News erupted this week proclaiming the enigmatic hacker, Guccifer 2.0, accidentally dropped his VPN connection, revealing his secret identity. According to Daily Beast, his true IP address was revealed while he visited a social media site – and it tracked directly to Russia’s GRU headquarters. That’s akin to Batman forgetting to put on his mask or locking the door to the bat-cave. Could it happen? Sure. But not likely.
I’ve written for years about Guccifer and how I believed he was not necessarily a lone hacker but rather, the collective arm of a Russian government intelligence service (see this 2016 article where I discuss the Russia hack against the US and the likely involvement of Guccifer 2.0 and Julian Assange). But a member of an elite hacking unit dropping their VPN connection while chatting on social media? For now, I’m only taking this claim at face value. Dropping your VPN is the ultimate goof for a hacker. Can it happen? Sure, mistakes happen to everyone. But it really would be a dumb and unexpected mistake.
Hackers, VPNs, kill switches, etc.
I’ve lost track of how many times I’ve talked about about protecting your VPN connection – how and why to do it. It can be done by chaining VPNs together or running one on top of the other (admittedly, it’s one of those “folks, don’t try this at home” kind of setups but it is doable for the most part). More commonly, VPN “kill switches” are employed to protect the VPN from drops.
VPN kill switches are common in VPN packages today, either via the VPN configuration settings or during installation. In a nutshell, they work by configuring the network stack to route all traffic through the VPN and forcing the VPN to be a critical connection point that if broken, stops all network traffic. Even before VPNs allowed anyone with a mouse to setup a kill switch, we did it through our firewall or routing software. Point is, no hacker on earth runs a VPN without some sort of protection. It just doesn’t happen. And good hackers run multiple layers of protection.
Could Guccifer 2.0 make such a mistake? It’s possible, but not probable. According to reports, Guccifer’s identity “traced to a particular GRU officer working out of the agency’s headquarters on Grizodubovoy Street in Moscow” (what this probably means is the IP address of Guccifer was revealed from a machine outside of GRU headquarters but tied to a person known to be a Russian intelligence officer). Sure, it could have been a new machine or a new configuration that had not been hardened or heaven forbid, heavily tested. Or it could have been a different machine, not one that Guccifer 2.0 normally operates through. Or maybe Guccifer 2.0 dropped the VPN to test something and forgot to reactivate it. There’s a million ways it could have happened. None of them very likely.
So what really happened?
Did the reporter’s “source” lie? Well, they say they can tie Guccifer 2.0 to a single hacker within GRU headquarters. If they mean a single IP address originating from the organization’s network then that itself seems to be a stretch. Again, it’s possible, but not likely. More likely, this “leak” occurred outside of the GRU building and involved a hacker *known* to be a Russian intelligence agent. And if the agent really did screw up this badly, the scenario will likely play out like this:
“You stupid ninsky-poop! You’re not fit to be a Russian spy! In fact, you’re not fit to be a human being!”
And weeks later, Guccifer 2.0’s body is found half-buried in a Russian snowbank.
Or maybe this “reveal” was a Russian misdirection and it plays out like this:
“Comrade, we owe you greatly for your selfless sacrifice to Mother Russia. Here, take this briefcase and disappear to Morocco.”
And weeks later, Guccifer 2.0’s body is found, head sticking out of a Russian snowbank.
Or maybe Russia purposely leaked the IP address to taunt American authorities or remind Trump that he’s their bitch. Or Mueller himself dropped the story in an unimaginative ploy to strengthen his case against Russia. Or I’m wrong and Guccifer 2.0 isn’t a Russian intelligence collective and now someone’s trying to prove me right, or wrong, or whatever.
End line – given the current knowledge, I’m not putting too much confidence in the reports that Guccifer’s identity has been exposed. Let’s hold on a bit longer and wait for more conclusive evidence before we start laughing at his stupid mistake – because it really would be a rookie mistake.