The Daily Beast Guccifer Scoop and Those GRU Officers Sanctioned Last Week

The Daily Beast has a story reporting (in addition to the already reported news that the DNC hack got moved under Robert Mueller) that the person behind the Guccifer 2.0 persona “slipped up” once and failed to use the VPN hiding his location in the GRU headquarters in Moscow.

[O]n one occasion, The Daily Beast has learned, Guccifer failed to activate the VPN client before logging on. As a result, he left a real, Moscow-based Internet Protocol address in the server logs of an American social media company, according to a source familiar with the government’s Guccifer investigation.

The US identified which particular officer was behind the Guccifer persona.

Working off the IP address, U.S. investigators identified Guccifer 2.0 as a particular GRU officer working out of the agency’s headquarters on Grizodubovoy Street in Moscow.

And then, according to TDB, the Guccifer persona was handed off to a more experienced GRU officer, with better English skills.

Sometime after its hasty launch, the Guccifer persona was handed off to a more experienced GRU officer, according to a source familiar with the matter. The timing of that handoff is unclear, but Guccifer 2.0’s last blog post, from Jan. 12, 2017, evinced a far greater command of English that the persona’s earlier efforts.

TDB’s sources did not reveal the name of the officer identified from the VPN “slip up.”

The Daily Beast’s sources did not disclose which particular officer worked as Guccifer.

But we may already know the name or names of the GRU officers involved. As I noted last week, Treasury added two names to the list of GRU officers sanctioned in conjunction with the DNC hack: Sergei Afanasyev and Grigoriy Viktorovich Molchanov. Both would actually be (very) experienced officers — they are 55 and 62. And both include very interesting “as of” dates identifying the last point when our intelligence officials identified their positions: February 2017 and April 2016, respectively.

The latter is of particular interest, as it came during the period when Guccifer 2.0 was setting up his infrastructure. But the government doesn’t know a ton about this guy — they know his birth year, but not his birth date, and possibly not even his passport information.

In any case, last week, the government revealed two new people it blames (and therefore sanctioned) for the DNC hack.

As TDB notes, the revelation that the government has tied Guccifer 2.0 to a known GRU officer is utterly damning for Roger Stone, who has admitted talking to him. But they don’t lay out how squirrelly Stone was in early March when trying to deny he was in trouble for his dalliances with Guccifer 2.0 and Wikileaks, which I laid out here.

In his response he does the following:

  • Raises doubts that he was actually talking to Guccifer 2.0 (even though Guccifer 2.0’s only identity was virtual, so Stone’s online interactions with any entity running the Guccifer Twitter account would by definition be communication with Guccifer 2.0)
  • Repeats his earlier doubts that Guccifer 2.0 is a Russian operative
  • Emphasizes that he couldn’t have couldn’t have been involved in any hack of the DNC Guccifer 2.0 had done because he first spoke to him six weeks after the email release (in reality, he was speaking to him three weeks after the Wikileaks release)
  • Admits he once believed Guccifer 2.0 did the hack but (pointing to the Bill Binney analysis, and giving it a slightly different focus than he had in September) claims he no longer believes that
  • Invents something about a WaPo report that’s not true, thereby shifting the focus to receiving documents (as opposed to, say, information)
  • Denies he received documents from anyone but not that he saw documents (other than the Wikileaks ones) before they were released

This denial stops well short of explaining why he reached out to Guccifer. And it does nothing to change the record — one backed by his own writing — that Stone reached out because he believed Guccifer, whoever he might be, had hacked the DNC.

At the time Stone reached out to Guccifer (as I pointed out, he misrepresented the timing of this somewhat in his testimony), he believed Guccifer had violated the law by hacking the DNC.

He never does explain to Todd why he did reach out.

Guccifer 2.0 never comes back in the remainder of the interview.

Just weeks ago, when his buddy Sam Nunberg was giving (potentially immunized) testimony to the grand jury, Stone was really really squirrelly about whether his conversations with Guccifer 2.0 put him at legal jeopardy. The confirmation of the GRU tie may provide one reason why he’s so squirrelly.

Update: As Kaspersky’s Aleks Gostev notes, Treasury should know far more on Sergei Afanasyev. RT publicly described him as Deputy Chief of GRU in April 2016. And Molchanov is, at least now, head of GRU’s academy.

64 replies
  1. greengiant says:

    According to Adam Carter’s blog Lee Stranahan of Breitbart and now Sputnik was communicating with Stone before Aug 5th.2016. Quite a nest of GOP and some time Kremlin employees in the mix.

  2. SpaceLifeForm says:

    Still not convinced that G2 is GRU.

    Tor and France exit nodes.

    Twitter logs that show ip addresses not proof.

    • DMM says:

      Not sure how much faith Marcy has in the Daily Beast article (as to G2 being GRU, or some other aspect, isn’t clear), given the use of quotes around “slip[ped] up” a couple of times. Always good to be skeptical about cyber (ugh) attribution, especially “slip ups,” as everything about it is susceptible to manipulation, which is why info from NSA network and computer implants (and some human intel) are really the only solidly trustworthy evidence (as opposed to “forensic” analyses by security companies) against a sophisticated adversary.

      • SpaceLifeForm says:

        “which is why info from NSA network and computer implants (and some human intel) are really the only solidly trustworthy evidence (as opposed to “forensic” analyses by security companies) against a sophisticated adversary.”

        Unfortunately, that assumes facts not in evidence. Every one of your points can not be proven true.

        Sorry, but, no, just no.

  3. orionATL says:

    oh happy day. satisfaction.

    no more mystery about who gucifer 2.0 is (not that this won’t be challenged by various conspiratorially inclined experts) – no more “time stamps”, no more romanians posing as russians, no more super-experts filing noisy minority reports, no more “dem inside job”.

    still, one would not expect two such high ranking officers to be so directly involved. besides, gucifer’s voice was that of a much younger, more expressive, more plaintive, more egotistical personae than one would expect of senior bureaucrats. but i’ll take what i can get.

    now it’s on to shadow brokers’ identity.

  4. obsessed says:

    Thanks – been waiting for your take on this. Now, what do you think Rosenstein & Co. are going to announce tomorrow morning?

  5. obsessed says:

    I was so disgusted when Reagan got elected that I dropped out for a couple decades, so I missed Iran-Contra and Bush’s savings and loan debacle. So the four great loves of my scandal-mongering life have been: Watergate, Plamegate (during which I became a certifiable wheelhead), Bridgegate and this, which I call HydraGate since it has about a dozen unrelated and equally horrific scandals all connected only by Trump. Watergate, obviously, ended well. I was so bitter about Plamegate and Bridgegate that I vowed to sit this one out, but, well, here I am – more “obsessed” than ever. I had – with surprising success – managed to shut out every last bit of news from election night to the day I accidentally saw a huge headline on a newstand: “Trump Fires Comey” – and I couldn’t let it go. I still blamed Comey for the election so it made no sense. And before I knew it, “they pulled me back in”.

    My question to you: on a scale of 1 to 10, where 1 is a Plamegate-esque resolution (where Manafort and Flynn are roughly equivalent to Scooter Libby) and 7 is Watergate (where Nixon went down, but wasn’t imprisoned, and where the GOP survived to unleash the Reagan disaster), what are your emptywheel gut instincts telling you about this one? And how has that changed since your priceless BloggingHeads interview with Robert Wright a few months ago? I’d love to see a daily tracking poll graph that shows your evolving answer to this question. I’d also love to see a sequel to the Wright video.

  6. Bay State Librul says:

    I know The Mensch (Louise) is off the wall, but didn’t she reveal Guccifer a year ago?



  7. earlofhuntingdon says:

    Trump is a fraud. That’s what he keeps running from. Part of him is still that little boy running away from daddy’s anger, while trying to find favor with him. There’s sibling rivalry, as he tries to beat his talented older brother, the one who earned his place at Wharton and who was driven to suicide by his family demons.

    More than Ivanka, Trump cares about his self-image, which is why everyone around him needs to be beautiful, in a Dorian Grayish way. He cares about the idea that he runs an empire. If it turns out that his “empire” is a house of cards funded by laundered Russian money – which would explain his fawning ways with Putin – his empire and his image go down in flames, regardless of whether he remains president.

    If the Russians have serious dirt on Trump, it probably relates to that. If Mueller has a serious case against Donald, and not just those around him, it probably relates to that. It would also relate to specific crimes that involved, such as tax evasion, money laundering, and other kinds of financial fraud. Trump would burn the house down around him to avoid such revelations, let alone having them documented and proven in court.

    • Pete says:

      The lengths people will go to not look at themselves honestly in the mirror.

      We know Trump is not honest but he probably has plenty of mirrors – for primping.



    • pseudonymous in nc says:

      Had the Idiot lost as expected/intended and set up the TV network (i.e. slapped his name on OANN) he’d have probably immunised himself against investigation because it would have looked like the misuse of power to seek political retribution: it would have been more of a Robert Maxwell situation, where the wheels come off for the kiddiwinks once he’s dead. Of course, now he misuses power for political retribution.

    • earlofhuntingdon says:

      None of that is new.  Nor is it news to his ghost writer/biographer or to David Cay Johnston, for example, or to those in NYC paying attention.  Trump has enough skeletons to fill penthouses.  That’s why he had a program to pay off some of his sex partners (and others?).

      The presidency is the most public office on the planet.  That means much of what Trump has done would come out, and not just before the election, which he falsely claims absolves him for any prior “sins”, like having said five Our Fathers and five Hail, Marys.

      Does Trump’s narcissism and his need to self-destruct adequately explain why would he run for that office?  Or was it understood as a way to pay off debts to a lender who will never really let go?

    • earlofhuntingdon says:

      From that Guardian article, this time about Google:

      One of the final slides explains how the company used paid-for Google ads to implement “persuasion search advertising”, to push pro-Trump and anti-Clinton search results through the company’s main search facility….

      “That’s a Google manipulation thing,” Kaiser said, adding that while a “general person” probably did not know how easy it was to pay for ads to appear high in Google search results, it was considered “an old-school tactic” in her industry.

      It is systemic.

      • Trip says:

        Google sucks as a search engine now. You used to be able to fine tune specific date ranges and key phrases. No more. It sends you a mishmash of mostly current info. Forget about searching for products outside of Amazon.

        • cat herder says:

          The only way to get semi-useful results is to use the ‘Verbatim’ feature. Bookmark this:

          There is a string to exclude certain domains from a search result, like so:

          It works on all domains except Google’s own ones. So if you are trying to find a thing, and not books about the thing, you’re fucked. Thanks, Google. Self-promoting yourself to uselessness.

  8. matt says:

    the revelation that the government has tied Guccifer 2.0 to a known GRU officer is utterly damning for Roger Stone

    It would be nice to see Stone go down in flames.  Wouldn’t it make sense that Cambridge Analytica and/or Stone/Manifort/Bannon reached out to one or more of Internet Research Agency, Putin, or Guccifer2.0?

    Aren’t these the collusion connections that would blow this whole thing up? Am I wrong to hope that Mueller has the goods on this?


  9. SpaceLifeForm says:

    The more I think about this story,  the more doubts I have.

    No hard facts at all.  Just IC sources.

    The timing is really nice though to try to get the FB/SCL/CA story buried, especially in light of the new excuse about FB allegedly doing an ‘audit’ last Monday (2018-03-19).

    “SCL lawyers say the reason that Facebook went to Cambridge Analytica’s offices on Monday March 19 to discuss whether Facebook might reinstate CA on the platform.”

    [Yeah, sure, yeah that’s the ticket.  I’ll just reiterate that the London offices for both CA and SCL are the exact same address]

    [And why would Facebook have to go to the SCL/CA office to discuss unblocking CA when they can decide that on their own without making any visit?]

    [This is a large coverup attempt,  by both FB and SCL]

    [Note ICO may get in the offices soon]

    • SpaceLifeForm says:

      Eighteen enforcement officers have entered the Cambridge Analytica headquarters in London to search the premises after the data watchdog was granted a warrant to examine its records.

      This is just one part of a larger investigation into the use of personal data and analytics for political purposes.

      [Larger investigation]

      News of the raid came as the acting CEO of Cambridge Analytica Dr Alexander Tayler, appointed after the suspension of Alexander Nix, issued an apology about the way some data had been collected by an affiliate company.

      “I am sorry that in 2014 SCL Elections [an affiliate of Cambridge Analytica] licensed Facebook data from a research company [GSR] that had not received consent from respondents,” he said.

      “The company believed the data had been obtained in line with Facebook’s terms of service and data protection laws.”

      “We are now undertaking an independent third-party audit to verify that we do not hold any GSR data,” Tayler added.

      [Pure spin and BS. Panic setting in]

      • earlofhuntingdon says:

        Not much in the SkyNews piece.  It is not normally critical of a Tory government.

        Interesting that the hearing today at the high court took five hours. In addition to the time spent earlier in the week, CA certainly had time to prepare and present its counterarguments to the ICO’s request for a warrant.  Hope the ICO gets to evaluate the relevance of whatever was in those stacks of file crates.

        • SpaceLifeForm says:

          Which crates? The ones SCL/CA got out before ico got there after uk court intentionally delayed for days, or the crates that ico got after nearly 7 hours?

          There are pics of crates leaving the building *BEFORE* the warrant was issued.

          Hoping ico dusted the place for fingerprints.

  10. matt says:

    SLF, do you think that CA/SCL is the linchpin between Trump associates and Russia? All these guys have worked together behind the scenes for years… someone has to coordinate (CA) and someone as to be the “cut-out” (lone wolf Russian hackers or GRU). Presumably, Putin wouldn’t even mind “taking the blame” to scuttle in depth inquiry… as long as his financial interests continue to be served.

    • SpaceLifeForm says:

      I do not believe FB/SCL *directly* relate to either Trump or Russia. I do believe that FB/SCL are related to UK/US IC. And the media needs to review their relationship with IC with regard to ‘leaks’ (‘anonymous sources’ is what they usually say) leading to news articles.

    • SpaceLifeForm says:

      Another way to think about this:

      If FB/SCL are the cutouts, ask yourself who may be the coordination.

      FB/SCL may be puppets.

      Think about black-budget money.

        • SpaceLifeForm says:

          What is worse, is that so many with .mil background, absolutely go into instant denial when confronted with this. Immediate denial. They can not believe. Will instantly tell you that you are wrong. Instantly. It is too much stress on their brain. Just for their brain to even contemplate evil inside .mil is anathema. Because for .mil folk to actually understand the problem requires for them to accept that they have actually been brainwashed and indoctrinated.

          Wars don’t exist in a vacuum. They happen so the fascists can keep a large enough percentage of the population scared and therefore keep the fascists in power.

          What is happening now is basically 9-11 on steroids.

          You know how Dubya and the politicians reacted to that.

          It is all about the *REACTION* to a possible threat.

          The *REACTION* will cause more problems than the actual or perceived threat itself.

        • matt says:

          Right.  9/11 was a pretext, just like WMD in Iraq2.

          …and like Assad’s chemical attacks, possibly the Skripal hit… and whatever they are going to cook up for Iran or N. Korea.

        • bmaz says:

          Jesus christ. Now you are straight up truthering here?? You know, when you have your head too far in the “Deep State”, you have your head deep, but not necessarily in the state.

        • matt says:

          Conspiracy or not, 9/11 was a pretext.  It was the justification to invade and occupy Afghanistan… and Iraq.  The justification for the Patriot Act and the creation of the DHS.  It changed everything.  I don’t think anyone would argue that.

          However, as a fellow hard scientist- (I read you have a background in organic chemistry) I challenge you to watch the new Massimo Mazzucco documentry on 9/11.  I have plenty of friends and family with conventional mindsets and advanced degrees- not a single one has watched it and said it was bunk.

    • SpaceLifeForm says:

      ‘Corporations like Google, Facebook, Amazon, all of these large companies, are making tens or hundreds of billions of dollars off of monetising people’s data,” Kaiser says. “I’ve been telling companies and governments for years that data is probably your most valuable asset. Individuals should be able to monetise their own data – that’s their own human value – not to be exploited.”



      • matt says:

        Another mention of Israeli Hackers by Brittany Kaiser.  If they’re the contractors performing unmentionables… why not a top spot for possible perpetrators of the DNC/Hillary hacks?

        Also, if rogue/dark IC operators are in the mix, I’d imagine they’d be working for deep embedded (decades old) interests… not the likes of the new Alt-Right.  What am I missing?

  11. Jake Murrin says:

    If Stone “colluded,” then so did the countless journalists that also made contact with Guccifer 2.0.

  12. bmaz says:

    Hey Jake, thanks for dropping by. I have seen all three of your comments, and they are all trollery. You DO seem to have an agenda, why not put it out in the open?

  13. tinao says:

    To Matt and SLF, the reply button is not working for me either. I got a really weird message that “Your not allowed to do that action.” Anyway, what do you mean by IC. Also, when you say shadow government do you mean american and worldwide oligarchs? They are rapidly co-ordinatining, consolidating and basically buying governments. Same old shit different century. Real democracy will always be under attack from that crew.

    • matt says:

      IC = Intelligence Community.  Yes, I believe worldwide oligarchs fits the bill.  My conundrum in my voting life has been wanting to believe that the Dem/Clinton/Obama camp in the government was a real alternative to the Neocon/Bushite cabal.  And wondering at first if Trump really was an outsider.  I’m convinced now that the people behind Trump just represent a radical version of militaristic Libertarianism similar to Neocon philosophy minus the pretext of “democracy building for your own good.”

      At any rate, not that the Dems are beyond corruption, but I’m beginning to believe that they have a minimum respect for humanity… for which this “minimum” was too much for elites in power… and thus the long premeditated (before Trump) efforts to undermine Hillary Clinton.

  14. SpaceLifeForm says:

    Election Fraud on both sides of pond.

    Keys:  CA, FB, SCL, AIQ, Palantir

    (AIQ brings to mind this front https[;]// . Funny they are now a .org)
    And then he found the drive: a shared Google drive that Vote Leave had set up and that has every appearance of being a smoking gun. It’s here that Grimes and Sanni shared content with key Vote Leave directors, including campaign director Dominic Cummings, and Vote Leave’s data analytics firm, AIQ.
    “I looked at it and I thought ‘Oh, my God.’ That’s when I realised things were serious. I was, ‘OK, this is really fucked up.’”
    What Sanni realised was that on 17 March 2017, Victoria Woodcock, the chief operating officer of Vote Leave, went through the drive and deleted herself, Cummings and Vote Leave’s digital director, Henry de Zoete, from more than 100 files. However the system logged a record of her activity. It is not known whether or not she was acting under instruction.
    This was 17 days after the Electoral Commission had written to Vote Leave and Darren Grimes, telling them that it was opening an investigation into the donation. And 13 days after the Observer had announced the Information Commissioner’s Office was launching an inquiry into the use of data in the referendum.
    To Sanni it was obvious that something was seriously amiss – that this was evidence that had been deleted. Woodcock had painstakingly gone through the files one by one, and removed their names from them. Not one or two, but 140 of them. On a blog post published on Friday, Cummings says this is “factually wrong and libellous”. Vote Leave say staff acted “ethically, responsibly and legally in deleting any data”.
    “What did you do when you saw that on the drive?” I ask Sanni.
    “I told Chris,” he says.
    [As in Wylie]

    • SpaceLifeForm says:

      “The idea that Dom had no idea of AIQ’s connection to Cambridge Analytica is complete bullshit,” said the source. “It was a former Cambridge Analytica employee who made the introduction. He knew exactly how the two companies operated together. He knew they’d worked together on the [former candidate for the Republican nomination for president] Ted Cruz campaign and that they shared the same underlying technology,” said the source.

      Until 2016, AIQ had no clients other than Cambridge Analytica. The lack of a website, Wylie claims, was because at the time of the referendum it was operating almost as “an internal department of Cambridge Analytica. It didn’t have a website and no contact number. The only public contact number was SCL’s website.” However, AIQ says it has had a website since it was founded in 2013.

      [Stuff not adding up]

      [Can not find Cambridge Analytica LLC or Cambridge Analytica Canada. Suspect both were shell companies if they ever existed at all]

      • SpaceLifeForm says:

        Jeff Silvester was Wylie’s first employer, a man he had known since he was 16 and who went on to co-found AIQ. Last May, Wylie showed me a document that proved the link: an intellectual property agreement that showed SCL Elections owned AIQ’s IP “in perpetuity”. This document shows the link between Cambridge Analytica and AIQ. Between Robert Mercer, Steve Bannon and Brexit. What’s more, says Wylie, AIQ deployed the algorithms that Cambridge Analytica built. “AIQ managed Ripon, Cambridge Analytica’s platform, and built a lot of the tech to connect the algorithms to social and online advertising networks.” In response to our questions, AggregateIQ said: “AggregateIQ has always been 100 per cent Canadian owned and operated. AggregateIQ never worked or even communicated in anyway with Cambridge Analytica, or any other parties related to Cambridge Analytica, with respect to the Brexit campaign.”

        [Note they (AIQ) do *NOT* deny any tie to Trump campaign]

        • matt says:

          This implies the anti-globalist/UN/EU elites have a coordinated strategy that goes back (at least to Brexit) when it comes to CA/SCL groups activities.  If this is true, Trump is just riding the wave of a much bigger movement… and its those of this movement that are schemers of the anti-Hillary foreign policy and the 2016 election meddling.  So, is anyone willing to take the spotlight off Putin as the “mastermind” of all this in light of these recent revelations?

Comments are closed.