Cybercrime , Fraud Management & Cybercrime , Social Media

Romanian Hacker 'Guccifer' Extradited to US

Former Taxi Driver Receives Conditional Release From Prison in Romania
Romanian Hacker 'Guccifer' Extradited to US

The notorious Romanian hacker known as Guccifer, who revealed the existence of Hillary Clinton's private email server, has begun serving his more than four-year prison sentence in the United States.

See Also: Webinar | Don't Get Hacked in the Cloud: The Essential Guide to CISOcial Distancing

Marcel Lehel Lazar, 46, is a former taxi driver who has admitted to perpetrating a string of email and social media account takeovers, using the hacker handle Guccifer - a portmanteau of Gucci and Lucifer.

In September, the Alba Iulia Court of Appeal in Romania ruled that after Lazar finished serving a seven-year sentence in the Romanian city of Deva for those crimes, he would be sent to the United States to serve a 52-month sentence (see: Romanian Hacker 'Guccifer' to Be Extradited to US).

Lazar appealed that decision, but it was dismissed by Romania's high court on Oct. 5, and on Oct. 23, a court in the city of Hunedoara ruled that he should be conditionally released from his seven-year sentence to begin doing time in the U.S., Romanian media outlet Digi 24 reported.

On Monday, Digi 24 reported that in the prior few days, Lazar had already been handed over to U.S. authorities.

The U.S. Department of Justice has confirmed to Information Security Media Group that Lazar is now in the U.S. and has begun serving his sentence.

"On Sept. 1, 2016, Marcel Lehel Lazar, aka 'Guccifer,' was sentenced by U.S. District Court Judge James C. Cacheris to serve 52 months in prison, to be followed by three years of supervised release, following his May 25, 2016, guilty plea in the Eastern District of Virginia to unauthorized access to a protected computer and aggravated identity theft," a U.S. Department of Justice spokeswoman tells ISMG.

"Pursuant to the agreement with Romanian authorities, Lazar returned to Romania to finish his Romanian sentence and was returned last week to the United States to serve his U.S. sentence," she said.

Email and Social Media Hacking Spree

From 2012 to 2014, Lazar allegedly gained access to Gmail, Facebook, AOL and other accounts by brute-force guessing their weak passwords. His victims included numerous Romanian celebrities and officials, including lawmakers and members of the state security services.

His list of U.S. victims included former Secretary of State Colin Powell and President George W. Bush, from whom Lazar stole and released a painted self-portrait of Bush in the bathtub.

Lazar also revealed that Hillary Clinton had used a private email address while serving as the U.S. secretary of state. After coming to light in the spring of 2016, the resulting scandal dogged her 2016 U.S. presidential election campaign.

The FBI, meanwhile, launched an investigation into Clinton's email server, ultimately concluding that there was no evidence of wrongdoing or signs that anyone had hacked the email server.

Indicted by US in 2014

Since early 2016, Lazar has been splitting his time between U.S. and Romanian courtrooms and prison cells.

U.S. prosecutors first indicted Lazar in June 2014 for computer crime offenses, just after he was sentenced to serve a prison sentence in Romania for similar crimes.

In March 2016, Romania released Lazar - early - and sent him to appear before the U.S. District Court for the Eastern District of Virginia, where he pleaded guilty to aggravated identity theft and unauthorized access to a computer. As noted, Judge Cacheris sentenced him to serve 52 months in federal prison.

Following Lazar's sentencing, the Justice Department said: "From at least October 2012 to January 2014, Lazar intentionally gained unauthorized access to personal email and social media accounts belonging to approximately 100 Americans, and he did so to unlawfully obtain his victims' personal information and email correspondence."

Guccifer 2.0? No Relation

Guccifer shouldn't be confused with "Guccifer 2.0," a hacker who claimed to be Romanian.

Guccifer 2.0 took credit for breaching the Democratic National Committee and dumping stolen data, including thousands of emails stolen from the personal email account of John Podesta, Clinton's 2016 presidential campaign chairman.

But cracks in the Guccifer 2.0 persona appeared early, especially since the hacker didn't appear to be able to speak Romanian.

Earlier this year, a report said investigators had found that Guccifer 2.0, whose IP address had always been masked by a VPN, had failed to activate the VPN on at least one occasion, revealing an IP address that traced back to the headquarters of Russia's GRU military intelligence agency in Moscow (see: Report: Guccifer 2.0 Unmasked at Last).

In July, the Justice Department charged 12 members of the GRU with hacking into computers - and for some, with trying to hack a state election board and election software firms - as part of a disinformation campaign designed to influence the 2016 U.S. elections (see: 10 Takeaways: Russian Election Interference Indictment).

"These GRU officers, in their official capacities, engaged in a sustained effort to hack into the computer networks of the Democratic Congressional Campaign Committee, the Democratic National Committee and the presidential campaign of Hillary Clinton, and released that information on the internet under the names 'DCLeaks' and 'Guccifer 2.0' and through another entity," the Justice Department said.


Story updated with comments from the U.S. Department of Justice.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.