them down.
The indictment claims that both accounts were used to spread misinformation. One example: in a 2016 interview with Motherboard’s Vice, Guccifer 2.0 claimed to be Romanian, not Russian. That’s the nationality of the original Guccifer hacker, Marcel Lehel Lazer, who’s now serving a 52-month prison sentence for hacking 100 Americans’ email accounts.
However, the metadata for emails sent by Guccifer 2.0 to The Hill revealed that they were sent using a predominantly Russian-language VPN. When Motherboard pressed Guccifer 2.0 to use Romanian in an online chat, his “clunky grammar and terminology” led experts to surmise that he was using an online translator.
While Guccifer 2.0 claimed to be a Romanian hacker acting on his own, the DOJ has linked at least two Russian intelligence officers to the account: Aleksandr Vladimirovich Osadchuk and Aleksey Aleksandrovich Potemkin.
The Guccifer 2.0 account released stolen documents in or around June 2016 through in or around October 2016.
Per the indictment, on 15 August 2016, the Guccifer 2.0 account received a request for stolen documents from what the DOJ said was a candidate for the US Congress. Guccifer 2.0 obliged with the request, sending documents related to the unnamed candidate’s opponent.
The operators of the Guccifer 2.0 account also sent 2.5 gigabytes of stolen data – including Democrats’ donor records and personally identifying information (PII) – to a state lobbyist/”online source of political news”; sent data pertaining to the Black Lives Matter movement to a reporter; and wrote to somebody who was in “regular contact with senior members of the presidential campaign of Donald J. Trump.”
The “online source of political news” would be the GOP operative and operator of the Florida political gossip blog HelloFLA, Aaron Nevins, who last year told the Wall Street Journal that he requested and received “any Florida-based information” from Guccifer 2.0.
The close Trump associate turns out to be Roger Stone, a longtime GOP operative and one of Trump’s most trusted advisers, as he acknowledged on Saturday. Stone was in contact with Guccifer 2.0 during the campaign while being “in regular contact” with senior Trump campaign officials, he said. He already made the exchange public while testifying before the House Intelligence Committee under oath.
But all this is getting deep into the weeds. Twitter didn’t go into the history of the two accounts’ efforts to screw with the election: rather, a Twitter spokesman sent out this brief statement:
The account has been suspended for being connected to a network of accounts previously suspended for operating in violation of our rules.
Robby Mook, Clinton’s former campaign manager, told the NY Daily News that the DOJ’s findings are a reminder that both media and campaign workers can wind up being tools in the hands of the country’s adversaries:
Every campaign and media outlet needs to think long and hard about how their actions may make them accessories to a foreign attack on our democracy. This will happen again and all of us – all sides and parties – will be tested.