How ‘Guccifer’ went from online novice to infamous hacker, and got caught
Andrew Higgins
He revelled in tormenting members of the Bush family, Colin L. Powell and a host of other prominent Americans, and also in outfoxing the FBI and the Secret Service, foiling their efforts to discover even his nationality, never mind his identity. Early this year, however, the elusive online outlaw known as Guccifer lost his cocky composure and began to panic.
He smashed his hard drive and mobile phone with an axe.
That spasm of precautionary destruction, at his home in Romania’s Transylvania region, did not help him much – especially as he left pieces of what would later become evidence scattered in the mud.
Two weeks later, on January 22, a global hunt for the celebrated and mysterious hacker who first revealed self-portraits painted by George W. Bush and plundered a trove of personal emails from politicians, military officers and celebrities finally ended in an early morning raid of the home in rural Romania.
“I was expecting them, but the shock was still very big for me,” the hacker, now serving a seven-year sentence, said. He spoke in an interview, his first, at the Arad Penitentiary. “It is hard to be a hacker, but even harder to erase your tracks.”
In many ways, however, his two-year rampage through the email accounts of rich and powerful Americans showed how easy it can be to go rogue on the internet and, even when armed with only rudimentary skills, to stay one step ahead of the law, at least for a while.
The hacker who signed off as Guccifer (pronounced GUCCI-fer) — a nom de guerre coined, he said, to combine “the style of Gucci and the light of Lucifer” — turned out to be Marcel-Lehel Lazar, a jobless 43-year-old former taxi driver. He had no expertise in computers, no fancy equipment, only a clunky NEC desktop and a Samsung phone, and no special skills beyond what he had picked up on the web.
Viorel Badea, the Romanian prosecutor who directed the case, expressed dismay that Lazar had gotten so far with so little. “He was not really a hacker but just a smart guy who was very patient and persistent,” Badea said.
Instead of burrowing into his victims’ email accounts using computer worms and other hacking tools, the prosecutor said, Lazar trawled the web for information about his targets and then simply guessed the right answers to security questions.
“He is just a poor Romanian guy who wanted to be famous,” said the prosecutor, who leads a cybercrime team in Romania’s organised crime unit.
It took six months of trial and error for Lazar to guess the right answers and gain access to the emails of Corina Cretu, a 47-year-old Romanian politician who sent pictures of herself in a bikini and a flirtatious message to Powell, the former secretary of state. Powell, who has denied having an affair with Cretu, had urged her to delete all their messages after he discovered that his own email account had been hacked.
Lazar, who is half-Hungarian, acknowledged that he relied mostly on educated guesswork. He said he had no training in computers, though he did work, briefly, in a computer factory. “I got fired after two weeks,” he said.
To cover his tracks, he launched most of his raids through a proxy server in Russia. He figured that would hide any fingerprints leading back to Romania, where he already had a police record. That followed a 2011 conviction for hacking into the email accounts of Romanian starlets and other celebrities under the name Micul Fum, or Little Smoke.
Lazar was so confident of his ability to elude detection that, late last year, he started boasting of his exploits to The Smoking Gun, a US website that on January 6 posted a defiant email message in broken English from the still unidentified Guccifer: “NO I am not concerned, i think i switch the proxies go to play some backgammon on yahoo watch tv, play with my family and daughter.”
A day later, however, Lazar got a shock when George Maior, the head of Romania’s domestic intelligence agency, announced that the authorities would soon catch America’s most wanted hacker, a vow that suggested they knew he was in Romania. Lazar, in his prison interview, said he was also badly shaken by Maior’s description of him as “Little Guccifer,” which to him indicated that investigators had linked Guccifer with Little Smoke, the pseudonym he used before his 2011 arrest.
Thrown into a panic, he decided it was time to destroy evidence of his hacking and took an ax to his computer and cellphone in his yard in the village of Sambateni, about 11 miles east of Arad, the Transylvanian city where he is now in prison. “I knew they were coming for me,” he recalled. “My sixth sense told me I was surrounded. I was losing control of the situation.”
In reality, the authorities still had little idea who Guccifer was. Maior, in an interview in Bucharest, the Romanian capital, said he was not aware that Guccifer was the same person as Little Smoke, and had merely called him “little” to “minimise his aura of un-catchability.” The authorities, Maior said, did not even know at the time that Guccifer was Romanian.
But they had suspected he might be since September, when Guccifer hijacked a personal email account used by Maior, the security chief, and then used it to send Romanian-language messages to Maior’s official email account at the Romanian Intelligence Service.
Maior promptly ordered an investigation. “It was clear he had broken into my email,” Maior said. “He wanted to prove something. I took it seriously.”
Aided by US investigators, who had been hunting in vain for Guccifer for months, the Romanians quickly homed in on Lazar, who had left a clumsy trail of clues.
“He made many mistakes,” Badea, the prosecutor, said.
Lazar said he could have covered his tracks better if he had more money — for a more powerful computer, for instance.
“Of course, I could have stolen money from them. I didn’t. Not a single dollar,” he said, distancing himself from the legions of fellow countrymen who have made Romania, the second-poorest country in the 28-member European Union, a global leader in internet fraud.
A US indictment filed against Lazar in Virginia in June accused him of trying to extort “money and property by means of materially false and fraudulent representations, pretenses and promises” to his American victims, but Romanian investigators say they found no evidence of extortion.
Romanian officials say the United States has not asked Romania to extradite Lazar but has sent investigators to question him to learn how he managed to prey on so many powerful Americans. The US Justice Department declined to comment.
Before agreeing to answer questions from The New York Times in prison, where he shares a cell with four others, including two convicted murderers, he read out a lengthy handwritten statement that he said explained the purpose of his hacking.
A potpourri of conspiracy theories about the terrorist attacks of September 11, 2001, the 1997 death of Princess Diana and alleged plans for a nuclear attack in Chicago in 2015, it said: “This world is run by a group of conspirators called the Council of Illuminati, very rich people, noble families, bankers and industrialists from the 19th and 20th century.”
Badea, the Romanian prosecutor, scoffed at Lazar’s fixation on so-called Illuminati as a ruse intended to give a political gloss to a peeping-tom hacking addiction. The hacking exploits that led to his 2011 conviction involved “no Illuminati, just famous and beautiful girls,” the prosecutor said.
Lazar denied any interest in celebrities, asserting that he had only stumbled on most of the people he hacked as Guccifer, a long list that included the actress Mariel Hemingway, the “Sex and the City” author Candace Bushnell, the editor Tina Brown, the comedian Steve Martin, the author Kitty Kelley and many others.
With no access to a computer in jail, he now pours out his phobias and conspiracy theories in notebooks filled with his small, neat handwriting. “OK, I broke the law, but seven years in a maximum-security prison? I am not a murderer or a thief,” he said. “What I did was right, of course.”
New York Times