U.S. officials are increasingly confident that the hacker Guccifer 2.0 is part of a network of individuals and groups kept at arm’s length by Russia to mask its involvement in cyberintrusions such as the theft of thousands of Democratic Party documents, according to people familiar with the matter. While the hacker denies working on behalf of the Russian government, U.S. officials and independent security experts say the syndicate is one of the most striking elements of what looks like an intensifying Russian campaign to target prominent American athletes, party officials and military leaders. A fuller picture of the operation has come into focus in the past several weeks. U.S. officials believe that at least two hacking groups with ties to the Russian government, known as Fancy Bear and Cozy Bear, are involved in the escalating data-theft efforts, according to people briefed on the Federal Bureau of Investigation’s probe of the cyberattacks.
Following successful breaches, the stolen data are apparently transferred to three different websites for publication, these people say. The websites—WikiLeaks, DCLeaks.com and a blog run by Guccifer 2.0—have posted batches of stolen data at least 42 times from April to last week.
WikiLeaks has published U.S. secrets for years but has recently taken an overtly adversarial tone toward Democratic presidential nominee Hillary Clinton. Cybersecurity experts believe that DCLeaks.com and Guccifer 2.0 often work together and have direct ties to Russian hackers.
… Last week, U.S. intelligence chief James Clapper said it “shouldn’t come as a big shock to people” that Russia is behind the hacking operation. While Russia has tried to interfere in U.S. elections since at least the 1960s by spying and funneling money to particular political groups, “I think it’s more dramatic maybe because now they have the cyber tools,” he said.