Tech + Health

01.23.14

Romanian Authorities Bust the Hacker Known as Guccifer

The man who taunted heads of state, published George W. Bush’s paintings, and leaked a ‘Downton Abbey’ script was arrested by Romanian authorities.

In Arad, Romania, yesterday authorities say they finally caught up to the hacker known as “Guccifer.” Before his arrest, “Guccifer” had gained infamy for hacking former presidents, high-ranking politicians and celebrities, and leaking a collection of online artifacts that included Colin Powell’s personal emails, an unreleased script of Downton Abbey, and the paintings of George W. Bush. After a raid on his house by the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT), Marcel Lazar Lehel, 42, was accused of being “Guccifer” and led away in handcuffs.

A DIICOT press release, reported by an English language Romanian news source, describes cooperation between U.S. and Romanian authorities in the investigation leading to Lehel’s arrest and accuses him of, “..Repeatedly and without any right…breaching the security measures, the email accounts belonging to some public figures in Romania.” The release also charges that, “Later, the culprit revealed the contents of the mail to the public, which are criminal acts violating the confidentiality in the online environment and defamation of the victims’ public image.”

Nothing about the “Guccifer” case is yet clear, including his motives or how it is that he continued to flaunt his hacks and taunt authorities, even after being arrested for similar crimes in 2011 and handed a three-year suspended sentence in 2012. Now that Lehel is in custody, the answers about “Guccifer” may slowly come out.

Unlike others in the hacking world, “Guccifer” rarely made statements or used the releases from his hacks to publicize his own views. When he did speak, it was mostly to the website The Smoking Gun, which published many of the documents he hacked. In letters the site received from the hacker that it described as “email screeds,” “Guccifer” wrote, “the evil is leading this fucked up world!!!!!! i tell you this the world of tomorrow will be a world free of illuminati or will be no more.”

There were hacks that did suggest someone on the trail of conspiracy: confidential emails about Benghazi between Hillary Clinton and long time advisor Sidney Blumenthal, correspondences that mentioned Tony Blair and Bohemian Grove, and, in what appears to have led to his arrest, repeated targeting of intelligence officials. But claims by “Guccifer” that he was hacking to expose the illuminati, assuming they were meant seriously and not as a lark or a diversion, are hard to reconcile with what appears to be a mostly opportunistic spree. If his motivations are sincere, the methods seem questionable. Leaking Bill Clinton’s crude doodles of cartoon erections seems a strange way to expose the machinations of world leaders. 

According to The Smoking Gun, “Guccifer” preyed on those with weak online security, going after people with AOL emails, and then used his access to the accounts he was able to crack to collect address books and password lists that led him to hit connected targets. Tina Brown, the former editor-in-chief of The Daily Beast, was one of the high profile victims hacked by “Guccifer” whose address book was pilfered and used to identify the contact details of future targets.

Even as he continued hacking high-level officials and drawing the attention of the U.S. Secret Service and Romanian authorities, “Guccifer” may have seen the end coming. As early as December 17, 2013, “Guccifer” wrote an e-mail to The Smoking Gun saying, “the cia is for sure on my tail but you know they have all the time in the world.” Then, just over two weeks ago, on January 6, fearing that he would be caught soon, “Guccifer” wrote “i don’t know what near future hold for me,” and handed over a large cache of stolen files to a reporter “in case I disappear.” He added, “meanwhile me trying desperately to erase my files on my computer at my desk or on my smartphone which btw I don”t have because I can”t afford one.”

It’s unclear why ‘Guccifer’ began trying to strong-arm an intelligence chief in his own country.

It appears that his attacks on American celebrities and presidents are not what brought the hacker down. It was the taunting and repeated targeting of George Maior, the head of the Romanian Intelligence Service, whose secrets “Guccifer” threatened to expose that finally brought the police to his door.

A different motive for the hacking run that led to “Guccifer’s” arrest appears in the email exchanges with Maior. It’s an explanation that may seem a strange fit for the cryptic “Guccifer” but makes more sense for Lehel, the man behind the keyboard who complained that he couldn’t afford a smartphone. Lehel, however much he may have believed in taking down the illuminati and exposing the screenplays of niche TV shows, also needed money.

According to The Smoking Gun, “Guccifer” hacked Maior’s email and “sent the intelligence official a taunting note [in Romanian] warning that he would release “all sorts of documents embarrassing about yourself” unless they could agree on a price for his 7Gb archive detailing his online rampage.”

It may not have been money driving him all along, but “Guccifer” wrote as if he knew that the risks were increasing and might have sensed that desperation was making him get sloppy or that boldness was making him vulnerable.

It’s unclear why, after a long series of hacks without any known profit motive, “Guccifer,” a hacker wanted by the authorities in multiple countries, began trying to strong-arm an intelligence chief in his own country, but he certainly sensed that officials were closing in. In another recent email, "Guccifer" wrote, “now i am in a close fight with a secret service chief” and added, “i don t know what near future hold for me so i will schedule a email link for you … with my archive in case i disappear.”