BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Elite Russian Hackers Claim To Have Breached Three Major U.S. Antivirus Makers
School Lunch Business Rivalry Leads To Hacking Charges
Cybercriminals Steal $1.75 Million From An Ohio Church
Ransomware Hits Yet Another U.S. Airport
A Free Wi-Fi Finder App Exposed Passwords To Millions Of Networks
A Ransomware Attack Knocked The Weather Channel Off The Air
Edit Story
ForbesInnovationCybersecurity

Democrat Hacker Guccifer 2.0 'Appears' At London Show -- Here's What Was Said

Thomas Brewster
Forbes Staff
Senior writer at Forbes covering cybercrime, privacy and surveillance.
Following
This article is more than 7 years old.

Guccifer 2.0, the hacker who took responsibility for stealing data from the Democratic National Committee (DNC) and the Democratic Congressional Campaign Committee (DCCC), was listed on the lineup for an otherwise typical cybersecurity conference in London today. But he or she wasn’t talking, but instead provided materials to an individual who spoke on behalf of the troublemaker. A public Twitter message indicated Guccifer’s "speech" was legitimate, making this the first conference where the hacker has "spoken".

Via the remote amanuensis, one of the Future of Cyber Security Europe event organizers, Guccifer told a small crowd of security specialists that another 500MB of fresh information from the DNC breach was being leaked, providing a link and a password to access the data. FORBES has obtained the documents, which included images ostensibly showing the inner workings of the DNC IT infrastructure, some donor analysis and finance files, amongst other data.

Guccifer, who previously released tranches of stolen data on a WordPress site, said the documents also showed how NGP VAN software was deployed by the DNC. The hacker claimed that the company's tech contained vulnerabilities that allowed them to breach the Democrats.

There's currently no evidence showing Guccifer breached the DNC via an NGP VAN weakness. Additionally, NGP VAN pointed me to a blog post from security outfit ThreatConnect, which noted inconsistencies in Guccifer's claims. The company, which bills itself as the "leading technology provider" for the Democratic campaigns, declined to comment on the leaker's latest words.

America’s politicos fear Russia is attempting to disrupt the upcoming election. US intelligence specialists and security companies - most notably CrowdStrike - have blamed Russia for the attacks on the DNC. By extension this would suggest Guccifer worked for Putin’s regime. Guccifer has previously denied any association with the Russian government, whilst the latter has claimed innocence.

FORBES obtained a full transcript of what Guccifer "said" ahead of the talk, in which the hacker also bashed Twitter over censorship and claimed giant tech companies were spying on citizens. Here it is below:

Hello everyone. This is Guccifer 2.0. I'm sure you know me because my name is in the conference program list. As I see it, this is the place to discuss cyber security and cyber threats. And may be to propose some solutions.

Let's figure out who poses the real threat to begin with. Cyber security firms are quick to blame hackers for their activity. Yeah, they cause a lot of troubles for business and politics.

But, who poses a real cyber threat? What do you think? Is it Guccifer? Or Snowden? Or Assange? Or Lazar?

No.

It seems obvious. It's plain as day you would say. But still my answer is no.

Large IT companies pose a real cyber threat nowadays. You may perfectly know some of them or may not. But their responsibility for the future of our world is growing from day to day. And I will explain to you why.

So. What's wrong with large IT companies?

First. On their way to a global progress and big money they are collecting users' personal data, which is the same as spying on people, because many of us don't even realise they track us online and collect our info. Companies store these data making it vulnerable for leaks.

Second. They create conditions that make people store their info in cloud services. It seems convenient but it's extremely vulnerable because it's thousand times easier to steal the data from the cloud than from a personal cell phone for instance.

The next reason, and the crucial one, is software vulnerability. Tech companies hurry to finish the work and earn money. So they break development cycle very often omitting the stage of testing. As a result, clients have raw products installed on their systems and networks with a great number of bugs and holes.

Fourth. It's well known that all large companies look forward to receiving governmental contracts. They develop governmental websites, communication systems, electronic voting systems, and so on and have their products installed to critical infrastructure objects on the national level.

They are aggressively lobbying their interests. You can see it at the diagram that they spent millions of dollars for lobbying. That doesn't mean they will produce better software. That means they will get even more money in return.

Fifth. This is censorship. For example Twitter censors unwelcome users. I can judge it by myself here. You can see how Guccifer 2 hashtag unnaturally abruptly stops trending. It seems impossible that all Twitter users just stop twitting about Guccifer 2 leaks, in a moment. That's why people started Guccifer 3, 4, 5 hashtags to avoid censorship. People also told me their twits were not shown in the Twitter live wall unlike to their account's wall.

So, the cyber aggressiveness is progressing nowadays. The number of cyber attacks is steadily growing. What's the reason? What's wrong with the cyber defense?

Well. they take wrong measures. They search for cyber criminals, sentence them. But two more hackers appear instead of one convicted. The real problem is inside. This is just the same as in offline world. This is not enough to prosecute criminals. It requires preventive measures, to fight criminality by elimination of the possibility of crime.

So, what's the right question we should ask about cyber crime?

Who hacked a system?

Wrong. The right question is: who made it possible that a system was hacked? In this regard, what question should you ask me?

How I hacked the DNC???

Now you know this is a wrong question. Who made it possible, that I hacked into the DNC? This is the question. And I suppose, you already know the answer. This is NGP VAN Company that operates the DNC network. And this is its CEO Stu Trevelyan who is really responsible for the breach.

Their software is full of holes. And you knew about it even before I came on stage.

You may remember Josh Uretsky, the national data director for Sander's presidential campaign. He was fired in December, 2015 after improperly accessing proprietary data in the DNC system. As it was agreed, he was intentionally searching for voter information belonging to other campaigns.

However, he is not to blame. The real reason voter information became available for non-authorized users was NGP VAN's raw software which had holes and errors in the code. And this is the same reason I managed to get access to the DNC network. Vulnerabilities in the NGP VAN software installed on its server which they have plenty of. Shit! Yeah?

This scheme shows how NGP VAN is incorporated in the DNC infrastructure. It's for detailed examination, if you are interested. And here are a couple of NGP VAN's documents from their network. If you r interested in their internal documents, you can have them via the link on the screen. The password is usual. It's also on the screen. You may also ask the conference producers for them later.

So, as you see there's no need to breach into separate users accounts or separate systems. You just need to hack their tech company. This is the feature.

Big IT companies lead us to a disaster. In their pursuit for money they release raw software, so their clients are highly vulnerable. It became usual to blame everything on hackers while IT companies just pretend they are working hard to patch bugs and to plug holes. And they even ask for more and more money to correct their own mistakes.

As a result they pose a threat to the critical infrastructure elements and the national security as a whole. Total computerization along with inadequate software development may cause a lot of troubles. That's why it's better to use paper sometimes.

We should start now to prevent electronic apocalypse and rise of the machines in the future. Or else it would be too late. As the financial corporations are ruling the world now so the IT companies will rule it in the near future.

What should we do?

You would tell me I could report a bug to the company as it's commonly done. What do you think they would answer me? Thanks? Or this is not crucial? Or maybe they would even give me some money. Yeah. But what could it change?

Nothing. Yeah. Really. Nothing at all.

We need to shake the situation, to make our voices sound. Yeah, I know if they find me I'm doomed to live like Assange, Snowden, Manning or Lazar. In exile or in prison.

But it's worth it for they are the heroes, heroes of new era.

Thanks for ur attention

See you online!

Follow me on TwitterCheck out my websiteSend me a secure tip
Thomas Brewster
Thomas Brewster