Featured Opinion

Debunking the false claim that Guccifer 2.0 is definitely a Russian asset

Was Guccifer 2.0 actually a DNC operative?

By Frank Parlato

The Daily Beast recently published a story on the debate over the identity of Guccifer 2.0. It appears that in their view and the view of others, Guccifer 2.0 is a Russian asset who hacked the DNC servers — in possible collusion with Trump adviser Roger Stone.

Artvoice respectfully disagrees.

Any fair and informed analysis suggests the identity of Guccifer 2.0 remains unknown.

Borrowing from the known record, from statements of Guccifer 2.0, and from Roger Stone, and others, it becomes apparent that it is not publicly known who Guccifer 2.0 is and that there is no evidence that Stone’s communications with Guccifer 2.0 had anything to do with the publication of the DNC emails.

The following report borrows heavily from an earlier report by Stone himself, and has been vetted and verified by this publication.

There is no evidence we’ve seen that links Roger Stone to Guccifer 2.0’s hacking. There is no evidence that Guccifer 2.0 ever hacked anything. But there is plenty of evidence of wishful thinking masquerading as evidence.

Was it a hack or a leak of the DNC computers?

The Nation magazine reported on a study issued by Veteran Intelligence Professionals for Sanity (VIPS), a group of former high-level US intelligence officials, who concluded that, “There was no hack of the Democratic National Committee’s system …  not by the Russians and not by anyone else.”

If it was not a hack, then what was it?

It might have been a leak; a download executed locally with a memory key or a similarly portable data storage device. In short, it might be an inside job, done by someone with access to the DNC’s system, that led to the publication of a large store of documents on WikiLeaks prior to the presidential election in 2016.

If this is true, it appears that Guccifer 2.0 is not a Russian hacker, but possibly might be an operative of the Democratic party. To understand the subtleties of this, it will be helpful to undertake a brief historical review:



Guccifer 2.0 at times appeared as Hillary Clinton’s knight in shining armor.

June 12

Julian Assange of Wikileaks announced on an ITV televised interview that “We have upcoming leaks in relation to Hillary Clinton which are … pending publication.”

At this point, the DNC and the Clinton Campaign knew [or should have known] a damage control campaign would be required immediately.

June 14

The DNC released a statement explaining they discovered that their servers had been hacked.  Among documents they claimed were stolen were document[s] related to “Trump Opposition Research”.

The DNC, however, refused to hand over their alleged ‘hacked server’ to the FBI for a forensic investigation, claiming their private firm, Crowd Strike Inc., certified that it was ‘Russian hacking.’

None of this was made public at the time.

What was made public was a report wherein the DNC’s computer security experts, Crowd Strike claimed they found malware on the DNC server known to be used by Russian hackers, during an investigation a month earlier [May 2016.]  They reported on June 14 that the malware was injected by Russians but provided no detailed specifics of their evidence.

June 15

Suddenly a person or persons, using the name Guccifer 2.0, appeared online and claimed to be a Romanian hacker responsible for the DNC hack.  Guccifer 2.0 confirmed the DNC statement of being hacked and claimed to be the source for Wikileaks.

Guccifer 2.0 posted five documents with ‘Russian Metadata Fingerprints’, the first was the “Trump Opposition Research” which the DNC had announced the previous day as having been stolen from DNC computers.

Either Guccifer 2.0 got this info from hacking, or possibly from the DNC itself.

Either way, the first document leaked by Guccifer 2.0 was anti-Trump information.

Just hours after Guccifer 2.0 made its announcement, Gawker, The Smoking Gun, and ArsTechnica published articles focused not on the hacking, but on the Trump opposition file.

June 17

Gawker, ThreatConnect, and The Smoking Gun published articles that suggested “hacked” DNC data contained personal donor information including “names, emails, and cell phone numbers”.

June 18

Guccifer 2.0 announced it had documents from the DNC network, including financial reports and donor personal data including “names, emails, and private cell phone numbers.”

June 20

Guccifer 2.0, posting that it is the lone hacker of the DNC, promised a dossier on Hillary Clinton from the DNC.

June 21

Guccifer 2.0 released a blog entry titled “Dossier on Hillary Clinton from the DNC”, which was in reality nothing more than links to already circulated and non-classified documents related to the DNC and Hillary Clinton, an essentially benign publication and not the result of a recent hack or leak.

June 22

Wikileaks began publishing the real DNC emails. The fallout led to resignations of top DNC officials and gave the world an unsightly, inside look at the real Hillary Clinton and the party that was bent on getting her elected over Bernie Sanders in contravention to their primary rules.

Guccifer 2.0 again took credit for hacking the DNC computers.

Later that day, Guccifer 2.0 posted it would speak to anyone over Direct Message on Twitter.

June 23

VICE journalist Lorenzo Franceschi-Bicchierai published an article based on an interview with Guccifer 2.0 entitled “Why Does DNC Hacker ‘Guccifer 2.0’ Talk Like This?” It included language analysis assessments from three experts. The experts could not make a definitive conclusion of the nationality of Guccifer 2.0, although some sentences of Guccifer 2.0 were in perfect English.

Over the next few days Guccifer 2.0 created a Guccifer 2.0 FAQ (Frequently Asked Questions) blog post and made a point to wish everyone a happy Independence Day on the 4th of July.

July 10

DNC computer tech worker Seth Rich was murdered. There is much controversy surrounding his death and no suspect has been yet apprehended.

Within days, articles from Vocative, The Hill, ThreatConnect, TAIA Global, and The Smoking Gun announced that Guccifer 2.0 is likely a Russian, perhaps even Russian government-affiliated.

August 5

Roger Stone published on Breitbart News that Guccifer 2.0 was not a Russian hacker and, based on Guccifer 2.0’s statements, was likely responsible for the hack of the DNC.  [Stone later revised his opinion. He now believes there was no hacking done by the Russians, or anyone else. Stone believes that the information Wikileaks published was leaked, not hacked.]

August 12

Evidently in response to Stone’s Breitbart article, Guccifer 2.0 tweeted “@RogerJStoneJr thanks that u believe in the real #Guccifer2” .

Twitter suspended Guccifer 2.0’s account.

Stone Tweeted in protest of the suspension.

August 15

When Guccifer 2.0 was reinstated by Twitter, Stone offered congratulations in his first private communication to Guccifer 2.0 via Twitter Direct Message.  This first communication with Guccifer 2.0 was weeks after Wikileaks posted the DNC-Clinton material.

Stone says his congratulatory message to Guccifer 2.0 was not based only on his opposition to censorship, but for another good reason: Whether it came from Romanians, Russians, or Seth Rich – what Wikileaks published was the truth.

The nature of the direct messages between Roger Stone and Guccifer 2.0 occurred after [not before] the leaked or hacked DNC emails.
Truth trumps its source?

The import of the leaks – which is often forgotten – is that the American people were able to get a true, inside view of presidential candidate Hillary Clinton. For that reason, the American public should be grateful to whoever provided this material.

In the end it shined a light on Hillary Clinton that enabled American voters to make a more informed assessment of her qualifications and fitness to be president of the USA.

Some might argue –  that truth is not interference in any election – regardless of who gives it to us. It is lies that can be interference – for all, everyone wants the truth, however it is offered.

In this case the DNC covered up their interference in the Democratic primary in favor of Hillary Clinton. Wikileaks published the truth. We do not know who provided the truth to Wikileaks.

In any event, two Twitter Direct Message communication threads exist between Guccifer 2.0 and Roger Stone. They occurred on August 15 and August 17. These conversations were revealed to the public by Stone himself and are by any – even the most biased standard – completely innocuous.

September 9

An additional attempt was made by Guccifer 2.0 to have a third Twitter Direct Message conversation with Roger Stone on September 9th.

Stone’s part of the conversation consisted of a request to re-post a link, which Guccifer 2.0 agreed to do. [Stone regularly re-Tweets requests of correspondents on Twitter or Facebook to get his messages and writings out, he said.]

September 13

Guccifer 2.0 released the NGP/VAN zip file, which became the source of a series of debunking exercises, the results of which are discussed later in this article.

Over the next couple of months, Guccifer 2.0 released documents it claimed it obtained through hacks and “exploits” including a dossier on Democratic Congressman Ben Ray Lujan.  That dossier proved to be harmless.

Guccifer 2.0 then claimed it hacked the Clinton Foundation and posted documents Guccifer 2.0 claimed came from the hack. All the files Guccifer 2.0 posted turned out to be from previous leaks or from public domain documents.

November 4

A few days before the 2016 US Presidential Election, Guccifer 2.0 – making its last post of the year – offered to be a hacker poll watcher on election day.

November 8.

Donald Trump defeated Hilllary Clinton in the presidential election.

Guccifer 2.0’s account was dark until January 12th, 2017, more than two months after the election.

Guccifer’s errant claims

Throughout the course of Guccifer 2.0’s public communications, it made a variety of claims.  These claims should be investigated in detail before we move on to motive and intent, as well as conflicting evidence.

Guccifer 2.0’s most substantive claim was that it hacked the DNC’s servers.

Guccifer 2.0 stated in its VICE interview that it breached the server using a “Zero-day exploit of NGP-VAN.”

While the report from ThreatConnect made the assessment that Guccifer 2.0 is a collective of Russians, the same report revealed facts that debunk Guccifer 2.0’s claims, including that it hacked the DNC server.

Guccifer 2.0 claimed it used an unknown software vulnerability of a COMPANY (not a product), whose products have no direct connection to the DNC LAN, to bypass the DNC LAN security devices, and access the DNC server.

Let me explain a couple of tech terms for readers unfamiliar with the terminology in order for anyone to understand that Guccifer 2.0 by its statements either did not hack the DNC computer or lied about its methodology.

Briefly: A Local Area Network (LAN) is a group of computers connected together by hard wires or Wi-Fi connections. A group of computers on a LAN can communicate with each other, but with no other computers or computer networks (including the internet) unless going through a security device or gateway.

These security devices are called Firewalls, and can be hardware, software, or both.

The DNC server [which was allegedly hacked] sits inside DNC headquarters in Washington, D.C.. Any communication with the DNC server must go through the DNC LAN, and, if coming from the internet, through the DNC security devices and/or gateways.

The tech that helps make this possible for the DNC comes from NGP VAN an American IT consulting, online fundraising and media technology company based out of Washington, D.C.

NGP VAN uses web-based tools that allow organizations to leverage technology to meet their goals.

The Wall Street Journal said, “NGP VAN is something of a secret weapon for the Democratic Party and the labor unions and progressive groups that use it.”

The primary products from NGP-Van are MiniVan, a mobile canvasing tool for voter contact and data collection, VoteBuilder, a campaign persuasion and get-out-the vote web tool, and NGP, a web based platform for digital engagement tracking, fundraising, and compliance reporting.

NGP is used by nearly every Democratic campaign running for federal office, is a set of web-based applications, and is hosted on NGP-Van servers and controlled by NGP Van in their own facilities.

All of NGP systems are web-based and therefore have zero direct interaction with the DNC LAN.

Zero-Day exploit is a software vulnerability that is unknown to those most interested in mitigating vulnerability, including the vulnerable software creators.

Hackers exploit vulnerabilities to adversely affect the target computers, programs, data, and if possible, gain access to the wider LAN [Local Area Network.]

This is what Guccifer 2.0 claims it did.

And it is for this reason that ThreatConnect correctly discredits the breach by saying “As it stands now, none of the Guccifer 2.0 breach details can be independently verified.”

Another dubious Guccifer 2.0 claim

The second most important claim by Guccifer 2.0 was that it was the source of the DNC emails published by WikiLeaks.

Guccifer 2.0 made a point to mention Wikileaks during what seems to be its purposeful destruction of its own reputation on October 4th, 2016, when it did not post any interesting data with the excuse the databases were “too large. I’m looking for a better way to release them now.”

The “better way” never came; no further data was released by Guccifer 2.0.

Guccifer 2.0 made these claims 73 days after the last large data dump came from Wikileaks, which Guccifer said it sourced.

Guccifer 2.0’s Clinton Foundation hack claim was also discredited after it was discovered that all the files Guccifer 2.0 claims it hacked then posted turned out to be from previous leaks or public documents.

Ultimately, Guccifer 2.0 never produced anything from the Clinton Foundation verifying a hack, neither has the Clinton Foundation admitted to being hacked.

To this day, there is nothing independently verifying Guccifer 2.0’s claims that it hacked the DNC servers.

Julian Assange says the material he published came from a leak and not from a hack.

Assange has his own version

Julian Assange has stated repeatedly that the emails were leaked, rather than hacked, in contradiction to Guccifer 2.0’s claims.

Speaking of Seth Rich, in a YouTube interview with Assange, from which the except below was extracted, Assange points at least indirectly to the possibility that Seth Rich was the DNC leaker [not hacker].


“Whistleblowers go to significant efforts to get us material, and often very significant risks. There’s a twenty-seven-year-old, works for the DNC, shot in the back, murdered [Seth Rich], just two weeks ago, for unknown reasons, as he was walking down the street in Washington, so-“


“That was just a robbery, I believe, wasn’t it?”


“No, there’s no finding. So-“


“What are you suggesting? What are you suggesting?”


“I’m suggesting that our sources take risks, and they are, they become concerned to see things occurring like that-“


“But was he one of your sources? I mean-“


‘We don’t comment on our sources-“


‘So, why make the suggestion? About a young guy being shot on the streets of Washington?’


“Because we have to understand how high the stakes are. In the United States. And that our sources, are…face serious risks, that’s why they come to us, to protect their anonymity.


“But it’s quite something to suggest a murder, that’s basically what you’re doing.”


Well, others have suggested that. We are investigating to understand what happened, in that situation, with Seth Rich. I think it is a concerning situation, there’s not a conclusion yet, we wouldn’t be willing to state a conclusion, but we are concerned about it. More importantly, a variety of Wikileaks sources are concerned when that kind of thing happens.”

What is it Assange is saying?

If there was no hack of the DNC, then information may have been downloaded to something as simple as a thumb drive and spirited out the back door– by perhaps the late Seth Rich.

It is likely Rich would’ve known of the DNC’s ongoing effort to deprive Sen. Bernie Sanders of an honest competitive primary by manipulating party activities to help Hillary.

Guccifer’s persona 

Now that we’ve examined some of the technical aspects of Guccifer 2.0’s claims, let’s investigate what we know about Guccifer 2.0’s persona.

Guccifer 2.0 claims to be Romanian.  Media reports have selectively focused on various facts to support their assertion that Guccifer 2.0 is Russian. Each fact seems to have been created by calculated choices made by Guccifer 2.0 itself.

Guccifer 2.0 could have named its computer account anything, but opted to name it after the founder of the Soviet Secret Police.

Guccifer 2.0 didn’t have to create, then save documents to encode a Russian name into the document Metadata. But Guccifer 2.0 chose to do so.

Smart hackers are good at covering their steps or revealing what they want others to find as clues.

A talented hacker would not use his home country IP address, unless he or she wanted his or her national origin identified, but Guccifer 2.0 chose a Russian VPN service.

Guccifer 2.0 could have used an encrypted email service but chose instead to use a public web-based email service that forwarded its Russian VPN IP address.

All of these choices, when put together, seem to show Guccifer 2.0 was either utterly inept, or made a conscious decision to make it appear that it is Russian.

The import of Guccifer 2.0

Aside from self-promoted, unverified claims, Guccifer 2.0’s actions seems to have had very little impact on anything or anybody.

Guccifer 2.0 released no new ‘secret’ documents, with the exception of the apparent leaking of a couple of hundred email addresses and contact numbers for Democrat donors- which is – it should be pointed out – data that is readily available to the DNC.

Is Guccifer 2.0 an American?

When Roger Stone testified for the House Intelligence Committee, several members insisted that an analysis of Guccifer 2.0’s speech pattern indicated ‘he’ is Russian.

But this is the same Intelligence community that perpetuated the bogus claim that Guccifer 2.0 left Russian markers on some computer servers.

More on speech patterns of Guccifer 2.0

Some however are less convinced that language analysis is, in this case, even possible since Guccifer 2.0 may be any number of writers going online.

Guccifer 2.0’s use of “told”, “tell”, “say”, “said”, and definite/indefinite article use, as well as command of prepositions, expose that at least one individual writing as Guccifer 2.0 might be someone who speaks English so well that he or she could be American.

The terminology and phrasing that has been used in much of Guccifer 2.0’s informal communications also points to a native English speaker clumsily and irregularly using a hokey fake Russian accent reminiscent of a bad Hollywood movie.

One June 2016 Guccifer 2.0 post states: “I … decided not to put all eggs in one basket. Moreover, other cases weren’t so successful and didn’t bring me the glory.”

Russian Fingerprints pointed out as evidence that Guccifer 2.0 must be Russian

After the claim that Guccifer 2.0 is Russian based on the use of online language, there is the so-called Russian fingerprints – the ‘Russian Metadata’ documents.

What is intriguing about this is that the fingerprints appears to be mistakes or blunders made by Guccifer 2.0.

One striking oddity is that, in some documents, specifically the ones that had been created/opened and saved to inject the “Russian Metadata’ into the file, another piece of metadata was also injected:

“Created by Warren Flood on 15th of June at 13:38”

Modified byФеликс Эдмундович on 15th of June at 14:08

Who is Warren Flood?

Why is Warren Flood’s name connected to Guccifer 2.0? Flood [arrow] is pictured with his former boss former Vice President Joe Biden.
We want to be clear: We are not accusing Warren Flood of conducting any acts attributed to Guccifer 2.0.  An analysis of writings attributed to Warren Flood, compared to those of Guccifer 2.0, show subtle, but marked differences suggesting the pieces were written by different individuals.

What the data does suggest, however, is that files were manipulated on a computer where Warren Flood’s account was logged in when that computer had Microsoft Word installed.

Such computers existed at the time of the Guccifer 2.0 activity at the White House and members of Vice President Joe Biden’s staff.

Back to Flood.  Who is he and how could he have installed software on a White House computer?

It turns out that Flood, according to his LinkedIn profile, currently works at Bright Blue Data LLC, a firm that specializes in progressive political data.  His past work history, however, is more telling:  Obama for America, Democratic National Committee, and The White House – Executive Office of the President.

He was Joe Biden’s technical director and had access to the physical White House as well as the DNC HQ Building in Washington D.C.

While we have no way to ascertain if Flood was the author, it is almost certain that someone used a PC or laptop that Flood had previously installed Microsoft Word onto, while he was working at his previous jobs.

Whoever created the Trump Opposition File that Guccifer 2.0 provided to the media would have had to have access to former (current at the time) White House or Joe Biden staff computers.

What it clearly is not, is Russian.

A Spin to Protect from Assange?

Going back to June 12th, when Julian Assange announced that WikiLeaks would be releasing Clinton’s emails, Hillary was under FBI investigation. Trump was bashing her use of her private email server while his supporters chanted “Lock Her Up! Lock Her Up!” at Trump rallies.

The DNC and the Hillary Clinton campaign were in a desperate position.

They needed something that would call into question the reputation of Wikileaks.  Like an on-time delivery, Guccifer 2.0 appears, attaching itself to Wikileaks, even as Wikileaks disavows it repeatedly.

Coincidentally, the most inflammatory piece of data that Guccifer 2.0 releases is the Trump Opposition Report, something that moved the narrative away from Clinton’s email crimes, into Russian prostitute urine fantasies.

This was exceedingly convenient for the DNC.

Occam’s Razor?

The only ones to factually have had access to the DNC servers are members, contractors, consultants, and employees of the DNC.  Once such person was Seth Rich.  Rich was murdered on July 10th.  No verified hacks or leaks of the scale of the Wikileaks DNC data dump occurred after his death.

Using Occam’s Razor, [i.e. when presented with competing hypothetical answers to a problem, one should select the one that makes the fewest assumptions] reviewing intent, capacity for execution, beneficiaries, and losers, we can see that the DNC itself stood most to gain from Guccifer 2.0’s existence and activities.

Would a real hacker stop a couple of days before Hillary’s loss?

As Stone said, while some have before bought into technobabble that they did not fully understand and took at face value the mainstream media’s claim that Guccifer 2.0 was a Russian hacker, others are inclined to believe it was another dirty trick from the DNC’s bag of dirty tricks, and are guessing they are not done yet.

The true identity of Guccifer 2.0 remains to be determined and may forever be a mystery.



About the author

Frank Parlato


Click here to post a comment

  • He doesn’t show sufficient love for Hillary; therefore, he is wrong. Great technical analysis, sellouts. But I’m laughing harder.

  • Funniest article I’ve read today. A mishmash of Briebart hyperbole and a dash of alt-right conspiracy.

    Keep it coming. I love to laugh.

  • Sure looks like ArtVoice is peddling Seth Rich conspiracies. Probably something the Rich family would like to know about to add to their lawsuits.

  • Oh my mistake. I just noticed the author of this article which explains why he would defend other pieces of trash.

  • Wow this is pretty trashy for ArtVoice to publish something researched using 4chan and alt-right talking points.