Guccifer should not be confused with Guccifer 2.0.
Marcel Lehel Lazăr (born 23 November 1971), known as Guccifer, is a Romanian hacker responsible for high-level computer security breaches in the U.S. and Romania. Lazăr targeted celebrities, Romanian and U.S. government officials, and other prominent persons.[1]
Lazăr first appeared in news media in February 2013 after the website The Smoking Gun reported he was responsible for hacking the AOL account of Dorothy Bush Koch, sister of former president George W. Bush.[2] Family photos of former president George H. W. Bush, who was in the hospital at the time, were circulated to the internet. He also circulated a self-portrait painted by George W. Bush. Lazăr went on to hack a number of AOL, Yahoo!, Flickr, and Facebook accounts, giving him access to information about current and former high-level government officials.
In January 2014, Lazăr was jailed in his native Romania for seven years after being convicted of hacking emails of Romanian officials. Lazăr was subsequently extradited by Romania to the United States, where he was indicted on federal charges. In May 2016, Lazăr pleaded guilty in federal court to two charges. In September 2016, he was sentenced to 52 months in prison in the United States.[3] [4] Romanian authorities asked for Lazăr to be released to his home nation to complete his seven-year prison sentence there before being returned to the U.S. to serve his federal prison sentence.[3]
Lazăr is of Romanian and Hungarian ancestry.[5] He lived in the village of Sâmbăteni, part of the Păuliș commune, to the east of Arad, Romania.[5]
Lazăr has said that his pseudonym Guccifer is a portmanteau of "Gucci" and "Lucifer" (a reference, he says, to "the style of Gucci and the light of Lucifer").[6]
Lazăr had no particular computer expertise, but instead used patience and persistence to obtain private information.[5] Lazăr had "no fancy equipment, only a clunky NEC desktop and a Samsung cellphone, and no special skills beyond what he had picked up on the web."[5] He used the simple technique of finding information about his victims online and then using this to guess the correct answers to security questions.[5] At the time of his arrest in 2014, Lazăr was an unemployed taxi driver.[5]
Lazăr later hacked Colin Powell's website and accessed years' worth of his correspondence from another AOL account. The correspondence included personal financial information as well as e-mails to George Tenet, Richard Armitage, and John Negroponte.[7] Through six months of trial and error, Lazăr guessed the password of Romanian politician Corina Crețu and gained access to her correspondence with Powell.[5]
The hacker also targeted U.S. Senator Lisa Murkowski; a senior UN official; members of the Rockefeller family; former FBI and Secret Service agents,[8] as well as the brother of Barbara Bush, CBS sportscaster Jim Nantz, and former Miss Maine Patricia Legere.[9]
On March 20, 2013, USA Today reported that Lazăr had successfully hacked the e-mail account of Sidney Blumenthal, a former aide to former president Bill Clinton.[10] He distributed private memos from Blumenthal to Secretary of State Hillary Clinton involving recent events in Libya, including the September 11, 2012 Benghazi attack.[11] Before distributing the memos, he copied and pasted the text into his own new documents, then reformatted them with pink backgrounds and Comic Sans font.[11] The hacker's IP address was traced to Russia, however there was no certainty as to whether this was his actual location or whether he had used a proxy to hide his true location.[12]
In early May 2013, Lazăr hacked into online accounts owned by two members of the Council on Foreign Relations, as well as accounts owned by Adam Posen and his wife and another owned by a former Federal Reserve Board official.[13]
TSG reported on May 7, 2013, that Lazăr had hacked the Twitter feed and e-mail account of Sex and the City author Candace Bushnell.[13] Bushnell spent several hours fighting for control of the accounts, while Lazăr publicly posted portions of an unpublished manuscript to Bushnell's Twitter feed. Lazăr sent an e-mail to TSG claiming responsibility for the hack using the AOL account of actor Rupert Everett.[13]
On 22 January 2014, Lazăr, then age 40, was arrested by the Romanian law enforcement agency DIICOT (the Department of Investigation of Organized Crime and Terrorism Offenses, Direcția de Investigare a Infracțiunilor de Criminalitate Organizată și Terorism) at his home in Sâmbăteni, Arad County.[14] [15]
In 2014, a Romanian court sentenced Lazăr to four years in jail for accessing email accounts of public figures "with the aim of getting ... confidential data."[16]
Lazăr had already had a police record in Romania, having been arrested and convicted there in 2011 for "hacking into the email accounts of Romanian starlets and other celebrities" under the pseudonym Micul Fum ("Little Smoke").[5] He was serving a separate three-year sentence in Romania for those crimes.[16]
In an interview with the New York Times in November 2014 conducted while Lazăr was imprisoned in the Arad Penitentiary, the hacker "read out a lengthy handwritten statement that he said explained the purpose of his hacking," which included "a potpourri of conspiracy theories about the terrorist attacks of September 11, 2001, the 1997 death of Princess Diana and alleged plans for a nuclear attack in Chicago in 2015."[5] Lazăr claimed that the world is run by the Illuminati and a cabal of others.[5]
On June 12, 2014, Lazăr was indicted by a federal grand jury in the United States District Court for the Eastern District of Virginia in Alexandria, Virginia, on nine charges: three counts of wire fraud, three counts of gaining unauthorized access to protected computers, and one count each of aggravated identity theft, cyberstalking and obstruction of justice.[16] [17] [18]
The indictment alleged that:
In March 2016, Romania approved an 18-month temporary extradition to the United States, and Lazăr was surrendered to U.S. authorities.[16] [17] Since his extradition, Lazăr has been detained at Alexandria City Jail[19] [20] in Alexandria, Virginia.[12] He made his first U.S. court appearance on April 1, 2016.[21]
See main article: article and Hillary Clinton email controversy. In May 2016 - one month after being extradited to the U.S., and while jailed in Virginia awaiting trial - Guccifer claimed to have repeatedly hacked Hillary Clinton's email server. This claim occurred in the midst of an ongoing FBI probe of Clinton's use of a private email server while serving as United States Secretary of State. Lazăr claimed that the server was "like an open orchid on the Internet"[22] and that "it was easy ... easy for me, for everybody."[12]
Lazăr provided no proof of his claim, and U.S. investigators found no evidence to support the claim.[23] [24] [25] U.S. officials have also said that if Lazăr had obtained information from Clinton's servers, he would have publicly released such information, as he did when he obtained access to other high-profile individuals,[25] such as Sidney Blumenthal[26] and George W. Bush.[27] According to an FBI report, Lazăr stated during interrogation that he had lied to FOX News when claiming he hacked Clinton's e-mail server, and investigators determined that although he may have attempted to access the server, no additional solid forensic evidence was found to tie Lazăr to this failed access attempt.[28]
On May 25, 2016, Lazăr - then age 44 - pleaded guilty in U.S. federal court to unauthorized access to a protected computer and aggravated identity theft as part of a plea agreement with federal prosecutors.[29]
According to a Justice Department press release:
On September 1, 2016, U.S. District Judge James C. Cacheris sentenced Lazăr to 52 months in prison. The judge also stated that the Justice Ministry of Romania had made a request for Lazăr to be returned to Romania to complete his prison service there, before being conditionally released in 2018 and returned to America to serve his U.S. prison sentence.[3] He was released from prison in August 2021.[30]