Date Source Activity Links
June 2016
12th In an interview aired by ITV (one of the most popular terrestrial TV channels in the UK), Assange stated: "we have upcoming leaks in relation to Hillary Clinton which are great" and, when pressed whether WL had stuff "not yet in the public domain", confirmed "we have emails related to Hillary Clinton which are pending publication. That is correct."

So the Democratic National Committee, Clinton's campaign and Crowdstrike - along with the rest of the world - knew a major damage limitation operation would be required soon.
link | arch
14th DNC release a statement explaining that they've discovered their servers were hacked. - They make mention of "Trump Opposition Research".
(Article also demonstrates WAPO treating "pied-piper" Trump seriously at this stage in primaries)
link | arch
14th Crowd Strike produce a report onmalware that they found on the DNC's server during an investigation in May, evidence suggests the malware was injected by Russians. link | arch
15th Crowd Strike update a report onmalware that they found on the DNC's server during an investigation in May, evidence suggests the malware was injected by Russians. link | arch
15th Someone choosing to adopt the name of hacker recently in the news ("Guccifer", whom was in court the previous month), steps forward, calling himself Guccifer2.0 and claiming responsibility for the hack. He affirms the DNC statement and claims to be a source for Wikileaks. The first 5 documents he posts are purposefully tainted with 'Russian Fingerprints' and the first of those documents just so happens to be the "Trump Opposition Research" the DNC announce on the previous day. link | arch
15th TheSmokingGun publishes article "DNC Hacker Releases Trump Oppo Report" by William Bastone, detailing an email they received from Guccifer2.0 claiming responsibility for the DNC hack - provding a document more damaging to Trump than the DNC as initial proof of being responsible for the breach. link | arch
15th Gawker also report that they've received files from Guccifer2.0 in an article title: "This Looks Like the DNC's Hacked Trump Oppo File" link | arch
16th ArsTechnica publish article titled: "Lone wolf claims responsibility for DNC hack, dumps purported Trump smear file" link | arch
16th ArsTechnica publish article titled: "“Guccifer” leak of DNC Trump research has a Russian’s fingerprints on it" link | arch
17th Gawker post an article titled: "Contrary to DNC Claim, Hacked Data Contains a Ton of Personal Donor Information". It mentions that documents that they are provided include the names: "Ernesto Che" and "Felix Edmundovich" in the metadata. link | arch
17th ThreatConnect publish report titled "Rebooting Watergate: Tapping into the Democratic National Committee" link | arch
17th TSG publish article titled: "DNC Financial Records Stolen By 'Guccifer 2.0'" link | arch
18th Posts blog entry titled: "New docs from DNC network: lots of financial reports and donors’ personal data" - Seems there's an intent to focus on the fact it has "personal" data, to quote G2: "including e-mail addresses and private cell phone numbers. Ha! Ha! Ha!" link | arch
20th link | arch
20th link | arch
20th Post blog entry titled: "Dossier on Hillary Clinton from DNC. Expect It". Promises to deliver on 21st June. Posts 2 screenshots of a memo (that looks like it was sent to a broad list of people anyway) with everything but a header blurred out showing the email purportedly from Brian Fallon acting as Press Secretary for HFA. Posts tweet linking to article. link | arch
21st Article published titled "We Spoke to DNC Hacker 'Guccifer 2.0'" by Lorenzo Franceschi-Bicchierai. link | arch
21st Articled published titled "Here's the Full Transcript of Our Interview With DNC Hacker 'Guccifer 2.0'" by Lorenzo Franceschi-Bicchierai. link | arch
21st Post blog entry title: "Dossier on Hillary Clinton from DNC" - Containing links to various, widely circulated and non-classified documents relating to the DNC and HRC. - Posted tweet linking to article. link | arch
21st TSG publishes article titled: "DNC Researched Clinton Speeches, Travel Records" link | arch
22nd Posts blog entry titled: "Want to know more about Guccifer 2.0?" link | arch
22nd link | arch
22nd link | arch
23rd Article published titled: "Why Does DNC Hacker 'Guccifer 2.0' Talk Like This?" posted by Lorenzo Franceschi-Bicchierai. Includes language analysis assessments from 3 different individuals. (We check out all of these claims and Guccifer2.0's overall use of language as well as look in more detail at the differences in language construction rather than just take assessments at face value) link | arch
27th Guccifer 2.0 communicates with Cassandra Fairbanks. link
29th ThreatConnect publishes article titled: "The Shiйy ФbjЭkt?" / "Shiny Object? Guccifer 2.0 and the DNC Breach" link | arch
29th link | arch
30th Posts blog entry titled: "FAQ from Guccifer 2.0" link | arch
July 2016
4th link | arch
5th

6:45 PM EDT - Guccifer 2 NGP/VAN documents acquired

See: https://theforensicator.wordpress.com/

link
6th Posts blog entry titled: "Trumpocalypse and other DNC plans for July". Posts tweet linking to article. link | arch
7th link | arch
7th ThreatConnect publish article titled: "What's in a Name Server?" link | arch
8th link | arch
8th link | arch
8th Guccifer 2.0 communicates with Cassandra Fairbanks. link
10th Seth Rich murdered. - There are some who suspect Seth Rich may be related to the leaks. - This article isn't concerned with trying to support or refute that claim, we are only including this for sake of reference in the timeline. link | arch
11th link | arch
14th Posts blog entry titled: "New DNC docs" link | arch
17th link | arch
19th link | arch
19th link | arch
19th link | arch
19th link | arch
19th link | arch
19th link | arch
20th ThreatConnect publish report titled: "Guccifer 2.0: the Man, the Myth, the Legend? " link | arch
22nd Wikileaks start publishing the DNC emails. link | arch
22nd link | arch
26th Kevin Collier of Vocativ publishes article "Guccifer 2.0 Is Likely A Russian Begging Us To Write About DNC Hack" link | arch
26th Joe Uchill of The Hill posts article: "Evidence mounts linking DNC email hacker to Russia" and cites an email he shared with ThreatConnect from which they identify G2 is using a Russian VPN service. link | arch
26th ThreatConnect publish report titled "Guccifer 2.0: All Roads Lead to Russia" link | arch
27th

TAIA Global release a brief (and questionable) analysis asserting that Guccifer2.0 is likely Russian for a variety of contrived reasons quite a few of which require contorting through statistical likelihoods of noun usage between Russian and Romanian languages.

I think this particular effort was well intentioned but was heavily dependent on mathematical parameters (frequencies, averages, etc of word types, etc.) that made it insufficient to draw strong conclusions from in the way that an analysis of langauge flow, sentence construction and frequency of syntactical errors can provide.

arch only
29th ThreatConnect publish report titled "FANCY BEAR Has an (IT) Itch that They Can't Scratch" link | arch
August 2016
12th TSG Publish article by William Bastone titled: "Tracking The Hackers Who Hit DNC, Clinton". link | arch
12th TSG Publish article titled: "Hacker Publishes List Of Cell Phone Numbers, Private E-Mails For Most House Democrats" link | arch
12th ThreatConnect publish report titled "Does a BEAR Leak In The Woods?" link | arch
12th Posts blog entry titled: "Guccifer 2.0 hacked DCCC" link | arch
12th link | arch
12th link | arch
14th Patrick Tucker, writing for Defense One publishes "Russian-Linked Group Leaks US Lawmakers’ Phone Numbers, Emails" - It makes a good, detailed collation of the arguments and assessments that suggest Guccifer2.0 is Russian, is Wikileaks source, is linked to APT-28/APT-29, etc. link | arch
14th link | arch
15th Posts blog entry titled: "DCCC Internal Docs on Primaries in Florida". Posts tweet linking to article (arch). link | arch
15th link | arch
15th Guccifer 2.0 communicates with Robbin Young.EVIDENCE DISPUTED: DMs may be manipulated or manufactured. link
15th Guccifer 2.0 communicates with Roger Stone. link
16th Guccifer 2.0 communicates with Robbin Young.EVIDENCE DISPUTED: DMs may be manipulated or manufactured. link
17th Guccifer 2.0 communicates with Roger Stone. link
17th link | arch
19th ThreatConnect publish article titled: "Russian Cyber Operations on Steroids" - Includes good example of a Russian trying to communicate in English. link | arch
21st Guccifer 2.0 communicates with Cassandra Fairbanks. link
21st Guccifer 2.0 communicates with Robbin Young.EVIDENCE DISPUTED: DMs may be manipulated or manufactured. link
21st Posts blog entry titled: "DCCC Docs On Pensylvania". Posts tweet linking to article (arch). link | arch
25th Guccifer 2.0 communicates with Robbin Young.EVIDENCE DISPUTED: DMs may be manipulated or manufactured. link
30th Guccifer 2.0 communicates with Robbin Young.EVIDENCE DISPUTED: DMs may be manipulated or manufactured. link
30th Posts blog entry titled: "DCCC Docs from Pelosi’s PC". Posts tweet linking to article (arch). link | arch
30th link | arch
September 2016
1st

12:00 PM - 4:00 PM EDT - Material for Guccifer 2 ngp-van 7zip file collected

See: https://theforensicator.wordpress.com/

link
2nd ThreatConnect publish article titled "Can A BEAR Fit Down A Rabbit Hole?"

(It includes a perfect example of English language when written by Russians - difficulty with definite articles is a consistent trait rather than being an infrequent flaw, such as we see a lot of the time when Guccifer2 communicates.)
link | arch
2nd link | arch
2nd link | arch
2nd Guccifer 2.0 communicates with Cassandra Fairbanks. link
7th link | arch
9th Guccifer 2.0 communicates with Roger Stone. link
10th link | arch
11th link | arch
12th Jeffrey Carr publishes article titled: "The Guccifer2.0 Problem at the White House" at Medium. link | arch
12th link | arch
13th

Guccifer 2 releases NGP/VAN 7zip file

See: https://theforensicator.wordpress.com/

link
13th Article published titled: "Hacker Guccifer 2.0 Gives Rambling Speech at Cybersecurity Conference" - Includes full transcript of G2's statement for the Cybersecurity Conference. - As you go through the transcript, you'll notice G2 drifts towards increasingly correct usage of definite and indefinite articles. (This suggest his natural/habitual use of language incorporates these - it's a trait he has a harder time obscuring as writing fatigue sets in!) link | arch
15th Posts blog entry titled: "Dems Internal Workings in New Hampshire, Ohio, Illinois, North Carolina" link | arch
22nd link | arch
23rd Posts blog entry title: "Dossier on Ben Ray Lujan". Also posts tweet linking to the article (arch). link | arch
23rd Publishes article titled: "Guccifer 2.0 Releases Hacked Info On Democratic Congressman" by Kevin Collier. link | arch
25th link | arch
25th link | arch
25th link | arch
25th link | arch
25th link | arch
October 2016
4th Posts blog entry titled: "Guccifer 2.0 Hacked Clinton Foundation". Also posts tweet linking to article (arch). link | arch
4th link | arch
4th link | arch
4th link | arch
4th link | arch
4th link | arch
5th Sean Gallagher, for arsTechnica, posts article titled: "Guccifer 2.0 posts DCCC docs, says they’re from Clinton Foundation" link | arch
17th link | arch
18th Posts blog entry titled: "Trump’s taxes: Clinton campaign prepares a new provocation". Also posts Tweet linking to the article (arch). link | arch
25th Jeffrey Carr posts article titled: "The Yandex Domain Problem - Or Who In Russian Intelligence Doesn’t Speak Russian?" - Pointing out an apparent anomaly in the behavior of APT-28 aka "Fancy Bear" aka TF4127 in which it uses a Yandex email for phishing, from a Yandex domain typically used when someone registers from outside of Russia. link | arch
November 2016
4th Posts blog entry titled: "Info from inside the FEC: the Democrats may rig the elections" link | arch
4th link | arch
December 2016
8th ThreatConnect's Toni Gidwani provides a presentation for Duo Tech Talks covering ThreatConnect's findings in 2016 and covers details that confirm their assessment, albeit with a little cherry picking from 3rd party media articles where convenient, discounting the lack of Russian traits in the English language flaws of Guccifer2.0 (that is actually covered in the Vice article Toni cited), whom, they assess, may be a committee of Russians. link
29th ODNI/DHS "GRIZZLY STEPPE – Russian Malicious Cyber Activity" Report published. link | arch
January 2017
6th ODNI/DHS "Background to “Assessing Russian Activities and Intentions
in Recent US Elections”: The Analytic Process and Cyber
Incident Attribution" Report published.
link | mirror
12th Post article titled: "Here I am Again, My Friends!" and an accompanying Tweet (arch). link | arch
14th Mike Wendling of the BBC posts an article titled: "Conversations with a hacker: What Guccifer 2.0 told me" detailing messages sent back and forth between Mike and Guccifer2.0 in October 2016. link | arch
February 2017
8th Adam Carter releases "Guccifer2.0: Game Over", the article you are currently reading. -
10th ODNI/DHS release "Enhanced Analysis of Grizzly Steppe Activity", Guccifer2.0 is only referenced in relation to ThreatConnect tracing him to a Russian VPN. This, however, is unduly conflated with APT28. link | arch
17th tvor_22 posts article highlighting the flaws in reporting on Guccifer2.0 and reports on a discovery made concerning matching RSIDs found in several documents (suggesting the "Russian Fingerprints" may have been applied to several of the documents in an intentional manner.) link | arch
22nd Dave Levinthal of PublicIntegrity.org tweets a screenshot of an email from the FEC's Information Office originally from November 4th in relation to Guccifer2.0's claims to have acquired information from inside the FEC. link | arch
March 2017
5th Publishes article titled: "Hunting the DNC hackers: how Crowdstrike found proof Russia hacked the Democrats" link | arch
8th tvor_22 posts article titled "This Fancy Bear's House is Made of Cards: Russian Fools or Russian Frame-Up" covering the topics of DCLeaks, APT28 and Guccifer 2.0. link | arch
April 2017
3rd Steve Cunningham has an article published in The Gateway Pundit highlighting assumptions made in Thomas Ridt's testimony as well as covering a part of a Twitter DM conversation in which Guccifer 2.0 makes a statement about Seth Rich to Robbin Young. link | arch
8th Picking up from Steve Cunningham's observation about the DMs with Robbin Young, Adam Carter writes an article highlighting parts of Guccifer 2.0's conversation with Robbin in which he attributes himself to Seth and slanders both Julian Assange and Edward Snowden. link
11th Steve Cunningham published in The American Thinker covering Kevin Mandia (of FireEye) concession that there is no evidence linking Guccifer 2.0 to the DNC hack. link | arch
May 2017
25th Article title: "Florida GOP consultant admits he worked with Guccifer 2.0, analyzing hacked data" - A recycling of an article originally out in December, main difference, it's a GOP operative called Aaron Nevins rather than the pseudonym "Mark Mieword". link | arch
July 2017
5th The Washington Post publishes an article titled: "Hacked computer server that handled DNC email remains out of reach of Russia investigators" - CrowdStrike, in an attempt to defend themselves, cite disk-images given to the FBI, what they don't say, is whether those images covered the point in time when the emails were exfiltrated from the DNC's network (and it's very likely they don't). link | arch
9th The Forensicator emerges and publishes his first article titled "Guccifer 2.0 NGP/VAN Metadata Analysis" link | arch
14th publishes "Just Six Days After Trump Jr.’s Meeting, Guccifer 2.0 Emailed Me — But There Was One Key Difference" - Pulling Rob Goldstone into the mix on the basis that the Clinton/Russia stuff offered (by a Brit) was a few days apart from Guccifer 2.0's activities. link | arch