September 7, 2016 / by emptywheel


Guccifer 1’s Potentially Russian IP Address

I’m a bit late to the FBI report on Hillary’s emails. I’m reading it now for all the details that don’t serve to reinforce one’s assumptions about Hillary’s email scandal (as the report honestly can do for all sides).

But I wanted to point to this detail. In the report’s short discussion of Guccifer 1’s hack of Sidney Blumenthal, the report suggests that Guccifer may have tried to hack Hillary in the days after hacking Blumenthal.


The passage is appropriately ambiguous. Guccifer (Lazar) successfully hacked Blumenthal on March 14, 2013. The next day — and again on March 19 and 21 — there were unsuccessful probes on Hillary’s server. The FBI suggests those may have been Guccifer, though states it doesn’t know whether it is or not (which is weird, because Guccifer has been in US custody for some time, though I suppose his lawyer advised him against admitting he tried to hack Hillary).

I find all this interesting because those probes were made from Russian and Ukrainian IPs. That’s not surprising. Lots of hackers use Russian and Ukrainian IPs. What’s surprising is there has been no peep about this from the Russian fear industry.

That may be because the FBI isn’t leaking wildly about this. Or maybe FBI has less interest to pretend that all IPs in Russia are used exclusively by state agents of Vlad Putin (not least because then they should have been looking for Russians hacking the DNC?).

It’s just an example of what an attempted hack might look like without that Russian fear industry.


Copyright © 2016 emptywheel. All rights reserved.
Originally Posted @