| Date |
Source |
Activity |
Links |
June 2016 |
| 12th |
 |
In an interview aired by ITV (one of the most popular terrestrial TV channels in the UK), Assange stated: "we have upcoming leaks in relation to Hillary Clinton which are great" and, when pressed whether WL had stuff "not yet in the public domain", confirmed "we have emails related to Hillary Clinton which are pending publication. That is correct."
So the Democratic National Committee, Clinton's campaign and Crowdstrike - along with the rest of the world - knew a major damage limitation operation would be required soon. |
link | arch |
| 14th |
 |
DNC release a statement explaining that they've discovered their servers were hacked. - They make mention of "Trump Opposition Research".
(Article also demonstrates WAPO treating "pied-piper" Trump seriously at this stage in primaries) |
link | arch |
| 14th |
 |
Crowd Strike produce a report onmalware that they found on the DNC's server during an investigation in May, evidence suggests the malware was injected by Russians. |
link | arch |
| 15th |
|
Crowd Strike update a report onmalware that they found on the DNC's server during an investigation in May, evidence suggests the malware was injected by Russians. |
link | arch |
| 15th |
 |
Someone choosing to adopt the name of hacker recently in the news ("Guccifer", whom was in court the previous month), steps forward, calling himself Guccifer2.0 and claiming responsibility for the hack. He affirms the DNC statement and claims to be a source for Wikileaks. The first 5 documents he posts are purposefully tainted with 'Russian Fingerprints' and the first of those documents just so happens to be the "Trump Opposition Research" the DNC announce on the previous day. |
link | arch |
| 15th |
 |
TheSmokingGun publishes article "DNC Hacker Releases Trump Oppo Report" by William Bastone, detailing an email they received from Guccifer2.0 claiming responsibility for the DNC hack - provding a document more damaging to Trump than the DNC as initial proof of being responsible for the breach. |
link | arch |
| 15th |
 |
Gawker also report that they've received files from Guccifer2.0 in an article title: "This Looks Like the DNC's Hacked Trump Oppo File" |
link | arch |
| 16th |
 |
ArsTechnica publish article titled: "Lone wolf claims responsibility for DNC hack, dumps purported Trump smear file" |
link | arch |
| 16th |
|
ArsTechnica publish article titled: "“Guccifer” leak of DNC Trump research has a Russian’s fingerprints on it" |
link | arch |
| 17th |
|
Gawker post an article titled: "Contrary to DNC Claim, Hacked Data Contains a Ton of Personal Donor Information". It mentions that documents that they are provided include the names: "Ernesto Che" and "Felix Edmundovich" in the metadata. |
link | arch |
| 17th |
 |
ThreatConnect publish report titled "Rebooting Watergate: Tapping into the Democratic National Committee" |
link | arch |
| 17th |
|
TSG publish article titled: "DNC Financial Records Stolen By 'Guccifer 2.0'" |
link | arch |
| 18th |
|
Posts blog entry titled: "New docs from DNC network: lots of financial reports and donors’ personal data" - Seems there's an intent to focus on the fact it has "personal" data, to quote G2: "including e-mail addresses and private cell phone numbers. Ha! Ha! Ha!" |
link | arch |
| 20th |
|
|
link | arch |
| 20th |
|
|
link | arch |
| 20th |
|
Post blog entry titled: "Dossier on Hillary Clinton from DNC. Expect It". Promises to deliver on 21st June. Posts 2 screenshots of a memo (that looks like it was sent to a broad list of people anyway) with everything but a header blurred out showing the email purportedly from Brian Fallon acting as Press Secretary for HFA. Posts tweet linking to article. |
link | arch |
| 21st |
 |
Article published titled "We Spoke to DNC Hacker 'Guccifer 2.0'" by Lorenzo Franceschi-Bicchierai. |
link | arch |
| 21st |
|
Articled published titled "Here's the Full Transcript of Our Interview With DNC Hacker 'Guccifer 2.0'" by Lorenzo Franceschi-Bicchierai. |
link | arch |
| 21st |
|
Post blog entry title: "Dossier on Hillary Clinton from DNC" - Containing links to various, widely circulated and non-classified documents relating to the DNC and HRC. - Posted tweet linking to article. |
link | arch |
| 21st |
|
TSG publishes article titled: "DNC Researched Clinton Speeches, Travel Records" |
link | arch |
| 22nd |
|
Posts blog entry titled: "Want to know more about Guccifer 2.0?" |
link | arch |
| 22nd |
|
|
link | arch |
| 22nd |
|
|
link | arch |
| 23rd |
|
Article published titled: "Why Does DNC Hacker 'Guccifer 2.0' Talk Like This?" posted by Lorenzo Franceschi-Bicchierai. Includes language analysis assessments from 3 different individuals. (We check out all of these claims and Guccifer2.0's overall use of language as well as look in more detail at the differences in language construction rather than just take assessments at face value) |
link | arch |
| 27th |
 |
Guccifer 2.0 communicates with Cassandra Fairbanks. |
link |
| 29th |
|
ThreatConnect publishes article titled: "The Shiйy ФbjЭkt?" / "Shiny Object? Guccifer 2.0 and the DNC Breach" |
link | arch |
| 29th |
|
|
link | arch |
| 30th |
|
Posts blog entry titled: "FAQ from Guccifer 2.0" |
link | arch |
July 2016 |
| 4th |
|
|
link | arch |
| 5th |
 |
6:45 PM EDT - Guccifer 2 NGP/VAN documents acquired
See: https://theforensicator.wordpress.com/ |
link |
| 6th |
|
Posts blog entry titled: "Trumpocalypse and other DNC plans for July". Posts tweet linking to article. |
link | arch |
| 7th |
|
|
link | arch |
| 7th |
|
ThreatConnect publish article titled: "What's in a Name Server?" |
link | arch |
| 8th |
|
|
link | arch |
| 8th |
|
|
link | arch |
| 8th |
|
Guccifer 2.0 communicates with Cassandra Fairbanks. |
link |
| 10th |
 |
Seth Rich murdered. - There are some who suspect Seth Rich may be related to the leaks. - This article isn't concerned with trying to support or refute that claim, we are only including this for sake of reference in the timeline. |
link | arch |
| 11th |
|
|
link | arch |
| 14th |
|
Posts blog entry titled: "New DNC docs" |
link | arch |
| 17th |
|
|
link | arch |
| 19th |
|
|
link | arch |
| 19th |
|
|
link | arch |
| 19th |
|
|
link | arch |
| 19th |
|
|
link | arch |
| 19th |
|
|
link | arch |
| 19th |
|
|
link | arch |
| 20th |
|
ThreatConnect publish report titled: "Guccifer 2.0: the Man, the Myth, the Legend? " |
link | arch |
| 22nd |
|
Wikileaks start publishing the DNC emails. |
link | arch |
| 22nd |
|
|
link | arch |
| 26th |
 |
Kevin Collier of Vocativ publishes article "Guccifer 2.0 Is Likely A Russian Begging Us To Write About DNC Hack" |
link | arch |
| 26th |
 |
Joe Uchill of The Hill posts article: "Evidence mounts linking DNC email hacker to Russia" and cites an email he shared with ThreatConnect from which they identify G2 is using a Russian VPN service. |
link | arch |
| 26th |
|
ThreatConnect publish report titled "Guccifer 2.0: All Roads Lead to Russia" |
link | arch |
| 27th |
|
TAIA Global release a brief (and questionable) analysis asserting that Guccifer2.0 is likely Russian for a variety of contrived reasons quite a few of which require contorting through statistical likelihoods of noun usage between Russian and Romanian languages.
I think this particular effort was well intentioned but was heavily dependent on mathematical parameters (frequencies, averages, etc of word types, etc.) that made it insufficient to draw strong conclusions from in the way that an analysis of langauge flow, sentence construction and frequency of syntactical errors can provide. |
arch only |
| 29th |
|
ThreatConnect publish report titled "FANCY BEAR Has an (IT) Itch that They Can't Scratch" |
link | arch |
August 2016 |
| 12th |
|
TSG Publish article by William Bastone titled: "Tracking The Hackers Who Hit DNC, Clinton". |
link | arch |
| 12th |
|
TSG Publish article titled: "Hacker Publishes List Of Cell Phone Numbers, Private E-Mails For Most House Democrats" |
link | arch |
| 12th |
|
ThreatConnect publish report titled "Does a BEAR Leak In The Woods?" |
link | arch |
| 12th |
|
Posts blog entry titled: "Guccifer 2.0 hacked DCCC" |
link | arch |
| 12th |
|
|
link | arch |
| 12th |
|
|
link | arch |
| 14th |
 |
Patrick Tucker, writing for Defense One publishes "Russian-Linked Group Leaks US Lawmakers’ Phone Numbers, Emails" - It makes a good, detailed collation of the arguments and assessments that suggest Guccifer2.0 is Russian, is Wikileaks source, is linked to APT-28/APT-29, etc. |
link | arch |
| 14th |
|
|
link | arch |
| 15th |
|
Posts blog entry titled: "DCCC Internal Docs on Primaries in Florida". Posts tweet linking to article (arch). |
link | arch |
| 15th |
|
|
link | arch |
| 15th |
 |
Guccifer 2.0 communicates with Robbin Young.EVIDENCE DISPUTED: DMs may be manipulated or manufactured. |
link |
| 15th |
 |
Guccifer 2.0 communicates with Roger Stone. |
link |
| 16th |
|
Guccifer 2.0 communicates with Robbin Young.EVIDENCE DISPUTED: DMs may be manipulated or manufactured. |
link |
| 17th |
|
Guccifer 2.0 communicates with Roger Stone. |
link |
| 17th |
|
|
link | arch |
| 19th |
|
ThreatConnect publish article titled: "Russian Cyber Operations on Steroids" - Includes good example of a Russian trying to communicate in English. |
link | arch |
| 21st |
|
Guccifer 2.0 communicates with Cassandra Fairbanks. |
link |
| 21st |
|
Guccifer 2.0 communicates with Robbin Young.EVIDENCE DISPUTED: DMs may be manipulated or manufactured. |
link |
| 21st |
|
Posts blog entry titled: "DCCC Docs On Pensylvania". Posts tweet linking to article (arch). |
link | arch |
| 25th |
|
Guccifer 2.0 communicates with Robbin Young.EVIDENCE DISPUTED: DMs may be manipulated or manufactured. |
link |
| 30th |
|
Guccifer 2.0 communicates with Robbin Young.EVIDENCE DISPUTED: DMs may be manipulated or manufactured. |
link |
| 30th |
|
Posts blog entry titled: "DCCC Docs from Pelosi’s PC". Posts tweet linking to article (arch). |
link | arch |
| 30th |
|
|
link | arch |
September 2016 |
| 1st |
|
12:00 PM - 4:00 PM EDT - Material for Guccifer 2 ngp-van 7zip file collected
See: https://theforensicator.wordpress.com/ |
link |
| 2nd |
|
ThreatConnect publish article titled "Can A BEAR Fit Down A Rabbit Hole?"
(It includes a perfect example of English language when written by Russians - difficulty with definite articles is a consistent trait rather than being an infrequent flaw, such as we see a lot of the time when Guccifer2 communicates.) |
link | arch |
| 2nd |
|
|
link | arch |
| 2nd |
|
|
link | arch |
| 2nd |
|
Guccifer 2.0 communicates with Cassandra Fairbanks. |
link |
| 7th |
|
|
link | arch |
| 9th |
|
Guccifer 2.0 communicates with Roger Stone. |
link |
| 10th |
|
|
link | arch |
| 11th |
|
|
link | arch |
| 12th |
 |
Jeffrey Carr publishes article titled: "The Guccifer2.0 Problem at the White House" at Medium. |
link | arch |
| 12th |
|
|
link | arch |
| 13th |
|
Guccifer 2 releases NGP/VAN 7zip file
See: https://theforensicator.wordpress.com/ |
link |
| 13th |
|
Article published titled: "Hacker Guccifer 2.0 Gives Rambling Speech at Cybersecurity Conference" - Includes full transcript of G2's statement for the Cybersecurity Conference. - As you go through the transcript, you'll notice G2 drifts towards increasingly correct usage of definite and indefinite articles. (This suggest his natural/habitual use of language incorporates these - it's a trait he has a harder time obscuring as writing fatigue sets in!) |
link | arch |
| 15th |
|
Posts blog entry titled: "Dems Internal Workings in New Hampshire, Ohio, Illinois, North Carolina" |
link | arch |
| 22nd |
|
|
link | arch |
| 23rd |
|
Posts blog entry title: "Dossier on Ben Ray Lujan". Also posts tweet linking to the article (arch). |
link | arch |
| 23rd |
|
Publishes article titled: "Guccifer 2.0 Releases Hacked Info On Democratic Congressman" by Kevin Collier. |
link | arch |
| 25th |
|
|
link | arch |
| 25th |
|
|
link | arch |
| 25th |
|
|
link | arch |
| 25th |
|
|
link | arch |
| 25th |
|
|
link | arch |
October 2016 |
| 4th |
|
Posts blog entry titled: "Guccifer 2.0 Hacked Clinton Foundation". Also posts tweet linking to article (arch). |
link | arch |
| 4th |
|
|
link | arch |
| 4th |
|
|
link | arch |
| 4th |
|
|
link | arch |
| 4th |
|
|
link | arch |
| 4th |
|
|
link | arch |
| 5th |
|
Sean Gallagher, for arsTechnica, posts article titled: "Guccifer 2.0 posts DCCC docs, says they’re from Clinton Foundation" |
link | arch |
| 17th |
|
|
link | arch |
| 18th |
|
Posts blog entry titled: "Trump’s taxes: Clinton campaign prepares a new provocation". Also posts Tweet linking to the article (arch). |
link | arch |
| 25th |
|
Jeffrey Carr posts article titled: "The Yandex Domain Problem - Or Who In Russian Intelligence Doesn’t Speak Russian?" - Pointing out an apparent anomaly in the behavior of APT-28 aka "Fancy Bear" aka TF4127 in which it uses a Yandex email for phishing, from a Yandex domain typically used when someone registers from outside of Russia. |
link | arch |
November 2016 |
| 4th |
|
Posts blog entry titled: "Info from inside the FEC: the Democrats may rig the elections" |
link | arch |
| 4th |
|
|
link | arch |
December 2016 |
| 8th |
|
ThreatConnect's Toni Gidwani provides a presentation for Duo Tech Talks covering ThreatConnect's findings in 2016 and covers details that confirm their assessment, albeit with a little cherry picking from 3rd party media articles where convenient, discounting the lack of Russian traits in the English language flaws of Guccifer2.0 (that is actually covered in the Vice article Toni cited), whom, they assess, may be a committee of Russians. |
link
|
| 29th |
 |
ODNI/DHS "GRIZZLY STEPPE – Russian Malicious Cyber Activity" Report published. |
link | arch |
January 2017 |
| 6th |
|
ODNI/DHS "Background to “Assessing Russian Activities and Intentions
in Recent US Elections”: The Analytic Process and Cyber
Incident Attribution" Report published. |
link | mirror |
| 12th |
|
Post article titled: "Here I am Again, My Friends!" and an accompanying Tweet (arch). |
link | arch |
| 14th |
 |
Mike Wendling of the BBC posts an article titled: "Conversations with a hacker: What Guccifer 2.0 told me" detailing messages sent back and forth between Mike and Guccifer2.0 in October 2016. |
link | arch |
February 2017 |
| 8th |
 |
Adam Carter releases "Guccifer2.0: Game Over", the article you are currently reading. |
- |
| 10th |
|
ODNI/DHS release "Enhanced Analysis of Grizzly Steppe Activity", Guccifer2.0 is only referenced in relation to ThreatConnect tracing him to a Russian VPN. This, however, is unduly conflated with APT28. |
link | arch |
| 17th |
 |
tvor_22 posts article highlighting the flaws in reporting on Guccifer2.0 and reports on a discovery made concerning matching RSIDs found in several documents (suggesting the "Russian Fingerprints" may have been applied to several of the documents in an intentional manner.) |
link | arch |
| 22nd |
 |
Dave Levinthal of PublicIntegrity.org tweets a screenshot of an email from the FEC's Information Office originally from November 4th in relation to Guccifer2.0's claims to have acquired information from inside the FEC. |
link | arch |
March 2017 |
| 5th |
 |
Publishes article titled: "Hunting the DNC hackers: how Crowdstrike found proof Russia hacked the Democrats" |
link | arch |
| 8th |
|
tvor_22 posts article titled "This Fancy Bear's House is Made of Cards: Russian Fools or Russian Frame-Up" covering the topics of DCLeaks, APT28 and Guccifer 2.0. |
link | arch |
April 2017 |
| 3rd |
 |
Steve Cunningham has an article published in The Gateway Pundit highlighting assumptions made in Thomas Ridt's testimony as well as covering a part of a Twitter DM conversation in which Guccifer 2.0 makes a statement about Seth Rich to Robbin Young. |
link | arch |
| 8th |
|
Picking up from Steve Cunningham's observation about the DMs with Robbin Young, Adam Carter writes an article highlighting parts of Guccifer 2.0's conversation with Robbin in which he attributes himself to Seth and slanders both Julian Assange and Edward Snowden. |
link |
| 11th |
 |
Steve Cunningham published in The American Thinker covering Kevin Mandia (of FireEye) concession that there is no evidence linking Guccifer 2.0 to the DNC hack. |
link | arch |
May 2017 |
| 25th |
|
Article title: "Florida GOP consultant admits he worked with Guccifer 2.0, analyzing hacked data" - A recycling of an article originally out in December, main difference, it's a GOP operative called Aaron Nevins rather than the pseudonym "Mark Mieword". |
link | arch |
July 2017 |
| 5th |
 |
The Washington Post publishes an article titled: "Hacked computer server that handled DNC email remains out of reach of Russia investigators" - CrowdStrike, in an attempt to defend themselves, cite disk-images given to the FBI, what they don't say, is whether those images covered the point in time when the emails were exfiltrated from the DNC's network (and it's very likely they don't). |
link | arch |
| 9th |
|
The Forensicator emerges and publishes his first article titled "Guccifer 2.0 NGP/VAN Metadata Analysis" |
link | arch |
| 14th |
 |
publishes "Just Six Days After Trump Jr.’s Meeting, Guccifer 2.0 Emailed Me — But There Was One Key Difference" - Pulling Rob Goldstone into the mix on the basis that the Clinton/Russia stuff offered (by a Brit) was a few days apart from Guccifer 2.0's activities. |
link | arch |
| |
|
|
|