Sloppy VPN mistake reportedly exposed DNC hacker as Russian spy

Even Russian spies apparently make mistakes when it comes to VPNs.

Like Guccifer 2.0, the self-proclaimed hacker apparently responsible for burrowing into the Democratic National Committee computer network, then sending stolen emails to WikiLeaks.

According to a new report by The Daily Beast, Guccifer, who'd long been presenting as a solo, independent hacker from Romania, infiltrating the DNC, has reportedly been exposed as working from Russia. And they would have got away with it if it wasn't for a damn VPN.

The Guccifer persona apparently neglected to switch on the VPN client before logging on once.

As a result," the report reads, "he left a real, Moscow-based Internet Protocol address in the server logs of an American social media company, according to a source familiar with the government’s Guccifer investigation."

Yep, Moscow.

U.S. investigators used that IP address to connect Guccifer to a Russian foreign military intelligence agency known as GRU, according to the Daily Beast's sources.

It's important to note that this claim hasn't been confirmed by the U.S. government. In January 2017, U.S. intelligence officials linked Guccifer 2.0 to the Russian spying agency with "high confidence," but didn't confirm the link unequivocally.

Guccifer 2.0 leaked DNC materials to Wikileaks and pretty much any GOP operative that wanted the goods. The hack exposed embarrassing details about Hillary Clinton's campaign and the DNC's inner workings. It was a boon for President Donald Trump ahead of the election.

Finding a link between Russia and the DNC hack was a priority for U.S. investigators from the start. Kyle Ehmke, an intelligence researcher at cyber security firm ThreatConnect who previously led an investigation into Guccifer's identity, told the Daily Beast ThreatConnect tried to track the persona through their email metadata — which always led them to a French data centre.

"Almost immediately various cyber security companies and individuals were skeptical of Guccifer 2.0 and the backstory that he had generated for himself,” Ehmke told the publisher.

“We started seeing these inconsistencies that led back to the idea that he was created hastily … by the individual or individuals that affected the DNC compromise."

Guccifer was reportedly using a service called Elite VPN, which indeed existed in France — but had Russian headquarters. Then, it was a case of Robert Mueller and his team tracking the one-off IP address to none other than GRU HQ on Grizodubovoy Street in Moscow.

VPNs huh?

UPDATE: March 28, 2018, 12:19 p.m. AEDT This story has been updated to reflect that Kyle Ehmke was discussing previous investigations on behalf of ThreatConnect into Guccifer 2.0 with the Daily Beast. ThreatConnect does not have ties to the recent discovery.