SAN FRANCISCO — Despite the many questions raised over new documents allegedly leaked from the servers of Democratic presidential nominee Hillary Clinton, the hacker known as “Guccifer 2.0” continued to insist Tuesday that the documents were real, and that they were a small preview of much more to come.
In a private chat with BuzzFeed News, Guccifer 2.0 wrote that “all files are authentic” and that they came from the Clinton Foundation’s private server. When asked about the widespread speculation that the documents weren't legitimate and a statement by the Clinton Foundation that “none of the folders or files shown are from the Clinton Foundation," Guccifer 2.0 appeared to double down, writing: “is it possible that some ppl r trying to divert attention from my release by spreading false accusations?”
The hacker first made headlines in June, when an account run under the name "Guccifer 2.0" claimed to be behind the hack of the Democratic National Convention (DNC). At the time, he told Motherboard that he was a lone Romanian hacker, though it appeared he could not speak Romanian nor prove any ties to that country. Cybersecurity experts with the companies investigating the DNC hack have since concluded that the hack was likely carried out by a group dubbed Fancy Bear, a set of hackers that have been tied to the Russian government.
The release of the new documents Tuesday, whether by Guccifer 2.0, Fancy Bear, or any other party, is the most recent in a long-running cyber tit-for-tat that cybersecurity experts said has tried to affect the outcome of next month's US elections.
On Tuesday afternoon, Guccifer 2.0 wrote in a blog post, “So, this is the moment. I hacked the Clinton Foundation server and downloaded hundreds of thousands of docs and donors’ databases.” His announcement came just hours after a Wikileaks press conference which many had thought would announce a cache of damning documents about Democratic presidential nominee Hillary Clinton. Instead, Wikileaks appeared to be celebrating their 10-year anniversary, and announcing a new funding model.
Guccifer 2.0, who tweeted a congratulatory message to Wikileaks Tuesday, told BuzzFeed News he thought it was a “good idea” to release his documents that day, and that this was “just a tiny part of the files,” that would be released in coming weeks.
Yet Guccifer 2.0 refused to answer questions of when the Clinton Foundation servers were hacked, or how the hack was accomplished. Guccifer 2.0 also refused to answer why the documents — which mostly contained donor information — seem to imply some connection between donations to the Clinton Foundation and the receipt of federal funds through the TARP program, which were largely distributed during the administration of George W. Bush. Also left unanswered: why many of the individuals who appear as donors in the documents are not listed as donors in the foundation’s public disclosures.
Some observers speculated that the files came from the Democratic Congressional Campaign Committee (DCCC), which was itself hacked earlier this year. "Given the Russians’ long track record of faking the origin and doctoring the content of documents acquired through cyber attacks, the Committee is working to determine if these were stolen from our network,” Meredith Kelly, DCCC National Press Secretary, told BuzzFeed News.
In previous chats with BuzzFeed News, the Guccifer 2.0 account appeared to type in nearly-fluent English. On Tuesday, however, the account only used short replies — often with emojis — and did so in broken English. While questions have been raised about the legitimacy of previous documents released by Guccifer 2.0, the documents released Tuesday might prove to be the first time the account has obviously released falsified documents.
Sheera Frenkel is a cybersecurity correspondent for BuzzFeed News based in San Francisco. She has reported from Israel, Egypt, Jordan and across the Middle East. Her secure PGP fingerprint is 4A53 A35C 06BE 5339 E9B6 D54E 73A6 0F6A E252 A50F
Got a confidential tip? Submit it here.