"Guccifer" Files Further Detail Hacking Spree
Online outlaw's "archive" identifies scores of new high-profile victims
JANUARY 6--The hacking spree by “Guccifer,” the online outlaw who has bedeviled
Colin Powell, members of the
Bush
and Rockefeller families, Obama administration officials, and assorted
other public figures, has been far more extensive than previously known,
The Smoking Gun has learned.
A large cache of documents reveals that the illegal “Guccifer”
incursions have victimized scores of other high-profile victims both in
the U.S. and overseas during the past year. The hacker has accessed
e-mail correspondence, contact lists, phone records, personal photos,
online storage sites, and a wide range of confidential financial
documents, including credit card, banking, and investment statements.
The newest roster of “Guccifer” victims includes entertainers,
industrialists, academics, diplomats, financiers, government and
military officials, and journalists--most of whom likely have no idea
that the hacker has illegally prowled through their online accounts.
With few discernible patterns, “Guccifer” has hopscotched between the
accounts of victims like comedian Steve Martin; editor Tina Brown (seen
below); ex-Nixon aide John Dean; author Kitty Kelley; actress Mariel
Hemingway; three members of the UK’s House of Lords; a former Air Force
secretary; the CEO/chairman of MetLife, the $60 billion insurance
conglomerate; a Pulitzer Prize winner; the director of Romania’s
domestic intelligence service; and a Gibson Dunn partner with the
improbably Dickensian name Cantwell F. Muckenfuss III.
Along
the way, “Guccifer” has also gathered the cell phone numbers of
Robert Redford and Warren Beatty, the private e-mail addresses for
Nicole Kidman, Leonardo DiCaprio, and other celebrities, and even the
script for the fourth-season finale of “Downton Abbey” (which the hacker
swiped six months before the TV episode first aired in England).
The material detailing Guccifer’s felonious escapades was provided to
TSG by the hacker himself, whose identity, location, and gender remains
unknown (though for narrative purposes we’ll refer to the hacker as a
“he”).
“i don’t know what near future hold for me,” the hacker stated,
adding that the thousands of documents were being provided to a reporter
“in case I disappear.” Aware that a platoon of federal agents is
hunting for him (or her or them), “Guccifer” facetiously claimed to be
having dreams “in which a woman is steping up to me saying that she is
from Federal Bureau and I am busted.” He added, “meanwhile me trying
desperately to erase my files on my computer at my desk or on my
smartphone which btw I don”t have because I can”t afford one.”
Included in the archive are documents amounting to the hacker’s work
product, such as text files recording an individual victim’s name,
e-mail address, original account password, and the replacement password
used by “Guccifer.” For instance, when the hacker broke into Powell’s
e-mail account, the password was changed to “ASSHOLEANON.” After
breaching the Comcast e-mail account of
John Negroponte,
a former U.S. ambassador to the United Nations, “Guccifer” reset the
password to “hondbabykill1,” an apparent reference to Negroponte’s prior
role as U.S. ambassador to Honduras, where American officials supported
a military dictatorship suspected of killing and torturing dissidents.
While
“Guccifer” has declined to discuss how he has been able to hack
so many e-mail accounts--spanning an array of providers like Comcast,
Cox, Gmail, Yahoo, AOL, Earthlink, Verizon, and the British-based
Btinternet--it appears he compromised some accounts by correctly
guessing security questions. Work files show that the hacker reviewed
the Wikipedia pages of prospective victims, obtained the names of a
target’s relatives, and even referred to a list containing the most
popular names for dogs and cats.
Last spring, “Guccifer” hacked a Yahoo account maintained by an
assistant to Brown, then editor of The Daily Beast web site. Along with
reading correspondence and stealing family photos, the hacker copied
Brown’s address book, which contained nearly 900 names and corresponding
e-mail addresses. He then exported Brown’s contacts into an Excel
spreadsheet and began reviewing the lengthy list for possible new
targets, a standard "Guccifer" M.O..
While the hacker routinely copies an address book following a
break-in, some contact lists--like those of Brown, Powell, and former
White House adviser Sidney Blumenthal--have proven to be target-rich
environments for “Guccifer” to exploit.
For example, armed with Brown’s contact list, “Guccifer” highlighted
dozens of names--most with either AOL or Earthlink accounts--for illegal
scrutiny. The hacker’s spreadsheet memorialized his hacking of the
e-mail accounts of journalist
Carl Bernstein, “Sex and the City” author
Candace Bushnell,
actor Rupert Everett, BBC broadcaster Jeremy Paxman, and others. The
color-coded Excel file also shows that “Guccifer” eyed the e-mail
accounts of Lorne Michaels, Candice Bergen, Eric Idle, Whoopi Goldberg,
Padma Lakshmi, Mike Nichols, and Isaac Mizrahi (though it is unclear if
these accounts were breached). The hacker’s archive also reveals that he
was researching Martin Amis in preparation for an assault on the
author’s Yahoo account.
“Guccifer” used Brown’s
account to obtain the e-mail address of
Julian Fellowes (seen above), the British actor/writer who created
“Downton Abbey,” and is also a member of the House of Lords. Somehow,
the hacker subsequently broke into Fellowes’s Btinternet account and
copied a variety of correspondence as well as confidential records
related to the 64-year-old’s writing and political careers. One of the
documents stolen last May by “Guccifer” was Fellowes’s script for the
finale of the latest season of “Downton Abbey.” The hacker, however,
apparently did not seek to disseminate the script for the last episode
(which aired in England two months ago).
Fellowes is not the only House of Lords member to be victimized by
“Guccifer.” Documents show that the hacker also raided the e-mail
accounts of Sir Francis Brooke and Patricia Scotland, who served
previously as the UK’s Attorney General. Scotland’s SkyDrive online
storage account was also breached.
In an interview, Brown said that she had been unaware that her
account had been breached by "Guccifer," adding that it was upsetting to
learn that some of her contacts had been hacked as a result. A Brown
assistant, who recalled getting notices that the Yahoo account’s
password had been changed, forwarded an e-mail that was sent from the
account in May to a second Brown aide. The subject line read “i will
fuck u an you wiil never know.” The aide told TSG, “Nice email from Mr.
Guccifer, huh?”
The “Guccifer” archive includes documents memorializing the hacking
of the e-mail accounts of dozens of other individuals. These victims
include:
* Hemingway, whose AOL account was broken into
early last year. That incursion yielded passwords to the
52-year-old star’s web site and Facebook page (which “Guccifer”
defaced in late-February). In a note to her followers, a disgusted
Hemingway (pictured above) reported being hacked, noting that she
“changed everything UGH makes you feel violated.”
* Steven Kandarian, the MetLife chief
executive, had his Comcast account raided by “Guccifer,” who stole
the 60-year-old businessman’s contact list, divorce records, phone
logs, and a variety of personal financial records.
* George-Cristian Maior, head of the Romanian Intelligence Service, had his Yahoo account breached.
* George Roche, a former Secretary of the Air
Force, was one of more than a dozen former U.S. military officials
who had their accounts illegally accessed by “Guccifer.” Most of
these victims, Roche included, had e-mail accounts with Comcast, a
company the hacker seems to have little trouble compromising.
* Kelley had her Yahoo and Earthlink accounts
compromised early last year. “Guccifer,” who apparently found the
biographer’s e-mail address in Blumenthal’s contact list, read
through her e-mails and took months worth of Kelley’s cell phone bills,
which listed numbers she dialed as well as calls she received.
Kelley told TSG she was unaware of the hacking, but recalled that
“Earthlink changed my password twice, I think, without
explanation.”
* Laura Manning Johnson, a top Department of
Homeland Security official and former CIA analyst. “Guccifer”
breached her Comcast account in mid-2013.
* Pulitzer Prize-winning author Diane
McWhorter, whose Earthlink, Gmail, and Dropbox storage accounts were
raided. “Guccifer” apparently found McWhorter’s e-mail among
Blumenthal’s contacts.
* Dean’s Earthlink account was hacked early
last year, and “Guccifer” took family photos, assorted
correspondence, and personal financial records.
*Fitness instructor Denise Austin was hacked
early last year. Her Comcast account was broken into shortly after
“Guccifer” illegally accessed the e-mail account of Dorothy Bush
Koch, sister of George W. Bush (and daughter of George H.W. Bush).
Austin’s e-mail address was in Koch’s contact list, which the hacker
copied.
* Oceanographer Robert Ballard, who was part of
the team that located the Titanic’s wreck, had his Comcast e-mail
and Dropbox accounts hacked by “Guccifer.” Ballard, seen below, was
apparently targeted because his name appears on a roster of members of
Bohemian Grove’s Mandalay Camp. The hacker found the list in the
AOL account of Powell, who is also a Mandalay member (along with
Henry Kissinger and George Shultz, both of whom are also former
Secretaries of State. In e-mails last year, “Guccifer” asserted
that attendees at Bohemian Grove’s northern California retreats
were part of the shadowy Illuminati/New World Order conspiracy
“leading this fucked up world!!!!!!”
* Muckenfuss, a Washington, D.C. attorney and
Yale Law School lecturer, had two of his e-mail accounts breached
by “Guccifer.” It appears the hacker found the 68-year-old lawyer’s
Comcast e-mail address in the Gmail contact list of
Joshua Gotbaum,
director of the Pension Benefit Guaranty Corporation. After
hacking Gotbaum’s account last May, “Guccifer” took the Obama
appointee’s address book and used it to victimize several of
Gotbaum’s acquaintances.
The “Guccifer” archive shows that he also accessed the e-mail
accounts of numerous members of the Council on Foreign Relations. The
hacker obtained the e-mail addresses of hundreds of CFR figures after he
broke into the account of one member and accessed private contact
lists.
Additionally, the hacker’s work product reveals that he illegally
accessed the e-mail of a New York company that handles security matters
for corporations and wealthy individuals. “Guccifer” took a variety of
reports detailing confidential work done by the firm, including a
$40,000 security review commissioned by a hedge fund billionaire who
wanted assurances that a duplex apartment his daughter, a college
student, planned to rent while studying in Paris was safe.
While “Guccifer” has repeatedly declined to discuss how he breaks
into accounts--he has dismissed these TSG queries as “irrelevant
extraneous technical questions”--some targets have eased his path
through their online lives.
For example, two victims--a writer and an ex-FBI agent--each kept
Word files containing numerous password and PIN numbers they used.
Combined, the two documents (which were found in the “Guccifer” archive)
offered free access to accounts with eBay, Netflix, PayPal, Xbox,
Amazon, Sprint, Etsy, Facebook, Dropbox, Time Warner, and Skype. Not to
mention credit card, banking, insurance, retirement, and frequent flyer
accounts. The former G-man’s list even included a three-digit password
for a “Gun Lock.”
The illegal incursions into these two accounts emanated from IP
addresses in Greece and the Russian Federation, according to the
victims.
Other records show that “Guccifer” has sought to monitor, albeit to a limited degree, the federal criminal probe targeting him.
For instance, after TSG reported the hacking of several Bush family e-mail accounts--most notably the AOL account of
Dorothy Bush Koch--“Guccifer”
lost control over those accounts. He still, however, was able to
monitor the hacked account of Koch’s friend Patricia Legere. Which
allowed him to read an e-mail from Koch informing friends and family
that her account had been compromised and that Secret Service agents
were en route to her residence to collect her computer for analysis.
Similarly, after “Guccifer” hacked the e-mail and Facebook accounts
of an Obama administration appointee, he somehow maintained access to
the victim’s telephone records. Those documents, “Guccifer” discovered,
revealed that the FBI contacted the federal official immediately after
the hacking was reported by TSG.
Though publicizing his continuing criminal activity could provide
federal agents with new leads and investigative avenues to pursue,
“Guccifer” professed to be carefree despite his status as one of
America’s most wanted hackers: “NO I am not concerned, i think i switch
the proxies go to play some backgammon on yahoo watch tv, play with my
family and daughter.” The hacker wrote of buying a “new powerful
computer” to help continue his illegal activities. Noting that he would
be “back in business,” “Guccifer” closed one e-mail with a one-word
declaration: “HAAAACKKKK!”
In other correspondence, “Guccifer” has written of living overseas,
though that could be a feint from a hacker who has spent more than a
year using proxy servers, fake IP addresses, burner e-mail accounts,
anonymizing software, and other methods to evade pursuing law
enforcement authorities.
“Guccifer”
wrote of turning over his archive “just in case I am busted,” but he
has not offered a rationale for the crime spree detailed in those
documents. While referring to his distaste for the “new ukusa empire,”
the hacker claims to be operating from “the cloud of Infinite Justice.”
Still, it is hard not to view many of his break-ins as crimes of
opportunity. Hacking for hacking’s sake, with a simple goal of
disruption, havoc, and embarrassment.
Which, of course, does not make his frenzied rampage any less
felonious. In fact, two files in the “Guccifer” archive appear to show
the hacker researching possible criminal charges in a United States
court. A 76-page Congressional Research Service report explores the
“Extraterritorial Application of American Criminal Law” while the other
file includes the section of the U.S. Code detailing the country’s
extradition law and treaties.
Perhaps these documents indicate that “Guccifer” thinks the end is near. Or maybe he just stole them from somebody’s Inbox.
http://www.thesmokinggun.com/documents/guccifer-archive-687543