Guccifer & Guccifer 2.0

Home > Cyber Fights > Guccifer & Guccifer 2.0
Guccifer Cyber Fight

Marcel Lazăr Lehel (born in 1971/1972), known as Guccifer, is a Romanian hacker responsible for a number of high-level computer security breaches in the U.S. and Romania. Lehel targeted celebrities, Romanian and U.S. government officials, and other prominent persons.


Lehel first appeared in news media in February 2013 after the website The Smoking Gun reported he was responsible for hacking the AOL account of Dorothy Bush Koch, sister of former president George W. Bush. Family photos of former president George H. W. Bush, who was in the hospital at the time, were circulated to the internet. He also circulated a self-portrait painted by George W. Bush. Lehel went on to hack a number of AOL, Yahoo!, Flickr, and Facebook accounts, giving him access to information about current and former high-level government officials.

In January 2014, Lehel was jailed in his native Romania for seven years after being convicted of hacking emails of Romanian officials. Lehel was subsequently extradited by Romania to the United States, where he was indicted on federal charges. In May 2016, Lehel pleaded guilty in federal court to two charges. In September 2016, he was sentenced to 52 months in the United States. Romanian authorities asked for Lazar to be released to his home nation to complete his seven-year prison sentence there before being returned to the U.S. to serve his federal prison sentence.

Lehel later hacked Colin Powell’s website and accessed years’ worth of his correspondence from another AOL account. The correspondence included personal financial information as well as e-mails to George Tenet, Richard Armitage, and John Negroponte. Through six months of trial and error, Lehel guessed the password of Romanian politician Corina Crețu and gained access to her correspondence with Powell.

The hacker also targeted U.S. Senator Lisa Murkowski; a senior UN official; members of the Rockefeller family; former FBI and Secret Service agents, as well as the brother of Barbara Bush, CBS sportscaster Jim Nantz, and former Miss Maine Patricia Legere.

On March 20, 2013, USA Today reported that Lehel had successfully hacked the e-mail account of Sidney Blumenthal, a former aide to former president Bill Clinton. He distributed private memos from Blumenthal to Secretary of State Hillary Clinton involving recent events in Libya, including the September 11, 2012 Benghazi attack. Before distributing the memos, he copied and pasted the text into his own new documents, then reformatted them with pink backgrounds and Comic Sans font.

In early May 2013, Lehel hacked into online accounts owned by two members of the Council on Foreign Relations, as well as accounts owned by Adam Posen and his wife and another owned by a former Federal Reserve Board official.

TSG reported on May 7, 2013, that Lehel had hacked the Twitter feed and e-mail account of Sex and the City author Candace Bushnell. Bushnell spent several hours fighting for control of the accounts, while Lehel publicly posted portions of an unpublished manuscript to Bushnell’s Twitter feed. Lehel sent an e-mail to TSG claiming responsibility for the hack using the AOL account of actor Rupert Everett.

In an interview with the New York Times in November 2014 conducted while Lehel was imprisoned in the Arad Penitentiary, the hacker “read out a lengthy handwritten statement that he said explained the purpose of his hacking,” which included details about the terrorist attacks of September 11, 2001, the 1997 death of Princess Diana and alleged plans for a nuclear attack in Chicago in 2015.” Lehel said that the world is run by the Illuminati and a cabal of others.

U.S. indictment and extradition to the U.S.
On June 12, 2014, Lehel was indicted by a federal grand jury in the United States District Court for the Eastern District of Virginia in Alexandria, Virginia, on nine charges: three counts of wire fraud, three counts of gaining unauthorized access to protected computers, and one count each of aggravated identity theft, cyberstalking and obstruction of justice.

In March 2016, Romania approved an 18-month temporary extradition to the United States, and Lehel was surrendered to U.S. authorities. Since his extradition, Lehel has been detained at Alexandria City Jail in Alexandria, Virginia. He made his first U.S. court appearance on April 1, 2016.

In May 2016—one month after being extradited to the U.S., and while jailed in Virginia awaiting trial—Guccifer said that he repeatedly hacked Hillary Clinton’s email server.


Lehel said that the server was:

“like an open orchid on the Internet”,  “it was easy … easy for me, for everybody.”

This was during the midst of an ongoing FBI probe of Clinton’s use of an illegal private email server while serving as United States Secretary of State.

DNC Leaks

The 2016 Democratic National Committee email leak is a collection of Democratic National Committee (DNC) emails leaked to and subsequently published by WikiLeaks on July 22, 2016. This collection included 19,252 emails and 8,034 attachments from the DNC, the governing body of the United States’ Democratic Party.

The leak includes emails from seven key DNC staff members, and date from January 2015, and ending in May 2016.

The leak prompted the resignation of DNC chair Debbie Wasserman Schultz before the Democratic National Convention. After the convention, DNC CEO Amy Dacey, CFO Brad Marshall, and Communications Director Luis Miranda also resigned in the wake of the controversy.

Guccifer was in custody at the time of this leak.

Guccifer 2.0

“Guccifer 2.0” is a person or persona claiming they were the hacker(s) that hacked into the Democratic National Committee (DNC) computer network and then leaked its documents to the media, the website WikiLeaks, and a conference event.

Guccifer 2.0 claimed to be following in the footsteps of Guccifer, and in an interview with Motherboard Vice, in June 2016, he stated that he was not Russian, and didn’t like Russians. He claimed to be Romanian like the first Guccifer.

There has never been any evidence that Guccifer 2.0 was the hacker whom obtained the emails, other than his own claims. In fact it is widely believed that it was not a hack at all, it was an internal leak by DNC staffer Seth Rich who was murdered. Physical evidence also shows that the data transfer rate at which the emails were transferred was only possible from an internal source within the DNC and impossible transfer rates to be from an external source or hack.  WikiLeaks did not reveal its source, however they did offer a reward for information regarding the murder of Seth Rich, while never confirming any contact with Guccifer 2.0.

There seems to be little evidence of Guccifer 2.0 activities, however he does seem to have a twitter account. Events which were scheduled for his reveal were cancelled due to his failure to show up. Roger Stone was called to testify in Congress regarding twitter exchanges with Guccifer 2.0. Many researchers believe Guccifer 2.0 to be a CIA operative claiming to be the hacker to remove the focus off the murder of Seth Rich.