Guccifer 2.0 Not A Russian Hacker



Both during and after my recent interrogation by the U.S. House Intelligence Committee, democratic members of that Committee repeated again the false claim that a blogger who calls himself Guccifer 2.0 is a known Russian asset.

By Roger Stone

While our politicized intelligence agencies insist this is a fact, much of the known evidence is to the contrary.

The Deep State chorus repeating this falsehood over and over again makes it no truer than the discredited notion that the DNC was hacked at all, and that the Russians did it.

The Nation magazine recently reported on a study issued by Veteran Intelligence Professionals for Sanity (VIPS), which is a group comprised of numerous former high-level US intelligence officials. Based upon the VIPS study, The Nation concluded that, “There was no hack of the Democratic National Committee’s system on July 5, 2016… not by the Russians and not by anyone else.” Hard science now demonstrates it was a leak; a download executed locally with a memory key or a similarly portable data storage device. In short, they reported it was an inside job by someone with access to the DNC’s system. This casts serious doubt on the initial alleged hack claim that led to the very consequential publication of a large store of documents on WikiLeaks last summer.

Additionally, these unproven allegations have led to a frivolous lawsuit filed by former Obama administration lawyers against me and the Trump campaign. In my motion to dismiss this harassment law suit by some Obama-blessed front group “Protect Our Democracy”, I submitted a sworn declaration by Dr. Virgil Griffith, a cognitive computer graduate from the California Institute of Technology, who questioned the unproven assumptions that Russian hackers are responsible for theft of DNC emails and other data.

In their zeal to bring down the Trump administration, and anyone connected with it, the DNC might have crossed a bridge too far in their scorched earth campaign.  They attempted every tried-and-true dirty trick, every narrative manipulation, and even down right media collusion, to no avail.  For a group of people who had heretofore been able to do anything, to anyone, at any time of their choosing, this was too much to bear.  Suddenly confronted with the legitimate possibility of losing their power, potentially forever, it appears they resorted to desperate measures.  The old adage is true: desperate people do desperate things.

Confronted with a real hacker exploiting Hillary Clinton’s homebrew email server, and the leaks of confidential and damaging emails between Hillary Clinton and Sidney Blumenthal regarding Benghazi from the original Guccifer, it appears the DNC decided to fight fire with fire.  If the Guccifer story could harm the Hillary campaign, perhaps a Guccifer 2.0 story could help her.

In order to make sense of what is surely a complicated scheme, it is most helpful that we undertake a historical review:

On June 12th, 2016, Julian Assange of Wikileaks announced on an ITV televised interview that “We have upcoming leaks in relation to Hillary Clinton which are great … and pending publication.”  At this point, the DNC, the Clinton Campaign, and Crowd Strike, a DNC paid contractor, knew a damage control campaign would be required immediately.

On June 14th, 2016, the DNC released a statement explaining that they’d made the discovery that their servers had been hacked.  Among the trove of documents claimed to be purloined, they make specific and unusual mention of a document or documents related to “Trump Opposition Research”.

On the same day, June 14th, DNC paid contractor Crowd Strike released a report on malware they found on a DNC server during an investigation a month earlier in May of 2016.  They reported that the evidence suggested that the malware was injected by the Russians., but provided no detailed specifics of this evidence.

The next day, on June 15th, a person or persons using the name of a hacker who was recently in the news (the original Guccifer was in court the previous month) steps forward calling themselves Guccifer 2.0 and claimed responsibility for the DNC hack.  Guccifer 2.0 affirms the DNC statement and claims to be the source for Wikileaks.  They post five documents purposefully tainted with ‘Russian Metadata Fingerprints’ and the first of the documents just happened to the “Trump Opposition Research” the DNC announced on the previous day.

Very shortly after Guccifer 2.0 makes its announcement, Gawker, The Smoking Gun, and ArsTechnica all publish articles relating to the DNC hack and focus not on the hack itself, but rather on the Trump opposition file, all on the same day, June 15th.

On June 17th Gawker, ThreatConnect, and The Smoking Gun publish articles that suggest hacked DNC data contains personal donor information including “names, emails, and cell phone numbers”.

On June 18th Guccifer 2.0 announces that it has new documents from the DNC network, including financial reports and donor personal data including “names, emails, and private cell phone numbers.”

On June 20th Guccifer 2.0 makes a point to post that it is the lone hacker of the DNC and promises a dossier on Hillary Clinton from the DNC.

On June 21st, Guccifer 2.0 releases a blog entry titled “Dossier on Hillary Clinton from the DNC”, which is nothing more than links to widely circulated and non-classified documents related to the DNC and Hillary Clinton.

On June 22nd, Wikileaks begins publishing the DNC emails.  That same day Guccifer 2.0 takes credit for the leak.

Later that day, still on the 22nd of June, Guccifer 2.0 then posts that it will speak to anyone over Direct Message on Twitter.  The next day, on June 23rd, a VICE journalist Lorenzo Franceschi-Bicchierai takes up the offer, conducts an interview, and publishes an article titled Why Does DNC Hacker ‘Guccifer 2.0’ Talk Like This? which includes language analysis assessments from three experts.

Over the next few days Guccifer seems to bask in its newfound fame and spends time creating a Guccifer 2.0 FAQ (Frequently Asked Questions) blog post.  It makes a point to wish everyone a happy Independence Day on the 4th of July.

While not specifically part of the Guccifer 2.0 history, at this point anyway, it is worth mentioning in the timeline that it was on July 10th that Seth Rich was murdered.

Guccifer remains active on Twitter, suggesting that its getting ready to publish information, but nothing comes of it.

Within a few days a deluge of articles from Vocative, The Hill, ThreatConnect, TAIA Global, and The Smoking Gun start announcing that Guccifer 2.0 is likely a Russian, perhaps even Russian government affiliated, even though Guccifer 2.0 says plainly at the top of its blog that it is Romanian.

On August 5, 2016 I published my conclusions on Breitbart News that Guccifer 2.0 was not a Russian hacker and, based on its statements, it was indeed responsible for the hack of the DNC. As I told the House Intelligence Committee, I have revised that view and now believe there was no hacking, never mind a hack perpetrated by the Russians

Shortly thereafter, Guccifer 2.0 tweets “@RogerJStoneJr thanks that u believe in the real #Guccifer2” at 10:23 PM on August 12, 2016.

I actually initiated our brief and now entirely public exchange. I had seen on Twitter that Guccifer 2.0 has been suspended from the platform. I Tweeted in protest of the suspension, as I hate censorship. I also noted when Guccifer 2.0 was reinstated, offering congratulations in the first of the series of benign, innocent and even banal exchanges. Not exactly 007 stuff. This was weeks after Wikileaks had already posted the DNC-Clinton material.

The two Twitter Direct Message communications between myself and the Guccifer 2.0 Twitter account occurred on August 15th and again on August 17th. These conversations were innocuous and the full contents of which have been fully revealed to the public.  An additional attempt was made by Guccifer 2.0 to have a DM talk with me on September 9th, but my side of the conversation consisted merely of a request to repost a link, which Guccifer 2.0 agreed to do. I regularly would make re-Tweet requests of many correspondents who have particularly large followings on Twitter or Facebook as a way to get my own message and writings out.

On September 13th, Guccifer 2.0 released the infamous NGP/VAN zip file, which becomes the source of a series of debunking exercises, the results of which are discussed later in this article.

Over the next couple of months, Guccifer 2.0 releases documents it claimed it used hacks and exploits to obtain, including a dossier on Democratic Congressman Ben Ray Lujan.  The dossier is harmless.  Guccifer then makes the bold claim that it hacked the Clinton Foundation and then posts a selection of documents that are claimed to have come from the hack.

A few days before the 2016 US Presidential Election, on November 4th, 2016, Guccifer 2.0 makes its last posts of the year.  Guccifer 2.0 makes a half-hearted offer to be a hacker poll watcher on election day.  The account stays dark until January 12th, 2017, more than two months later.

Throughout the course of Guccifer 2.0’s public communications, it made a variety of substantial claims.  These claims will now be investigated in more detail before we move on to motive and intent, as well as the conflicting evidence.

Guccifer 2.0’s most substantive claim was that it hacked the DNC’s servers.  He stated in his VICE interview that he breached the server using a “Zero-day exploit of NGP-VAN.”  While the report from ThreatConnect made the erroneous assessment that Guccifer 2.0 is a collective of Russians, the report did reveal some very useful facts that served to debunk Guccifer 2.0’s claims, including that he hacked the DNC server.  Unfortunately, it is now necessary to delve into some technical lingo, it is important for the sake of understanding what went on.  For the sake of our less technical readers, an ultra-brief primer is presented below.

A Local Area Network (LAN) is a group of computers that are connected together by hard wires or Wi-Fi connections.  A group of computers on a LAN can communication with each other, but with no other computers or computer networks (including the Internet) unless going through a security device or gateway.  These security devices are most often called Firewalls, a term familiar to most readers, and can be hardware, software, or both.  The DNC server in question is a computer that resides on the DNC LAN, inside of the DNC headquarters building in Washington, D.C. Any communication with the DNC server must go through the DNC LAN, and if coming from the Internet, through the DNC security devices and/or gateways.

NGP VAN is an American voter database, IT consulting, online fundraising, and new media technology company based out of Washington, D.C.  They have a series of web based tools that allow progressive (explicitly not conservative!) campaigns and organizations to leverage technology to meet their goals.  In 2009, they were the largest partisan provider of campaign compliance software, used by most Democratic members of Congress.  The Wall Street Journal said of them “NGP VAN is something of a secret weapon for the Democratic Party and the labor unions and progressive groups that use it.”  The primary products from NGP-Van are MiniVan, a mobile canvasing tool for voter contact and data collection, VoteBuilder, a campaign persuasion and get-out-the vote web tool, and NGP, a web based platform for digital engagement tracking, fundraising, and compliance reporting.  NGP is used by nearly every Democratic campaign running for federal office, is a set of web based applications, and is hosted on NGP-Van servers and controlled by NGP Van in their own facilities.  NGP VAN also has released a set of programming interfaces called their Innovation Platform, that allows software engineers to access NGP functionality directly.  All of NGP systems are web based and have zero direct interaction with the DNC LAN.

A Zero-Day exploit is a software vulnerability that is unknown to those most interested in mitigating the vulnerability, including the vulnerable software creators.  Hackers exploit the vulnerabilities to adversely affect the target computers, programs, data, and if possible, gain access to the wider Local Area Network.

Armed with these few technical terms, we can easily see that what Guccifer 2.0 was claiming is in fact gobbledygook.  Translated another way, Guccifer 2.0 claims that he used an unknown software vulnerability of a COMPANY (not a product), whose products have no direct connection to the DNC LAN, to bypass the DNC LAN security devices, and access the DNC server.  It is for this reason that ThreatConnect correctly discredits the breach by saying “As it stands now, none of the Guccifer 2.0 breach details can be independently verified.”

The second most substantive claim by Guccifer 2.0 was that he was the source of the DNC emails.  He claimed as much, multiple times.  He made a point of mentioning Wikileaks during the purposeful destruction of his own reputation on October 4th, 2016, when he did not post any interesting data with the excuse the databases were “too large. I’m looking for a better way to release them now.”  The “better way” never came, no further data was ever released.  He made these dubious claims a full seventy-three days after the last large data dump came from Wikileaks, which he said he sourced. His Clinton Foundation hack claim was discredited when all the files he posted, turned out to be from previous leaks or from public domain documents.  Ultimately, Guccifer 2.0 never produced anything from the Clinton Foundation verifying a hack, nor has the Clinton Foundation confessed to being hacked.

It is important to remember that Julian Assange stated numerous times that the emails were leaked, rather than hacked, in persistent contradiction with Guccifer 2.0’s claims.  To this day, there is nothing independently verifying Guccifer 2.0’s claims that he hacked the DNC servers.  One final note on the DNC servers, reflect upon why the DNC refused to hand over their ‘hacked server’ to the FBI, claiming that their private firm, Crowd Strike, certified that everything was A-OK and that it was ‘The Russians!’

Speaking of Seth Rich, how the House Intelligence Committee ignores the YouTube interview with Assange, from which the except below was extracted, I don’t know.


“Whistleblowers go to significant efforts to get us material, and often very significant risks. There’s a twenty-seven-year-old, works for the DNC, shot in the back, murdered [Seth Rich], just two weeks ago, for unknown reasons, as he was walking down the street in Washington, so-“


“That was just a robbery, I believe, wasn’t it?”


“No, there’s no finding. So-“


“What are you suggesting? What are you suggesting?”


“I’m suggesting that our sources take risks, and they are, they become concerned to see things occurring like that-“


“But was he one of your sources? I mean-“


‘We don’t comment on our sources-“


‘So, why make the suggestion? About a young guy being shot on the streets of Washington?’


“Because we have to understand how high the stakes are. In the United States. And that our sources, are…face serious risks, that’s why they come to us, to protect their anonymity.


“But it’s quite something to suggest a murder, that’s basically what you’re doing.”


Well, others have suggested that. We are investigating to understand what happened, in that situation, with Seth Rich. I think it is a concerning situation, there’s not a conclusion yet, we wouldn’t be willing to state a conclusion, but we are concerned about it. More importantly, a variety of Wikileaks sources are concerned when that kind of thing happens.”

What is it Mr. Assange is saying?

The high probability now is that there was no hack of the DNC and that their information was downloaded to something as simple as a thumb drive and spirited out the back door– Most likely by Mr. Rich, who would’ve known of the DNC’s on- going to efforts to cheat Sen. Bernie Sanders by manipulating the party rules to help Hillary.

Now that we’ve dissected some of the technical aspects of Guccifer 2.0’s claims, let’s now investigate what we know about the Guccifer 2.0 persona.

Guccifer 2.0 claims to be Romanian, as is clearly stated at the top of its blog.  News reports have focused upon various facts to support their assertions that Guccifer 2.0 is Russian, but each of these facts was created by deliberate calculated choices made by Guccifer 2.0.  It could have named its computer account anything, but it opted to name the account after the founder of the Soviet Secret Police.  It didn’t have to create/open and then save the documents to encode a Russian name into the document Metadata, it chose to do so.

You have to believe that smart hackers are better at covering their steps. A talented hacker would never use his home country IP address, but Guccifer chose to use a Russian VPN service instead.  It could have used an encrypted email service but instead used a public web-based email service that forwarded its Russian VPN IP address.  All of these choices, when put together, seem a rather ham-handed attempted to scream ‘RUSSIA!’.

Aside from the self-promoted, unverified claims, Guccifer 2.0’s actions have had very little actual impact.  It has released no new ‘secret’ documents, the only exception being the apparent leaking of a couple of hundred email addresses and contact numbers for Democrat donors.  Data readily available to the DNC.

When I testified for the House Intelligence Committee, several members insisted an analysis of Guccifer 2.0’s speech pattern indicated he is Russian. This is the same Intelligence community that perpetuated the bogus claim that Guccifer 2.0 left Russian markers on some computer servers. In fact, Guccifer 2.0’s use of “told”, “tell”, “say”, “said”, and definite/indefinite article use, as well as command of prepositions, expose Guccifer 2.0 as being someone that natively speaks in English. The terminology and phrasing that has been used in much of Guccifer 2.0’s informal communications also points to a native English speaker clumsily and irregularly using a hokey fake Russian accent reminiscent of a bad Hollywood movie.

What is intriguing about the ‘Russian Metadata’ tainted documents, appear to be mistakes made by the person or persons portraying Guccifer 2.0.  In some of the documents, specifically the ones that had been created/opened and saved to inject the “Russian Metadata’ into the file, another piece of metadata was injected too:

Created by Warren Flood on 15th of June at 13:38

Modified byФеликс Эдмундович on 15th of June at 14:08

Who is Warren Flood?

We want to be clear that we do not accuse Warren Flood of conducting any of the acts attributed to Guccifer 2.0, more so, analysis of writings attributed to Warren Flood when compared to those of Guccifer 2.0 show subtle but marked differences suggesting the pieces were written by different individuals.  What the data does suggest, however, is that the files were manipulated on a computer where a Warren Flood’s account was logged in when that computer had Microsoft Word initially installed.  Such computers existed, at the time of the Guccifer 2.0 activity, at the White House, and members of Vice President Joe Biden’s staff.

Back to Warren.  Who is he that he could have installed software on a White House computer?  It turns out that Mr. Flood includes in his LinkedIn profile that he currently works at Bright Blue Data LLC, a firm that specializes in progressive political data.  His past work history, however, is more telling:  Obama for America, Democratic National Committee, and The White House – Executive Office of the President.

He was Joe Biden’s technical director, and had easy access to the physical White House as well as the DNC HQ Building in Washington D.C.

While we have no way to ascertain if Flood was the author, it is almost certain that someone used a PC or laptop that Warren had previously installed Microsoft Word on, while he was working at his previous jobs.  Whoever created the Trump Opposition File that Guccifer 2.0 provided to the media, would have had to have access to former (current for the time) White House or Joe Biden staff computers.  What it is clearly NOT, is Russians.

Going back to June 12th, when Julian Assange announced that WikiLeaks would be releasing Clinton’s emails.  At that time, Hillary Clinton was still under an FBI investigation, and Trump was bashing her use of her private email server while his supporters chanted “Lock Her Up! Lock Her Up!” at all of the Trump rallies.

The DNC and the Hillary Clinton campaign were in a desperate position.  They needed something, anything, that would call into question the reputation of Wikileaks.  Like an on-time delivery, Guccifer 2.0 appears days later, telling lies and attaching himself to Wikileaks even as Wikileaks disavows it continuously.  Coincidently, the most inflammatory piece of data Guccifer 2.0 releases is the Trump Opposition Report, something that moved the narrative away from Clinton’s email crimes and onto Russian prostitute urine fantasies.  How incredibly convenient for Team DNC.

The only ones to factually have had access to the DNC servers are members, contractors, consultants, and employees of the DNC.  Once such person who had unfettered access was Seth Rich.  Seth Rich was murdered on July 10th.  It is notable that no verified hacks or leaks of the scale of the Wikileaks DNC data dump occurred after this date.

Using Occam’s Razor, reviewing intent, capacity for execution, beneficiaries, and losers, we can see that the DNC itself stood most to gain from Guccifer 2.0’s activities.  Would a real hacker stop a couple of days before Hillary’s historic loss?  We think not.

While we have before bought into technobabble that we did not fully understand and took at face value the mainstream media’s claim that Guccifer 2.0 was a Russian hacker, today I’m more inclined to believe it was another dirty trick from the DNC’s Deep State bag of Dirty Tricks, and my guess is they are not yet done.

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending News

Exit mobile version