Relevent paragraphs:

> [An intelligence researcher] led an investigation at ThreatConnect that tried to track down Guccifer from the metadata in his emails. But the trail always ended at the same data center in France. Ehmke eventually uncovered that Guccifer was connecting through an anonymizing service called Elite VPN, a virtual private networking service that had an exit point in France but was headquartered in Russia.

> But on one occasion, The Daily Beast has learned, Guccifer failed to activate the VPN client before logging on. As a result, he left a real, Moscow-based Internet Protocol address in the server logs of an American social media company, according to a source familiar with the government’s Guccifer investigation. Twitter and WordPress were Guccifer 2.0’s favored outlets. Neither company would comment for this story, and Guccifer did not respond to a direct message on Twitter.

> Working off the IP address, U.S. investigators identified Guccifer 2.0 as a particular GRU officer working out of the agency’s headquarters on Grizodubovoy Street in Moscow. (The Daily Beast’s sources did not disclose which particular officer worked as Guccifer.)

Opsec is hard - you only need to fuck up once...

If all it takes is "one occasion" for investigators to believe you're Russian, it's also definitely easy to throw investigations off course.

> If all it takes is "one occasion"

Depends on the occasion, no? There's a difference between "the target account once used phrasing more typical of a Russian speaker than a Romanian speaker" and "the target connected to the server from inside GRU headquarters".

> it's also definitely easy to throw investigations off course

Connecting to a server from GRU headquarters isn't something I'd call "definitely easy". If the claim is true, Occam's Razor suggests that the GRU was involved in some fashion. What's the alternative? That the DNC compromised the network of a Russian intelligence agency?

(How much faith to put in an anonymously sourced claim about what was in the logs of an unnamed social network is a separate question, of course.)

You've added something that was not in the article. The IP address was not necessarily in the GRU HQ. The IP was in Moscow. The IP allowed the agent to be identified. That might mean the IP was in the GRU HQ but not necessarily. Once the agent was identified, they knew (possibly based on other intel collection) that he works out of (has as a "home" office) the GRU HQ.

It is in the article:

> U.S. investigators identified Guccifer 2.0 as a particular GRU officer working out of the agency’s headquarters on Grizodubovoy Street in Moscow.

That seems WILDLY unprovable.

Tell me; how did The Daily Beast, an org that has Chelsea Clinton on their board, get the external IP addresses of the Russian Intellegence headquarters?

Please read the article properly before commenting - It helps you to stop jumping to wild, crazy conclusions

It wasn't the DailyBeast conducting the investigation, they are just reporting on it

Tracked to a specific office in their HQ... by an external IP address... lol, ok.

You are not as anonymous as you think when you are online - An IP address can easily identify a particular office in a government building

There are many, many cases where a journalist has tracked down specific wikipedia edits to a particular office or intranet in a government building all from their IP address

You can find a ton of stories with a quick google search: https://www.independent.co.uk/news/uk/home-news/government-w... https://www.smh.com.au/politics/federal/investigation-into-o...

Yep. I agree - it's pretty easy to slip up and public IPs are fairly easy to monitor.

It reminds me of this project https://github.com/edsu/anon which "lets you tweet about anonymous Wikipedia edits from particular IP address ranges"

You can see it working at Congress Edits - https://twitter.com/congressedits