Twitter suspends Guccifer 2.0, DCLeaks accounts

News by Teri Robinson

US Special Counsel Robert Mueller identifies Guccifer 2.0 and DCLeaks as fronts for influence campaigns staged by Russian operatives, Twitter suspends their accounts.

In the US a day after an indictment from US Special Counsel Robert Mueller identified Guccifer 2.0 and DCLeaks as fronts for influence campaigns staged by Russian operatives, Twitter has suspended their accounts.

"The account has been suspended for being connected to a network of accounts previously suspended for operating in violation of our rules," a Twitter spokesman told the US newspaper, the San Diego Union-Tribune.

The accounts haven't been used for more than a year. 

Mueller on Friday indicted 12 Russian military officers for hacking groups affiliated with the Democrat Party, including the Democratic National Committee (DNC) and Hillary Clinton's campaign.

DCLeaks was used to distribute documents pilfered during the hacks and Guccifer 2.0 posed as a Romanian hacker inspired by notorious hacker Guccifer. 

Guccifer 2.0 drew attention during the 2016 presidential election when Donald Trump surrogate Roger Stone said he was in touch with the hacker. 

The latest round of indictments in Mueller's Russian probe referred to an unidentified US person who was in contact with Guccifer 2.0 and members of the Trump campaign. On Saturday, Stone said he was likely that person. The indictment recounts a message between Guccifer 2.0 and the US National in which the former says it "would be a great pleasure" to help and asks "What do u think about the info on the turnout model for the democrats entire presidential campaign."

The latter answers, "Pretty standard."

SC Media reported on Friday (repeated below) how Special Counsel Robert Mueller  indicted 12 Russian military officers, part of Russia's GRU military intelligence unit, for hacking into the Democratic National Committee (DNC) systems in an effort to influence the 2016 presidential election. 

The fruits of those break-ins - a trove of documents - were spread under the auspices of Guccifer 2.0 and DCLeaks, according to Deputy Attorney General Rod Rosenstein, who revealed the indictments Friday, which included 11 counts, after a grand jury handed them down. 

Rosenstein said Russian operatives also hacked a state election board and nicked data on 500,000 voters.

The indictments came as President Trump prepared to meet with Russian President Vladimir Putin in Helsinki today. Trump who has rebuffed US intelligence showing Russian interference in the election and has decried the Mueller probe as a witch hunt, has said he will again broach the issue of Russia's interference at the Helsinki summit. He has previously said he believes the Russian president's denials that he was behind the country's nefarious cyberactivities. 

"President Trump should cancel his meeting with Vladimir Putin until Russia takes demonstrable and transparent steps to prove that they won't interfere in future elections," US Senator Chuck Schumer said in a statement, noting that "glad-handing" with Putin in the wake of the indictments "would be an insult to our democracy."

"It has been clear – even before today – that President Trump was never going to take Putin's attack on our democracy seriously," said Senator Bennie G. Thompson who called Trump "too quick to take Putin's word over the conclusions of our intelligence community, he will never be able or willing to properly confront Putin." Thompson called for the president "to accept the truth about Putin's actions in the 2016 elections, cancel his meeting with him, and get to work on keeping Russia out of our democracy."

Rosenstein stressed that there was "no allegation in this indictment that any American citizen committed a crime. There is no allegation that the conspiracy altered the vote count or changed any election result."

But the indictment did say that on the same day that candidate Trump at a rally called for Russia to hand over Hillary Clinton's emails, Russian operatives "attempted after hours to spearphish for the first time email accounts at a domain hosted by a third-party provider and used by Clinton's personal office." What's more, "at or about the same time, they also targeted seventy-six email addresses at the domain for the Clinton campaign," the document said.

The Justice Department explained that the DCLeaks website was established the day before the new infamous Trump Tower meeting between Donald Trump, Jr, and Russian lawyer who promised to provide dirt on Clinton. The indictment said Russian operatives used bitcoin to pay for an influence campaign on DCLeaks.

Noting the indictment is in accordance with the findings of two US Directors of National Intelligence, the Special Counsel's indictment of the Russian Internet Research Agency for an influence campaign and recent Treasury Department sanctions against Russia for "election meddling and breaking into critical infrastructure in cyberspace," Illumio Head of Cybersecurity Strategy Jonathan Reiber, former chief strategy officer, cyber policy, in the Office of the US Secretary of Defense, said it offers a: "detailed breakdown of the GRU's hacking tactics and capabilities" that shows "how dangerous the Russians are and how important it is for everyone to stay vigilant, verify information sources, and invest in cybersecurity capabilities to prevent breaches from occurring and spreading."  

The indictment revealed "several interesting insights into the organisations that lie behind the intrusion operators we track," said FireEye Director of Intelligence Analysis John Hultquist. "In particular, the document indicates that more than one GRU unit was involved in efforts to undermine the elections." 

One group, Unit 26165, looks a lot like APT28, "the operator who we originally suspected of carrying out the DNC incident," Hultquist said, while another, Unit 74455, "is implicated in incidents affecting election systems."

FireEye has "been actively tracking an actor we believe was tied to those incidents, and have found some connection between those incidents and others, such as efforts to target the 2017 French elections, and disruptive attacks on the 2018 Olympics, as well as other incidents," he said. 

But while much of the group's activity "remains opaque," Hultquist said, FireEye thinks "GRU organisations have been behind many of the most aggressive incidents in recent memory, including the economically devastating NotPetya attacks and attacks on Ukraine's grid."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews