Guccifer 2.0

Nation-state-sponsored cyberattacks are on the rise. Whether for surveillance, sabotage, or swaying public opinion, these attacks have proven a cheap and effective method to pursue nation-state aims. Generally, these cyberattacks are difficult to attribute to a government without a shadow of a doubt. This is in part because the governments behind these attacks pretend to be hacktivists. Indeed, a key element frustrating attribution is that the actions of state-affiliated hackers can bear the trappings of maverick, free-wheeling hacker culture—creating plausible deniability for governments even when the affiliation with hacker counterculture is hardly legit. Exhibit A: this video.

At the tail end of the 2016 presidential campaign season, the Democratic National Convention (DNC) was hacked. The acquired cache of emails and other information was handed over to WikiLeaks, which did not hesitate to publish them. The U.S. government claimed that the Russian government was responsible; Putin denied involvement. Meanwhile, the “hacker” interviewed in this BBC video claimed responsibility. He names himself Guccifer 2.0 and repeatedly states that he acted alone and was motivated by his own political beliefs. Security experts deemed otherwise, insisting that Guccifer 2.0 was a cover for either Russian government employees or patriotic nongovernmental actors working on behalf of the Russian state.

Still “Guccifer 2.0” made an effort to appear to be a hacktivist who was operating with his own agenda, unaffiliated with any nation-state. Like Anonymous, he released mocking statements via Twitter and a website and wrote at least one long diatribe articulating the political philosophies underlying his actions. His actions also resembled pro-U.S. hackers unaffiliated with the U.S. government, such as The Jester. Even the name “Guccifer 2.0” referenced a famous politically motivated hacker who was not affiliated with any government—Marcel Lazăr Lehel or “Guccifer.”

Guccifer 2.0’s attempts to look like an activist were clearly meant to thwart efforts to attribute the DNC attack to Russia. The use of hacker-esque imagery and sense of playfulness was a far cry from the straight-laced, suit and tie, and formal look of government materials. Nor was Guccifer 2.0 alone in embracing hacker aesthetics. When North Korean hackers targeted Sony in 2015, a red-lit skeleton appeared on screens with a tag saying Sony had been hacked by “Guardians of the Peace.” A likely US nation-state actor, the Lamberts/Longhorn, heavily references old computer games, Star Trek, anime, and North American specific foods such as funnel cakes.

Nation-states rely on attribution to reasonably and publicly escalate tensions, retaliate after a cyberattack, or hold countries responsible for those attacks. When nation-state affiliated hackers, employ hacktivist tropes, symbolism, and models as a method to hide actual political affiliations they create plausible deniability for their governments. As the number of countries building offensive cyber programs proliferates, the issues around attribution will only increase.

Guccifer 2.0 did not succeed—forensic evidence and his lack of credibility undermined his performance. But the difficulty in proving without ambiguity that a given actor is responsible for an attack creates a gray space of plausible deniability for governments, what Gabriella Coleman dubs the “fog of hacking.”  It is in this gray space between complete certainty and what is certainly likely that nation-states play. As Putin’s spokesperson said in response to accusations that the DNC hacks were a Russian government action, “Every day Putin’s website gets attacked by several tens of thousands of hackers. A lot of these attacks are traced to the territory of the USA, but we do not blame the White House or Langley each time.”

Back to Anti-security