How to Become a Russian Hacker

Mar 7, 2017
By: Jerry A. Goodson
In: General

It's cheap, easy, and you may have already done it before, and not even known it!

"It could be Russia. And it could be China. And it could
be some guy in his home in New Jersey," he said.
"I believe that it could have been Russia and it
could have been any one of many other people."
- Donald Trump on DNC Hacks by Russia Allegations

What if it was a redneck country cop in Northeast Texas? Could it be? I sat here in my easy chair, with my wife about eight feet away munching on Cheez-Its and browsing Facebook on her phone not having any idea what I was doing, or what I was capable of doing just a few feet away. I gave myself a $500 notional budget to see just how easy and inexpensive becoming a Russian hacker could be. The ease and expense (or lack, thereof) didn't surprise me near as much as how quickly the feat could be accomplished. It only took about 20 minutes on Google, combined with some above-average understanding of how IP and VPN networks work.

Large high-paid security firms rely heavily on server logs. Pings, TraceRoutes, DNS, Metadata, and a slew of other techie terms that have been espoused as "evidence" only serve to prove one thing: supposition.

An acquaintance of mine who is employed by one of the touted "seventeen intelligence agencies" is absolutely convinced the Russian government, under the direct order of Putin, himself, hacked the DNC to influence the elections in President Trump's favor. That conclusion was heavily based on the suppositions (not hardcore proof) issued by CrowdStrike.

Guccifers and Cozy Bears and Fancy Bears, oh my!

What can CrowdStrike claim, definitively? The DNC was, in fact, hacked. The IP address of origin was in Russia. Everything ELSE (as in WHO) is purely speculative. CrowdStrike "identified" two separate "Russian" entities as responsible for the hacks. They even assigned cute little code names to the two "Russian" groups, Cozy Bear and Fancy Bear. CrowdStrike said it was the Russians, and there was no changing their conclusion.

Enter Guccifer 2.0. What the heck is a Guccifer? I don't know. However, a hacker who adopted the handle of Guccifer 2.0 claimed credit for the hacks, while simultaneously attacking CrowdStrike's competence and credibility. After sifting through the metadata (mostly IP headers from email traffic), not only could CrowdStrike not definitively identify Cozy Bear or Fancy Bear, but they couldn't identify Guccifer 2.0, either.

The real annoyance for me, personally, was CrowdStrike's insistence that Guccifer 2.0 was... Russian!

(He or She) used a Russian VPN (virtual private network). Guccifer 2.0 claimed to be Romanian, but metadata revealed IP addresses originating in France and Russia. Guccifer 2.0 claimed (he or she) did not speak Russian, and (his or her) language patterns suggested (he or she) didn't speak Romanian, either. The VPN IP address originating in Russia did not prove or disprove Guccifer 2.0 is Russian, or even that (he or she) is IN Russia!

So with my notional $500 budget and 20 minutes on Google, I came up with these three steps to become a Russian Hacker:

How to Become a Russian Hacker in 3 Cheap and Easy Steps

Step 1: Get a Russian phone number ($22.00/mo $34 initial setup)

With this service, a user could obtain a phone number that originates in Russia, but can be used by a PC anywhere in the world to send/receive phone calls and SMS (text messages) as if the user was on a cellphone in front of the Kremlin.

Step 2: Get a Russian online money account

Note ** It says it's not available in the U.S. or to U.S. citizens... but if we're going to be "Russian Hackers," then we simply click the button that says "I'm not United States of America citizen and I do not reside there."

The Russian-based WebMoney service is the U.S. equivalent of PayPal. Chances are, you had to use that PayPal account to initially purchase your Russian phone number, which was needed to validate this WebMoney account, so purchasing a new Russian number using this WebMoney account, then establishing another WebMoney account, then transferring the money from this WebMoney account into your new WebMoney account may be warranted to add another layer of anonymity in the paper trail. Ultimately, banking records CAN be traced IF Russia cooperates with US authorities to investigate your identity. Otherwise, U.S. authorities don't have the unlimited access to Russian bank records as much as they do to U.S. bank records. Move on to Step 3 and use the VPN service at least once during the recycling, and eventually, you'll create too many rabbit trails to trace before your identity as a U.S. citizen could be established.

Step 3: Get a Russian VPN Service ($6.99/mo when paid 12 months in advance)

Pay with the Russian WebMoney account you set up.
Note ** The VPN service I linked provides a Russian VPN IP address, but the company is based in Switzerland. I don't REALLY encourage folks to do business with Russian VPN services.

Fact is, there are free VPN servers all over the world that are available, but while those services mask your IP of origin, they are generally known to belong to free VPN services. It's the services you have to pay that provide you with your own unique personal IP address from the country of origin of your choice.

With the link I provided in Step 3, you simply download the VPN client, and log in to the VPN server. You create the online identity of who you want "them" to think you are.

It really is THAT easy. With a little bit of money (that I really didn't spend), a little bit of time, and a slightly higher-than-average understanding of IP traffic, this redneck country cop from Northeast Texas could very well be Guccifer 2.0 just as much as any Russian, Chinaman, or anybody else anywhere on this planet that has a laptop and an internet connection.

Truth is, I've used VPN services before... for something a LOT less nefarious than hacking the DNC. Did you know that Netflix has different shows and movies available in different countries? After connecting to a German VPN, I could watch "The Big Bang Theory" on the streaming network, although it's not available here in the U.S. I was able to do that for four seasons before Netflix figured out I was using a public free VPN service, then blocked the IP. However, I could use a premium VPN service (like the one linked in Step 3) and continue watching the show as if I were sitting in an internet cafe in Germany.

What's Wrong with Guccifer 2.0?

The short answer is, the same thing that's wrong with Cozy Bear and Fancy Bear... nobody can prove, or even claim, definitively, any or all of them are Russian. The only common thread between them all is the IP address(es) they have used to deploy their attacks. The IP address(es) in question is/are known to be a Russian VPN service. Is it possible the three individuals and/or entities are not even connected, yet still use the same originating IP address?

It's a VPN service! I could, theoretically, pay for the very same service from right here in my living room in Northeast Texas, and be assigned the same IP address(es)! I assure you, I do not know the identity of any of the hackers, or even their national origin, yet, I could do the very same things they have done, and make it look like it was done from Russia.

Given that piece of crucial information, it begs the question:  Why would Russian hackers, under the direction of Putin himself, use a VPN that originated in their own country?  If I were wearing a ski mask while robbing a bank, I wouldn't be so dumb as to also wear a name tag that says, "Hi! I'm Jerry Goodson!"

Instead of trying to determine Guccifer's true identity and country of origin, the investigation was, instead, aimed at proving Guccifer was a Russian.  

The problem with CrowdStrike's claims the hackers were Russian is based solely on the fact that the VPN IP address is Russian.  That is pure speculation that has been repeated and reported so much that people have accepted it as fact.  I cannot say Guccifer is NOT Russian any more than CrowdStrike can claim (he or she) is!




Next page: About Me