The pseudonymous hacker Guccifer 2.0 who previously claimed responsibility for the high-profile DNC (Democratic National Committee) hack, released a fresh trove of DNC documents on 13 September, while "speaking" at a cybersecurity event held in London. WikiLeaks has since also released Guccifer 2.0's latest cache of DNC documents.
Although the hacker was slated to make a virtual appearance at theThe Future of Cyber Security Europe conference in London, he was a no show. However, he did provide a lengthy statement, which was read out loud by someone else at the cybersecurity event. The latest trove of over 600 MD data released by Guccifer 2.0 details DNC fundraising information and IT infrastructure.
The hacker's most recent DNC data dump includes information on DNC fundraising and IT network infrastructure. The dump includes personal and sensitive information of a list of donors, including names, addresses, phone numbers and emails. The leaked data also details memos on tech enterprises from Democratic vice-presidential nominee Tim Kaine, during the time he served as the governor of Virginia, the Politico reported.
In his lengthy statement, the hacker censures Twitter for censoring "twits" and blames IT corporations for storing user data, which in turn he claimed, made it "vulnerable for leaks". Guccifer 2.0 also claimed that the new DNC documents were stolen from NGP VAN, the firm which is a software provider to the DNC. However, according to a report by Motherboard, the hacker had previously claimed to have gained access to the DNC via a vulnerability in NGP VAN.
Despite these claims, cybersecurity firm ThreatConnect, which has closely followed and analysed the DNC breach, said Guccifer 2.0's claims regarding NGP VAN are unfounded. Additionally, the firm said their research indicated that Guccifer 2.0 was likely a "Russia-controlled" persona portrayed as a hacktivist.
Guccifer 2.0's last dump was on 31 August, when he released records from the DCCC (Democratic Congressional Campaign Committee) and detailed information on sensitive issues like the party's tactics for dealing with Black Lives Matter and more. The hacker first shot into prominence after leaking internal DNC files on Democratic presidential candidate Hillary Clinton and various donors to the Democratic campaign. The hacker later also dumped the personal email addresses and phone numbers of almost all House Democrats and their employees causing widespread panic and chaos.
The data dump is the latest to hit the Democratic party, which has recently been the target of several major leaks. In a recent interview, WikiLeaks founder Julian Assange also vowed to release further information on Clinton and her charitable foundation. The leaks have left the party grappling with security issues, in addition to dealing with widespread rumours of Clinton's health.
Below is the complete transcript of Guccifer 2.0's rambling statement, read out at the cybersecurity conference in London:-
Hello everyone This is Guccifer 2.0.
I'm sure you know me because my name is in the conference program list. As I see it, this is the place to discuss cyber security and cyber threats. And may be to propose some solutions. Let's figure out who poses the real threat to begin with.
Cyber security firms are quick to blame hackers for their activity. Yeah, they cause a lot of troubles for business and politics. But, who poses a real cyber threat? what do you think? Is it Guccifer? Or Snowden? Or Assange? Or Lazar? No. It seems obvious. It's plain as day you would say. But still my answer is no. Large IT companies pose a real cyber threat nowadays.
You may perfectly know some of them or may not. But their responsibility for the future of our world is growing from day to day. And I will explain to you why.
So. What's wrong with large IT companies? First. On their way to a global progress and big money they are collecting users' personal data, which is the same as spying on people, because many of us don't even realise they track us online and collect our info. Companies store these data making it vulnerable for leaks.
Second. They create conditions that make people store their info in cloud services. It seems convenient but it's extremely vulnerable because it's thousand times easier to steal the data from the cloud than from a personal cell phone for instance.
The next reason, and the crucial one, is software vulnerability. Tech companies hurry to finish the work and earn money. So they break development cycle very often omitting the stage of testing. As a result, clients have raw products installed on their systems and networks with a great number of bugs and holes.
Fourth. It's well known that all large companies look forward to receiving governmental contracts. They develop governmental websites, communication systems, electronic voting systems, and so on and have their products installed to critical infrastructure objects on the national level. They are aggressively lobbying their interests. You can see it at the diagram that they spent millions of dollars for lobbying. That doesn't mean they will produce better software. That means they will get even more money in return.
Fifth. This is censorship. For example Twitter censors unwelcome users. I can judge it by myself here. You can see how Guccifer 2 hashtag unnaturally abruptly stops trending. It seems impossible that all Twitter users just stop twitting about Guccifer 2 leaks, in a moment. That's why people started Guccifer 3, 4, 5 hashtags to avoid censorship. People also told me their twits [sic] were not shown in the Twitter live wall unlike to their account's wall.
So, the cyber aggressiveness is progressing nowadays. The number of cyber attacks is steadily growing. What's the reason? What's wrong with the cyber defense? Well. they take wrong measures. They search for cyber criminals, sentence them. But two more hackers appear instead of one convicted.
The real problem is inside. This is just the same as in offline world. This is not enough to prosecute criminals. It requires preventive measures, to fight criminality by elimination of the possibility of crime.
So, what's the right question we should ask about cyber crime? Who hacked a system? Wrong. The right question is: who made it possible that a system was hacked? In this regard, what question should you ask me? How I hacked the DNC??? Now you know this is a wrong question. Who made it possible, that I hacked into the DNC. This is the question.
And I suppose, you already know the answer. This is NGP VAN Company that operates the DNC network. And this is its CEO Stu Trevelyan who is really responsible for the breach. Their software is full of holes. And you knew about it even before I came on stage. You may remember Josh Uretsky, the national data director for Sander's presidential campaign. He was fired in December, 2015 after improperly accessing proprietary data in the DNC system.
As it was agreed, he was intentionally searching for voter information belonging to other campaigns. However, he is not to blame. The real reason voter information became available for non-authorized users was NGP VAN's raw software which had holes and errors in the code.
And this is the same reason I managed to get access to the DNC network. Vulnerabilities in the NGP VAN software installed on its server which they have plenty of. Shit! Yeah? This scheme shows how NGP VAN is incorporated in the DNC infrastructure.
It's for detailed examination, if you are interested. And here are a couple of NGP VAN's documents from their network. If you r [sic] interested in their internal documents. You can have them via the link on the screen. The password is usual. It's also on the screen. You may also ask the conference producers for them later.
So, as you see there's no need to breach into separate users accounts or separate systems. You just need to hack their tech company. This is the feature. Big IT companies lead us to a disaster. In their pursuit for money they release raw software, so their clients are highly vulnerable. It became usual to blame everything on hackers while IT companies just pretend they are working hard to patch bugs and to plug holes. And they even ask for more and more money to correct their own mistakes. As a result they pose a threat to the critical infrastructure elements and the national security as a whole. Total computerization along with inadequate software development may cause a lot of troubles. That's why it's better to use paper sometimes.
We should start now to prevent electronic apocalypse and rise of the machines in the future. Or else it would be too late. As the financial corporations are ruling the world now so the IT companies will rule it in the near future. What should we do? You would tell me I could report a bug to the company as it's commonly done. What do you think they would answer me? Thanks? Or this is not crucial? Or maybe they would even give me some money. Yeah But what could it change? Nothing. Yeah. Really. Nothing at all.
We need to shake the situation, to make our voices sound. Yeah, I know if they find me I'm doomed to live like Assange, Snowden, Manning or Lazar. In exile or in prison. But it's worth it for they are the heroes, heroes of new era.
Thanks for ur attention. See you online!