Guccifer2.0: Game Over - (Metadata Shows DNC Contractor & G2's Activity Only 30 Minutes Apart on Significant Date)

It took a mere 30 minutes to go from a DNC contractor creating documents to Guccifer2.0 tainting them - all occurring on a date that Guccifer2.0 claimed to be after he was locked out of the DNC Network - occurring on the same day that Guccifer2.0 emerged

February 8th, 2017 - Analysis by ADAM CARTER

NOTE: This is an older version of the article. The latest, more compact and up-to-date version is at


There are individuals, who, in reality, have a higher likelihood of being linked to Guccifer2.0 than anyone in Russia. - The intention of this article is to inform readers, extensively about everything there is to know about Guccifer2.0 (and without cherry picking - so information is inclusive of all claims, assessments, etc. even if they go against the conclusions in this article) - and from that, be armed with enough information to give motive and means the regard they deserve.

To understand who Guccifer2.0 is likely to be - it is imperative to understand WHAT Guccifer2.0 is. - What did he do? - What did he say? - Are his claims now confirmed, debunked or yet to be verified? - What were the results of his actions? - What do his lies and likelihood of them being debunked quickly and easily imply about his intent? - Was there anything misreported or omitted that may have been relevant?

The answers to the above questions will probably be surprising to many considering what the USIC, CyberSecurity researchers and the MSM have repeatedly insisted over and over again.

There are many questions, dubious answers, incidents, claims and technical detail to work through. There have also been a range of assessments and claims made by 3rd parties to account for.

As such, this article covers the full time span from G2's emergence to the present day, covering every communication publicly reported, claims made, the current status of some critical claims he made and the research, reports, etc. from various sources, in and out of government. - We also cover analysis provided by other 3rd parties including that written in articles from investigative reporters at Vice, TheSmokingGun, Gawker, etc.


1. Timeline - What Happened & When Did It Happen
2. Guccifer2.0's Claims Debunked & Discredited
3. 3rd Party Assessments - Assumptions & Conjecture vs Evidence & Facts
4. Actions, Consequences & Convenience For Anti-Leak Narratives
5. Rushing To Be Russian - The Donkey In A Bear Costume Made A Mistake
6. Recognizing Intent From Deceptions
7. With Motive & Means - Those More Likely Linked to G2 than Russians
8. Updates & Inquiries With Third Parties

(1) Guccifer2.0 Timeline - What Happened & When Did It Happen?

Date Source Activity Links
June 2016
12th In an interview aired by ITV (one of the most popular terrestrial TV channels in the UK), Assange mentions upcoming leaks in relation to the Clinton campaign. link | arch
14th DNC release a statement explaining that they've discovered their servers were hacked.
(Article also demonstrates WAPO treating "pied-piper" Trump seriously at this stage in primaries)
link | arch
15th Crowd Strike update a report onmalware that they found on the DNC's server during an investigation in May, evidence suggests the malware was injected by Russians. link | arch
15th Someone choosing to adopt the name of hacker recently in the news ("Guccifer", whom was in court the previous month), steps forward, calling himself Guccifer2.0 and claiming responsibility for the hack. He affirms the DNC statement and claims to be a source for Wikileaks. link | arch
15th TheSmokingGun publishes article "DNC Hacker Releases Trump Oppo Report" by William Bastone, detailing an email they received from Guccifer2.0 claiming responsibility for the DNC hack - provding a document more damaging to Trump than the DNC as initial proof of being responsible for the breach. link | arch
15th Gawker also report that they've received files from Guccifer2.0 in an article title: "This Looks Like the DNC's Hacked Trump Oppo File" link | arch
16th ArsTechnica publish article titled: "Lone wolf claims responsibility for DNC hack, dumps purported Trump smear file" link | arch
16th ArsTechnica publish article titled: "“Guccifer” leak of DNC Trump research has a Russian’s fingerprints on it" link | arch
17th Gawker post an article titled: "Contrary to DNC Claim, Hacked Data Contains a Ton of Personal Donor Information". It mentions that documents that they are provided include the names: "Ernesto Che" and "Felix Edmundovich" in the metadata. link | arch
17th ThreatConnect publish report titled "Rebooting Watergate: Tapping into the Democratic National Committee" link | arch
17th TSG publish article titled: "DNC Financial Records Stolen By 'Guccifer 2.0'" link | arch
18th Posts blog entry titled: "New docs from DNC network: lots of financial reports and donors’ personal data" - Seems there's an intent to focus on the fact it has "personal" data, to quote G2: "including e-mail addresses and private cell phone numbers. Ha! Ha! Ha!" link | arch
20th link | arch
20th link | arch
20th Post blog entry titled: "Dossier on Hillary Clinton from DNC. Expect It". Promises to deliver on 21st June. Posts 2 screenshots of a memo (that looks like it was sent to a broad list of people anyway) with everything but a header blurred out showing the email purportedly from Brian Fallon acting as Press Secretary for HFA. Posts tweet linking to article. link | arch
21st Article published titled "We Spoke to DNC Hacker 'Guccifer 2.0'" by Lorenzo Franceschi-Bicchierai. link | arch
21st Articled published titled "Here's the Full Transcript of Our Interview With DNC Hacker 'Guccifer 2.0'" by Lorenzo Franceschi-Bicchierai. link | arch
21st Post blog entry title: "Dossier on Hillary Clinton from DNC" - Containing links to various, widely circulated and non-classified documents relating to the DNC and HRC. - Posted tweet linking to article. link | arch
21st TSG publishes article titled: "DNC Researched Clinton Speeches, Travel Records" link | arch
22nd Posts blog entry titled: "Want to know more about Guccifer 2.0?" link | arch
22nd link | arch
22nd link | arch
23rd Article published titled: "Why Does DNC Hacker 'Guccifer 2.0' Talk Like This?" posted by Lorenzo Franceschi-Bicchierai. Includes language analysis assessments from 3 different individuals. (We check out all of these claims and Guccifer2.0's overall use of language as well as look in more detail at the differences in language construction rather than just take assessments at face value) link | arch
29th ThreatConnect publishes article titled: "The Shiйy ФbjЭkt?" / "Shiny Object? Guccifer 2.0 and the DNC Breach" link | arch
29th link | arch
30th Posts blog entry titled: "FAQ from Guccifer 2.0" link | arch
July 2016
4th link | arch
6th Posts blog entry titled: "Trumpocalypse and other DNC plans for July". Posts tweet linking to article. link | arch
7th ThreatConnect publish article titled: "What's in a Name Server?" link | arch
8th link | arch
10th Seth Rich murdered. - There are some who suspect Seth Rich may be related to the leaks. - This article isn't concerned with trying to support or refute that claim, we are only including this for sake of reference in the timeline. link | arch
11th link | arch
14th Posts blog entry titled: "New DNC docs" link | arch
20th ThreatConnect publish report titled: "Guccifer 2.0: the Man, the Myth, the Legend? " link | arch
22nd Wikileaks start publishing the DNC emails. link | arch
22nd link | arch
26th Kevin Collier of Vocativ publishes article "Guccifer 2.0 Is Likely A Russian Begging Us To Write About DNC Hack" link | arch
26th Joe Uchill of The Hill posts article: "Evidence mounts linking DNC email hacker to Russia" and cites an email he shared with ThreatConnect from which they identify G2 is using a Russian VPN service. link | arch
26th ThreatConnect publish report titled "Guccifer 2.0: All Roads Lead to Russia" link | arch

TAIA Global release a brief and frankly questionable analysis asserting that Guccifer2.0 is likely Russian for a variety of contrived reasons quite a few of which require contorting through statistical likelihoods of noun usage between Russian and Romanian languages. - TAIA Global is Jeffrey Carrs organization, out of respect for the insight he provides on technical issues, we'll just put forward our own research and assessments counter to this rather than be too critical of his analysis (which to be fair was solely of the interview - but in that interview, you can see G2 doesn't drop definite articles until he's prompted by having his nationality questioned - he seems to reactively do this in a few instances (aside from just this interview) and tends to drop definite articles and prepositions, but does so seldomly. Naturally/habitually, he does make use of these frequently and with considerable precision considering he's supposedly Russian. arch only
29th ThreatConnect publish report titled "FANCY BEAR Has an (IT) Itch that They Can't Scratch" link | arch
August 2016
12th TSG Publish article by William Bastone titled: "Tracking The Hackers Who Hit DNC, Clinton". link | arch
12th TSG Publish article titled: "Hacker Publishes List Of Cell Phone Numbers, Private E-Mails For Most House Democrats" link | arch
12th ThreatConnect publish report titled "Does a BEAR Leak In The Woods?" link | arch
12th Posts blog entry titled: "Guccifer 2.0 hacked DCCC" link | arch
12th link | arch
14th Patrick Tucker, writing for Defense One publishes "Russian-Linked Group Leaks US Lawmakers’ Phone Numbers, Emails" - It makes a good, detailed collation of the arguments and assessments that suggest Guccifer2.0 is Russian, is Wikileaks source, is linked to APT-28/APT-29, etc. link | arch
14th link | arch
15th Posts blog entry titled: "DCCC Internal Docs on Primaries in Florida". Posts tweet linking to article (arch). link | arch
19th ThreatConnect publish article titled: "Russian Cyber Operations on Steroids" - Includes good example of a Russian trying to communicate in English. link | arch
21st Posts blog entry titled: "DCCC Docs On Pensylvania". Posts tweet linking to article (arch). link | arch
30th Posts blog entry titled: "DCCC Docs from Pelosi’s PC". Posts tweet linking to article (arch). link | arch
September 2016
2nd ThreatConnect publish article titled "Can A BEAR Fit Down A Rabbit Hole?"

(It includes a perfect example of English language when written by Russians - difficulty with definite articles is a consistent trait rather than being an infrequent flaw, such as we see a lot of the time when Guccifer2 communicates.)
link | arch
2nd link | arch
10th link | arch
11th link | arch
12th Jeffrey Carr publishes article titled: "The Guccifer2.0 Problem at the White House" at Medium. link | arch
12th link | arch
13th Article published titled: "Hacker Guccifer 2.0 Gives Rambling Speech at Cybersecurity Conference" - Includes full transcript of G2's statement for the Cybersecurity Conference. - As you go through the transcript, you'll notice G2 drifts towards increasingly correct usage of definite and indefinite articles. (This suggest his natural/habitual use of language incorporates these - it's a trait he has a harder time obscuring as writing fatigue sets in!) link | arch
15th Posts blog entry titled: "Dems Internal Workings in New Hampshire, Ohio, Illinois, North Carolina" link | arch
22nd link | arch
23rd Posts blog entry title: "Dossier on Ben Ray Lujan". Also posts tweet linking to the article (arch). link | arch
23rd Publishes article titled: "Guccifer 2.0 Releases Hacked Info On Democratic Congressman" by Kevin Collier. link | arch
25th link | arch
October 2016
4th Posts blog entry titled: "Guccifer 2.0 Hacked Clinton Foundation". Also posts tweet linking to article (arch). link | arch
4th link | arch
4th link | arch
5th Sean Gallagher, for arsTechnica, posts article titled: "Guccifer 2.0 posts DCCC docs, says they’re from Clinton Foundation" link | arch
17th link | arch
18th Posts blog entry titled: "Trump’s taxes: Clinton campaign prepares a new provocation". Also posts Tweet linking to the article (arch). link | arch
25th Jeffrey Carr posts article titled: "The Yandex Domain Problem - Or Who In Russian Intelligence Doesn’t Speak Russian?" - Pointing out an apparent anomaly in the behavior of APT-28 aka "Fancy Bear" aka TF4127 in which it uses a Yandex email for phishing, from a Yandex domain typically used when someone registers from outside of Russia. link | arch
November 2016
4th Posts blog entry titled: "Info from inside the FEC: the Democrats may rig the elections" link | arch
4th link | arch
December 2016
8th ThreatConnect's Toni Gidwani provides a presentation for Duo Tech Talks covering ThreatConnect's findings in 2016 and covers details that confirm their assessment, albeit with a little cherry picking from 3rd party media articles where convenient, discounting the lack of Russian traits in the English language flaws of Guccifer2.0 (that is actually covered in the Vice article Toni cited), whom, they assess, may be a committee of Russians. link
29th ODNI/DHS "GRIZZLY STEPPE – Russian Malicious Cyber Activity" Report published. link | arch
January 2017
6th ODNI/DHS "Background to “Assessing Russian Activities and Intentions
in Recent US Elections”: The Analytic Process and Cyber
Incident Attribution" Report published.
link | mirror
12th Post article titled: "Here I am Again, My Friends!" and an accompanying Tweet (arch). link | arch
14th Mike Wendling of the BBC posts an article titled: "Conversations with a hacker: What Guccifer 2.0 told me" detailing messages sent back and forth between Mike and Guccifer2.0 in October 2016. link | arch

(2) Guccifer2.0's Claims Debunked & Discredited

Before looking at intent, motive, conflicting evidence and more, it's important to become aware of a few key facts about Guccifer2.0 and some of the claims he made.

CLAIM: Hacked the DNC's servers - STATUS: Discredited

Guccifer2.0 stated in an interview with Lorenzo Franceschi-Bicchierai (for Motherboard / Vice News) on the 21st of June, that he breached the server using a "0-day exploit of NGP-Van".

ThreatConnect, although still apparently unswayed from their assessment that Guccifer2.0 is a collective of Russians (we'll get on to that topic later in the article) - did report some very useful facts that serve to debunk Guccifer2.0's claims.

a) NGP-Van is a cloud-hosted web-service, the claimed method of breach was concluded "impossible" by ThreatConnect. - It was noted that phishing for credentials would be far more practical for exploiting such a service.

b) He makes claims of lateral movement within the DNC network - but doesn't realize that his effort to match the reporting of Crowdstrike falls down due to his own misinterpretation of that. - CrowdStrike's report mentions lateral movement in terms of the "BEAR" infrastructure across the whole of the Internet rather than movement within the DNC network - it looks like Guccifer2.0 s trying to make claims that correlate with what he has inferred from CrowdStrike's reportage.

c) To quote ThreatConnect at the time (and nothing has been reported to contradict it since): "As it stands now, none of the Guccifer 2.0 breach details can be independently verified".

CLAIM: Wikileaks Source for DNC Mails - STATUS: Not Verified

Guccifer2.0 put considerable effort into trying to convince people he was the source for the DNC email leaks that ended up in the public domain on July 22nd.

He outright claimed it, multiple times.

He made a point of mentioning Wikileaks in his purposeful destruction of his own reputation on October the 4th (a reference to his Clinton Foundation claims and the files he posted supposedly demonstrating the hack) and on October 18th showed he was trying to push a perception of being associated with Wikileaks and responded to a Wikileaks tweet as though it was intended for him personally (when it wasn't).

Going back to the 4th, the supposed "Clinton Foundation Hack" - is also where his claim starts to show cracks.

He stated "I can’t post all databases here for they’re too large. I’m looking for a better way to release them now.".

Why, if he was really the source for the DNC emails, would he be at all struggling to find a solution to get the data published? - Why express this 73 days after the last large batch of data he claims to have acquired was successfully published through Wikileaks?

Even putting seemingly contradictory statements aside - Assange has stated numerous times that the emails were leaked, rather than hacked, in persistent contradiction with Guccifer2.0's claims and there is still nothing independently verifying Guccifer2.0's claims.

CLAIM: Hacked Clinton Foundation - STATUS: Discredited

On October 4th, 2016 - Guccifer2.0 claimed to have hacked the Clinton Foundation. He followed this up by posting an archive containing files that were all from previous leaks and from documents in the public domain.

Ultimately, he has never produced anything that actually shows such a hack had taken place.

These are not all of his lies or unverified claims, far from it, but they are the ones that are critical to know so that the rest of this article makes sense to you. Above all, the first is most important - his claims to breach the DNC turned out to be fantasy.

(3) 3rd Party Assessments - Assumptions & Conjecture vs Evidence & Facts

There is a difference between independently verifiable evidence and the activity somebody claims to have engaged in or that can be fabricated in an effort to misdirect and masquerade as someone they're not. - None of Guccifer2.0's claims of hacking were independently verifiable and several were debunked by ThreatConnect. - There is nothing demonstrating Guccifer2.0 was really a hacker.

The "evidence" that he's Russian, should be understood in the following context:

He CHOSE to name his computer account after the founder of the Soviet Secret Police.
He CHOSE to create/open and then save documents so the Russian name was written to metadata.
He CHOSE to use a Russian VPN service to cloak his IP address.
He CHOSE to use public web-based email services that would forward his cloaked IP.
He CHOSE to use the above to contact various media outlets on the same day.

He covered himself and the files in the digital equivalent of "Made In Russia" labels while claiming to be a Romanian. (Giving the MSM a flimsy veil they could easily pull off and find Russian "fingerprints" behind - not realizing that what they were revealing was a layer of misdirection)

Of course, this concerted effort to appear Russian soon loses it's entertainment value when you consider that the United State Intelligence Community have made assessments that seem to have relied upon some of his apparent masquerade.

They have the tools of the state, dragnets to record large volumes of Internet traffic, an abundance of staff and are well funded by tax payers - yet they've not seen (or worse have chosen to conceal) the fact that Guccifer2.0 is more likely to be a US citizen from Lagrange, GA than being a Russian.

Knowing this and seeing statements in "declassified reports" such as:

"We assess with high confidence that Russian military intelligence (General Staff Main Intelligence Directorate or GRU) used the Guccifer 2.0 persona and to release US victim data obtained in cyber operations publicly and in exclusives to media outlets and relayed material to WikiLeaks."

... is beyond disappointing.

So what independent, verifiable evidence is there?

Basically - Nothing showing he was Wikileaks source. Nothing showing he actually hacked into the DNC (in fact a fair bit to contradict his claims there) & his Russian identity seems to have been based on factors he controlled and appears to have consistently made choices that would make him appear Russian.

Ultimately, Guccifer2.0 was someone who chose to use a Russian VPN (after choosing to taint documents with Russian language) and was noted to have been in possession of a password for a password-protected area of the DCLeaks site (which, plausibly, he could have been given after promising to upload some of his leaks - DCLeaks were willing to give the same password out to the press in exchange for the promise of writing a story about them!)

Pretty much everything stated about him has been based on assumptions, acceptance of questionable admissions and the public have been given little more than conjecture.

Sam Biddle of The Intercept (one of the first people to write about Guccifer2.0 when he emerged) details the problem, in a broader sense, of blaming Russia generally for the hacks in an article released on December 14th 2016, titled: "Here’s the Public Evidence Russia Hacked the DNC — It’s Not Enough". - It covers the fact that the evidence on Guccifer2.0 looks dodgy but doesn't try to determine the intent behind his efforts to deceive and claim credit for hacking the DNC (such as this article is attempting to make clear).

(4) Actions, Consequences & Convenience For Anti-Leak Narratives

In total, the amount of new controversies specifically exposed by Guccifer2.0's actions - was very little.

The documents he posted online were a mixture of some from the public domain (eg. already been published by in 2009), were manipulated copies of research documents originally created by Lauren Dillon (see attachments) and others or were legitimate, unique documents that were of little significant damage to the DNC. (Such as the DCCC documents)

The DCCC documents didn't reveal anything particularly damaging. It did include a list of fundraisers/bundlers but that wasn't likely to cause controversy (the fundraising totals, etc. are likely to end up on sites like OpenSecrets, etc within a year anyway). - It did however trigger 4chan to investigate and a correlation was found between the DNC's best performing bundlers and ambassadorships. - This revelation though, is to be credited to 4chan. - The leaked financial data wasn't, in itself, damaging - and some of the key data will be disclosed publicly in future anyway.

All of his 'leaks' have been over-hyped non-controversies or were already in the public domain - the only exception being the apparent leaking of personal contact numbers and email addresses of 200 Democrats - and really that was more damaging to the reputation of Wikileaks than causing any real problems for Democrats. - Ultimately, it only really served to give the mainstream press the opportunity to announce that "leaked emails include personal details of 200 Democrats", again, seemingly an effort to undermine other leaks being released at the same time by legitimate leak publishers.

(5) Rushing To Be Russian - The Donkey In A Bear Costume Made A Mistake

5a. "Russia-Tainted Metadata" Reportage Mostly Ignored A Key Piece of Metadata

There is a key fact about some non-Russian metadata that nobody seems to have reported and it certainly seems to be of critical importance - and that is the document creation timestamps...

There were multiple documents shared with TheSmokingGun, Gawker, ArsTechnica and others.

The first document, "1.doc" (mirror), was given considerable coverage, while the name "Warren Flood" was reported, the date in the report (rather than in the metadata) was reported and so it was attributed to Warren Flood on 12/19/15.

Gawker incorrectly claimed the metadata showed the document was created in 2015 when it actually indicated the document was created by Warren Flood at a much later date.

The truth is that the metadata shows the document being created 30 minutes before Guccifer2.0 appears to have gotten his hands on it:

Created by Warren Flood on 15th of June at 13:38
Modified by Феликс Эдмундович on 15th of June at 14:08

The other document, "2.doc" (mirror) was not mentioned so much, but it too had interesting metadata:

Created by Warren Flood on 15th of June at 13:38
Modified by Феликс Эдмундович on 15th of June at 14:11

How did this get missed? - My guess is that people who investigated were using MS-Word. Recent versions of MS-Word tend to show limited metadata from RTF1 format files, for example, MS-Word 2010 shows:

If you open "2.doc" in OpenOffice though, you will spot what first alerted me to the timestamp correlations in the first place:

If you look at the raw data of "1.doc" you can see an ever closer correlation:

So... who is Warren Flood? - How did the documents get from Flood creating them to the "hacker" within 30 minutes AND how did that happen when Guccifer2.0 claimed that he had been kicked out of the DNC's systems as of June 12th according to the conversation he had on the 21st of June with Lorenzo Franceschi-Bicchierai for Motherboard/Vice? (An article in which Guccifer2.0 shows he can easily change the identity of the person who last modified the file)

We can answer the first question by looking at Warren Flood's linkedin and facebook profiles.

How Guccifer2.0 apparently acquired and edited the documents in 30 minutes of them apparently being created by Flood AND at a time that he would later claim was AFTER he had been kicked out of the DNC's network... is a question that Warren Flood might be able answer - we can only speculate.

From left-to-right: Joe Biden, Alice McAlexander, Warren Flood, Jill Biden.

While his name may have been relatively unknown to many reading this article, he has worked for Obama for America, the DNC and is no stranger to the White House, as his photograph with Joe and Jill Biden (embedded) suggests.

As for the main file (Trump Opposition Research) - it's basically a copy of a file attached to this leaked email. A document originally authored by Lauren Dillon (DNC research director) and modified (and sent to John Podesta) by Tony Carrk (Research Director at Hillary for America).

As it's clear the original source document was not authored by Flood but the copy pushed through Guccifer2.0 was - it seems odd that Flood's name would be there! - Was he or his company hired to provide technical assistance (possibly to manage the op entirely)? - While re-opening and saving the documents did record the desired Russian metadata, it only did so in relation to the last modification - it seems that Flood's name recorded as the document creator and the time of that occurring were accidently disclosed in the rush to get 'tainted leaks' out to TSG, Gawker, ArsTechnica and others.

5b. Linguistic Assessment - Conflicting "Expert" Reports Necessitate Detailed Analysis

Several experts and their assessments have been cited, Motherboard (Vice) reference 3 such experts but only one appeared willing to be identified. - Carrying out our own analysis (and highlighting the process), we can see why the others may have chosen anonymity - their assessments seem to be limited and pick up on things that in aggregate, Guccifer rarely actually does.

Guccifer2.0 used a "Russian smiley" (")))") ONCE! - This was in one of his first posts. The other thing that made him appear Russian was that he referred to hacks as "deals" a couple of times. - HOWEVER, he ONLY does this in the interview with Motherboard/Vice on the 21st of June - he never repeats this behavior in any other communications - so, it seems it was just put on for the purpose of the interview. - These are the main 2 things pointed out by the anonymous experts and are bizarrely both things he does only in 2 isolated incidents.

Professor M.J. Connolly of the Slavic & Eastern European languages department at Boston University had the most valuable assessment - and could explain the syntactical traits that were missing from Guccifer2.0's writing.

For our own non-expert analysis, details about differences between Russian/Slavonic Languages & English language can be found here, here and here.

As a brief example, TSG article's quoted statements from Guccifer are below. Definite and indefinite article use and prepositions are highlighted:

“I stand against Guccifer's conviction and extradition. I will continue Guccifer's business and will fight all those illuminati the way I can. They should set him free!!!!”

“Hi. This is Guccifer 2.0 and this is me who hacked Democratic National Committee.”

“Guccifer may have been the first one who penetrated Hillary Clinton's and other Democrats' mail servers. But he certainly wasn't the last. No wonder any other hacker could easily get access to the DNC's servers.”

“First I breached into mail boxes of a number of Democrats. And then using the info collected I got into Committee servers.”

Compare this to the use of English language expected from someone who is really a Russian, as demonstrated in this screenshot of a video featured in an article by ThreatConnect on 2nd of September 2016. - The difference is stark to say the least!

It's clear from the above (as well as an analysis of a much larger corpus of Guccifer's words that I have compiled - see below) that he habitually uses definite articles, even when communicating in a live chat with Lorenzo Franceschi-Bicchierai of Vice's Motherboard, he only drops them seldomly. - The amount of instances where his definite and indefinite articles are correctly used (when they are used) is around 96%. - In other words, while he mangles English language selectively, he doesn't do it in a way that is consistent or in the way that is expected from those whose native language is one lacking definite and indefinite articles (such as is true with Russian language).

We never see Guccifer struggle with prepositions either:

He never claimed to hack through a server, or get under security or wait around being detected. His command of prepositions is very strong and he only seldomly drops them.

AUTHOR'S NOTE: As author of this article, I am not pretending to be an expert. I'm just applying some knowledge from the public domain to a large collection of sample data in a manner that demonstrates various factors that relate to the aspects of English language that Russian's would typically struggle with. - To help get a better analysis I have provided the corpus of Guccifer2's text to Professor M.J. Connelly and asked if he would be kind enough to provide his expert opinion on it. - If he responds I will update this artice with his assessment.

(6) Recognizing Intent From Deceptions

When you consider all of these various facts in aggregate and understand that Guccifer2.0 never demonstrated any genuine hacking skills, realize his actions only ever served to undermine leaks, ultimately caused no harm to the reputation of anyone except himself and needlessly and inexplicably gave the mainstream press fodder on which they could write headlines branding leaks as "fake", "discredited", "tainted by Russia", etc., had some non-hacking means of acquiring the DCCC documents and has had his claims of breaching network debunked by ThreatConnect. - It becomes clear that Guccifer2.0 did more to serve the interests of the DNC than act against it and was clearly a fabricated persona acting as part of an effort to discredit the leaks.

While it would have been difficult to expose the identity of Guccifer2.0 if he hadn't mistakently retained his name and document creation date, anyone critically analysing the nature of Guccifer2.0 can see enough to identify whom he was most likely was or was serving through his activities online. - His lack of credibility and the inevitability of his Clinton Foundation server hack 'take' being exposed as nonsense makes it clear that Guccifer2.0 was a psy-op (psychological operation) construct intended to counter the leaks and try to take-down the credibility of Wikileaks as collaterol in the self-destruction of his own reputation.

(7) With Motive & Means - Those More Likely Linked to G2 than Russians

A diagram depicting DNC insiders, the green section looks like it may already be home to Warren Flood thanks to the metadata in Guccifer2.0's earliest leaks, however, he wouldn't have had direct access to all the DCCC documents. - It would therefore seem reasonable that he was working for one of a small group of DNC insiders whom had reputations on the line AND had access to DCCC documents from various states (in the purple section).

It seems like there's a very good chance Warren Flood has involvement to some degree but he personally had nothing to lose due to the emails, so, who would really be behind such a scheme?

That's where I struggle to find answers and have to leave the job up to the expert journalists. I can, unfortunately, only offer conjecture. For what little it's worth, my conjecture on this is as follows:

The motive alone suggests it likely to be someone in the DNC and the means (as demonstrated by the access to DCCC documents) suggest it's someone who would have collated DCCC data from a broad range of states, including some fundraising data - or at least had easy access to such documents. - This gives us enough entropy to single out the leadership of the DNC and those who had something to lose from the emails leaking.

CEO Amy Dacey, CFO Brad Marshall, National Politics Director Raul Alvillar, Communications Director Luis Miranda, Deputy Communications Director Mark Paustenbach and Chair Debbie Wasserman-Shultz - all had their reputations on the line.

Of those five, it seems most probable that Brad Marshall and Raul Alvillar may have handled the sorts of documents that Guccifer2.0 released, though it is conceivable others may have had access to these documents too and considering his past work, it's possible that Flood could have been operating at the behest of anyone in the DNC's leadership right up to the top.

(8) Updates & Inquiries With Third Parties

On or before February 1st, 2017 - the following people were emailed with requests for any information they could provide on Guccifer2.0 that had not already been included in their previous reports and explained that I was trying to be exhaustive in case there is anything that may conflict with a conclusion I had reached:

The following individuals were contacted with queries on various topics covered in the article during the past fortnight: