On Thursday, a report from the Daily Beast[1] alleged that the Guccifer 2.0 hacking persona[2]—famous for leaking data stolen from the Democratic National Committee[3] in 2016—has been linked to a GRU Russian intelligence agent. What appears to have given Guccifer away: The hacker once failed activate a VPN[4] before logging into a social media account. This slip eventually allowed US investigators to link the persona to a Moscow IP address. In fact, they traced it directly to GRU headquarters.
Guccifer 2.0 took careful precautions to remain anonymous for months, yet one small mistake may have blown the whole cover. Such a gaffe may seem unthinkable for such a prominent and seemingly powerful hacker, but security experts note that, as the truism goes, everyone makes mistakes. And anyone who has worried about operations security, the process of limiting what information an outside party can discover, knows that you can't rely on being perfect.
"It's really easy for a hacker to slip up even if they've perfected their tradecraft," says David Kennedy, CEO of the security firm TrustedSec, who formerly worked at the NSA and with the Marine Corps' signal intelligence unit. "It happens all the time even to the most skilled of attackers, because it only takes one packet that an attacker didn't think about or data that wasn't intended to go to a certain destination to find its source."
Cyber Goofs
From the outside, the faceless world of cyber espionage and digital nation-state aggression has an air of drama and mystery. Personas like Guccifer 2.0 or so-called Advanced Persistent Threat hacking groups have a certain mystique that makes their capers even more disconcerting, like being under attack from a phantom. But in practice it's easy to see