Pando

EXCLUSIVE: Jailed hacker Guccifer boasts, "I used to read [Clinton's] memos... and then do the gardening"

By Matei Rosca , written on March 20, 2015

From The News Desk

Bam! [Colin] Powell, the nigger, fell for it!” - Guccifer

December 2013 in the village of Sâmbăteni, Romania. The air is dull and frosty as Marcel Lazăr Lehel walks out of his mud-brick house, carrying a cheap brand laptop and a mobile phone, and goes to the back garden. Exhaling steam, he places the devices on the ground, picks up his axe and begins to chop with hard, steady blows. Thunk-crunch, thunk-crunch, thunk-crunch.

Lehel gathers the shards of plastic and metal together and dumps them into a metal cauldron, before lighting the whole thing on fire. He looks with apparent unease at the charred remains of his hacking utensils and, putting out the flames, he returns to the house. The foul-smelling pile is still smoking behind him.

Lehel, a 42-year-old unemployed Romanian citizen with a wife and ten year-old daughter, is better known to the world as the notorious black hat hacker “Guccifer.” Following his arrest in January of 2014, Lehel is serving seven years in a maximum security prison in the city of Arad, Romania, for cyber crimes against two public officials. Upon release, his real trouble will start: a nine-count USA federal indictment awaits for hacks against targets in the US. Those charges, to which he has already copped, are likely to be joined by further indictments as the full scope of his hacking activity is revealed.

* * * *

In late September 2014, I sent Guccifer a letter asking if I could visit him in prison. He sent back a reply, suggesting we communicate through his wife, Gabriela.

Guccifer did all his hacking out of Sâmbăteni, a quiet village on the westward road out of Romania. It’s poor and dusty – a generic Transylvanian village in the cornfields. Everybody speeds past, nobody ever stops. The only gas station there has long since closed.

As she walks out to meet me, Gabriela ostentatiously removes the SIM card and battery from her phone. She is anxious about the interview, but says she agreed to meet me because her maiden name was the same as my surname and she “believes in signs”.

The Lazărs never studied beyond high school. They worked petty jobs in factories and shops but Lehel had been unemployed for the year or so before he was arrested. Before that he’d been a taxi driver and a paint salesman. He had never had a job using computers. “He’s very modest, he was never interested in cash. Other women would have long divorced him but I believe in the oath we made – for better and for worse – and I love him,” Gabriela says. “At one point he became an enigma. He wasn’t interested in politics before.”

Despite the strife, she sends her husband packages containing his favorite foods and puts money on his account. “Such a man is born once every few decades. I’m proud I have a smart man.”

Gabriela doesn’t know or care much about computers or the Internet. She is worried the family can't afford a lawyer yet has little interest in engaging with the justice system. “It’s all corrupt,” she tells me. “Bright people are marginalized.” She resented the staged news event the police set up when they last came, attracting a crowd of overeager city reporters in front of her mother's house to see her husband frogmarched away.

The police seized Guccifer's computer but left behind his keyboard, which his family still uses. It is worn out; the letters and symbols on it are written in Gabriela's orange nail polish. “I’ll sell it online for $500,000,” she jokes.

Alexandra, their daughter, has schoolmates who tease and bully her. “Kids are mean. They ask her why is your daddy locked up... What did he steal? Seven years is a long time. After all, he didn’t steal anything. He was just curious,” her mother says.

* * * *

Lehel wasn't always a hacker. In fact, by hacker standards, he started late, around the age of 35. Lehel couldn't hold down a job and despite his sharp mind was a misfit and often a loser with severe money troubles. He reads a lot and is fluent in three languages but remains a simple, rural man who doesn't get on well with people. His first known hacking was in late 2010, out of boredom and vivid imagination. It turned out to be surprisingly easy. He now refuses to go into detail about it and qualifies it as “childish,” perhaps because he soon found out it was just as easy to get caught.

“I have the secret journal of the Rockefellers – I’ve taken it from a member of the Illuminati and ran a metadata analysis to verify it’s genuine.”

He was arrested and charged in 2011 after releasing swaths of private correspondence lifted from Romanian entertainers and footballers for no discernible purpose other than fame. He relished the media attention and cited amusement as his motive, walking away with a suspended jail sentence and a bruised ego. He now faced a stark choice – accept failure and straighten out - or double down and aim beyond the small scene of Romania. He chose the latter. Guccifer, the scourge of America’s most powerful men and women, was born.

Starting with the email accounts of celebrities, Lehel made his way up to government, choosing victims “on intelligence criteria” - in the espionage sense of the word. Himself a disciplined and organized man, he was appalled by how VIPs were carelessly using Yahoo, Gmail, and AOL to communicate important information to each other, taking it upon himself to punish their recklessness.

He quickly rose to global infamy in early 2013 when he hacked into the emails of George W. Bush and his family members, leaking family pictures, details of holidays, hospital appointments, and photos of the former president’s amateurish paintings.

The evasion of capture, secrecy, and track-covering made him feel important for the first time in his life. This was exactly what he had been chasing the whole time. Not money or profit, but the high of being a hero.

He found his core audience when Russia Today published emails about the Benghazi Embassy attacks hacked from then-Secretary of State Hillary Clinton and Sydney Blumenthal, her advisor. The tinfoil hat subculture pounced on these and hailed Guccifer as their enforcer. This was when he turned conspiratorial – out of what might be called the political necessity of going native for the sake of his fans. He got hooked and went past the point of return despite the fact that none of his hacks revealed anything of public interest.

In March 2013 Guccifer achieved mainstream renown, breaking into accounts belonging to Colin Powell, former US Secretary of State and Chief of Staff. He got Powell’s email from the contact list of the U.N. Under-Secretary-General Joseph Verner-Reed, who he also hacked. Armed with nothing but Russian proxy servers and ‘social engineering’ skills, the hacker logged onto Powell's AOL account by guessing the password based on his grandmother's name. He downloaded all emails, attachments, metadata and contacts.

Every day he woke up late and spent most of his time with the computer. Every night he dug deeper into his victim’s private life. He drew a family tree for Colin Powell and his wife going back three generations, looking for occult connections. Eventually, he found among Powell’s emails some messages from Corina Creţu, a female Romanian politician. Powell had deleted his replies and Lehel decided that the correspondence suggested that Cretu wanted to reignite a faded relationship. “She’s an undercover FSB agent. I’ll set them a trap,” he says he decided.

"Bam! Powell, the nigger, fell for it,” Lehel told me from behind bars, believing he foiled a spy operation and exposed a paranormal secret society.

He called his plan Project Alpha. He’d make Powell and Creţu give themselves away as Illuminati by publicizing the alleged affair. He defaced Powell’s Facebook page with bizzare messages, at the same time hacking Powell’s acquaintances and dissipating screen grabs of the mawkish emails from Creţu. Powell noticed and kept deleting the embarrassing posts in an effort to cover things up.

By July, Lehel zeroed in on Creţu’s Yahoo account and answered her security question – the street she grew up on. Guccifer, having gleaned the address of her primary school from her public Facebook page and extrapolating that she must’ve lived in the area, methodically and persistently tried out street names in that neighborhood until he hit gold. He read her emails without suspicion from Yahoo, but was forced to change her password and lock Creţu out of her account, thus making her wise to the breach.

He intercepted the following email from Powell: “This hacker is driving everyone here crazy. We received the album of about 20 photos and several of your emails from the account of the former Chief of Staff of our Air Force. The hacker gets addresses from my contact list which he got when ne [sic] hack into President Bush’s account. Our security people have been chasing him for months. He may have lots of your emails, maybe not, so best to delete all between us.”

She replied with irritation: “I now look like a crazy woman who has been sending you emails all these years like an autist.” Guccifer released the exchange, The Smoking Gun website ran with the story and shortly after, Powell denied impropriety on national television. The news went viral. Project Alpha worked: “Bam! Powell, the nigger, fell for it,” Lehel later told me from behind bars, believing he foiled a spy operation and exposed a paranormal secret society.

Hacking Creţu brought him to the attention of the Romanian secret services. Who else but a Romanian would even deem her a worthy victim? It was the beginning of his downfall. But as before, when getting too close to the flame, Guccifer upped his bets. In August, he hacked two of the private email accounts held by George Maior, then the boss of Romania’s internal intelligence service (SRI), whose details he found in Corina Creţu's address. Guccifer had the audacity to use Maior's own compromised address to contact him directly on his SRI email, calling the top man in Romanian intelligence a ‘skunk’ and asking him for money in jest. Maior, the very man who was chasing him, kept silent. Guccifer posted everything online.

Lehel still felt invincible but, in December, Maior made a public statement which derailed the hacker’s confidence. “Micul Guccifer will be caught,” he said, alluding to the hacker's previous pseudonym, Micul Fum. It translates as Little Smoke, inspired by the psychedelic drug used in Carlos Castaneda’s books. “This was hugely dumb of him, alerting me,” Guccifer says now, implying it was a slip. (Maior told the NY Times it was a coincidence.) Either way, Guccifer took the bait -- calculating it was now either death by CIA black op or prison he decided to publish everything, fast. That fit of paranoia would turn out to be his undoing.

He took the axe to his laptop and phone, a scene he would later describe to me, in vivid detail, from prison. "It was a special laptop which was passed to me by a French intelligence connection, who had it from the Pentagon." Despite knowing it was tapped, he used his landline to offer journalists stolen data. If he got assassinated by a death squad, at least Guccifer would live online – or maybe a burst of fame would keep him safe. The calls gave police enough to move in. In the first week of 2014, Lehel was arrested in a dawn raid by a team of armed and masked police. Cryptome posted the seven-and-a-bit gigabyte Guccifer Archive online shortly afterwards.

* * * *

On October 7th 2014 I go to visit Lehel in prison. The weather in Arad is too warm for October, but the penitentiary is cool, its compound shaded by tall whitewashed bulwarks. From outside you can only see the watchtowers, the parking lot, and the spire of the jailhouse Orthodox church. The prison is the only recent building on the city’s northern edge, framed by dusty roads where car fumes mix with smog from the industrial surroundings to choke the air with a smell that only goes away after dusk.

“For a hillbilly to become world-famous overnight, it’s not that easy, that’s why he invested so much in his online persona.” - Viorel Badea, prosecutor

Lehel is wearing a brown aviator’s jacket zipped all the way up and carries a bandless wristwatch, a pair of black-rimmed glasses which he doesn’t wear but waves around for rhetoric emphasis like a neurotic university lecturer, and a blue plastic folder in which he carries papers, letters, and notebooks. He’s sturdily built and his hair is trimmed short and combed back. His eyes are a piercing grey. He affects a deadpan, soldierly manner.

We speak on a phone, through Plexiglas. The guards wouldn't let me take a camera or notebook into the visiting room so I have to take notes on the back of the 11 page US indictment against Lehel which I'm carrying with me.

Since their TV moment, Lehel has regarded George Maior as his nemesis. He blames him for his struggles with prison life - a violent assault, a skin disease, and the general uncooperativeness and chicanery of the penitentiary’s management. “It’s clear to me that all the trouble is based on the intervention of the chief of the SRI, George Cristian Maior, who was a victim in my court case,” he says. “Maior is a stupid, incompetent man. He’s lucky he doesn’t talk much.” He claims Maior was keeping “about 350 MB” of secret documents on his Yahoo account. Why not release them? I ask. “I didn’t think it was ethical to transfer them on a storage device,” he says. Viorel Badea, the prosecutor on Lehel’s case, begs to differ: all Guccifer found was Maior's casual correspondence and messages related to his teaching work. Any stolen secret documents would have been reflected in a more serious charge, relating to state security, but this was “never in question,” Badea says.

Still, Badea pities Guccifer: “Seven years is very much for a hacker,” he tells me when we meet in his Bucharest office overlooking Ceausecu’s People’s Palace. Lehel was an unusual target for the prosecutor, who mostly works banking fraud. The Romanian case against Lehel was built with ready-made evidence from US investigators, as is the bulk of cybercrime cases in the country. “We had information from the American commission but he was what we call a good suspect anyway. We had a pretty good idea who he was from his previous case. We recognized the style and kept a close eye on him,” Badea says.

He thinks Guccifer’s IQ is “above average” and he “would have made a good cop” but he “exhibits antisocial behavior.” Criminals Lehel’s age don’t normally take much interest in the Internet, Badea says. “He wasn’t a proper hacker because he didn’t do anything technical. He is an investigator.” He was “ingenious and tenacious, the obsessive-compulsive type.” Badea believes Lehel is clinically sane and the conspiracy theories he peddles are a transparent justification for voyeuristic activities that would otherwise bother his conscience. “For a hillbilly to become world-famous overnight, it’s not that easy, that’s why he invested so much in his online persona.”

Back in the Arad penitentiary, I ask Lehel about his heyday. Was it worth it? “I had memos Hillary Clinton got as a State Secretary, with CIA briefings. These were being read by her, two other people from the US Government, and Guccifer. I used to read her memos for six-seven hours and then I’d get up and do the gardening in the yard,” he says.

So far, Lehel has been tried only for crimes committed against Romanian law, but after his arrest agents of the US Government interrogated him in Bucharest about his stateside crimes. The prosecutor remembers with amusement that Lehel had worn a suit for the occasion. “I had a meeting with the FBI, the Secret Service and Cyber Command at the DIICOT (Directorate of Organised Crime and Terrorism Investigations) in Bucharest. We discussed documents marked For Official Use Only,” Lehel says. He sounds pleased that he has upset such powerful people.

At one point he breaks into a rehearsed tantrum about Arianna Rockefeller, another victim of his hacking. “I have the secret journal of the Rockefellers – I’ve taken it from a member of the Illuminati and ran a metadata analysis to verify it’s genuine.” I suggest that sounds implausible. He continues: “G. W. Bush is a KKK member. In a picture I found and published (below) he’s wearing a white KKK hood. You can see it in the reflection in the window. Mainstream media totally suppressed that.” To me, the “KKK hood” in that picture looks more like a tablet computer Bush used to photograph one of his paintings.

Screen Shot 2015-03-18 at 3.46.52 PM

So why “Guccifer”? Lucifer is an angel who rebelled. The Gucci part is for numerology and style. “Split Guccifer into numbers and you’ll get 72, which is known as an absolute number of divinity. Google it.” It’s also a talisman: “They’d rather have me dead but I came out with this name to protect me. The services wanted to liquidate me.” He believes he’s been touched by genius. “China has whole buildings full of hundreds of employed hackers who haven’t achieved what I have. I’m guided by an external intelligence,” he says. He suggests he was extended a hand of friendship by the Secret Service, but refused it. “I said our purposes don’t coincide. We’re fighting on different fronts.”

Lehel is unfazed by his jail term and welcomes the prospect of extradition to the USA, readily admitting to crimes he hasn’t been tried for yet. He shows me a page in his notebook, putting it against the glass. It contains notes about the indictment: Victim 4 is Merrill McPeak, Victim 5 is Sydney Blumenthal; “I’ll plead guilty, no problem,” he says.

On the same page is a lazy anagram, low-hanging conspiracy fruit: “Prada-DARPA”; further down, a pyramid with an all-seeing eye and the word Guccifer written across its middle; then some notes on 9-11 "truther" theories. His handwriting is like his speech – careful, ornate, deliberate, and artificially sophisticated – opposite to the trail of unpunctuated and unhinged rambles he’s left online. Focault’s Pendulum, by Umberto Eco, is one of his favorite books, he says without irony. After all, the book is a satirical take on those luckless souls who get so caught up in conspiracy theories that they not only destroy their lives, but actually turn into self-fulfilling prophecies and end up killing them.

About his motivations and methods, he says: “I’m an autodidact but not a programmer. There are 100 million programmers. I use any possible method to break electronic correspondence – including contact lists and metadata, like the NSA programs do, only that’s artificial intelligence. I also use Kaballah, numerology, and the occult. Jung’s archetypes. Social engineering. It’s not the technology but the human factor that makes the difference.” He drifts back into conspiracy, this time with a touch of antisemitism: “Wherever I investigate I find Jews and freemasons in the highest circles. I’ve hit upon secrets in the attempt to unmask the society of the enlightened.”

Lehel is offended by my suggestion there may be some humor behind his crimes. “Hacking is not a hedonistic pleasure but the pursuit of a goal I’ve been on for ten years.” People he hacked who don’t fall into these categories - actors, models, athletes – are dismissed as collateral: “Smaller circles lead to bigger circles.”

He relies on the media industry to document his capers but believes it’s controlled by his enemies. “I have my own contacts in the States. John Young, Adrian Chen and people from CNN, Washington Post and others. I have close relationships with them.” John Young of Cryptome, the patron of his magnum opus says: “Guccifer and I had an extremely close relationship” and adds “he is our hero.” Adrian Chen, who covered him extensively, is less enthused: “I actually didn't really want to deal with him because he sort of creeped me out.”

Lehel considers the comparisons made between himself and the Beatles, or Edward Snowden: “I’ve always been a lover of rock music. In 1989-90 I was the first to put out a heavy metal magazine in Romania – Extaz Metal Magazin. A few issues came out, it was a collector's item. He adds: “The comparison with Snowden flatters me. I believe we are fighting on the same barricades.”

Behind the lone vigilante and the swivel-eyed conspiracy theorist lies a man who reached an age where his potential felt wasted and who decided to prove himself. The prosecutor called it “a compulsive need to be famous.” Lehel, briefly out of character, reflects: “Harder than the hacking was getting into the mass media.”

Our conversation ends at the insistence of a sullen prison guard. Time is up. Before I leave, Lehel assures me that, far from rehabilitating, Guccifer is still plotting inside his cell. He is anticipating a collaboration with US security services “when the time is right”. He says he has “a lot more material saved in the cloud.”

“The Guccifer archive isn’t complete and many intelligence services are interested in it. Hot Palestinian documents. Problems in the near future for the Western world. The whole archive is around 30 GB. That’s the submerged part of the iceberg.”

Featured photograph: Marcel Lazăr Lehel with his daughter, posted on Facebook (republished with permission).  Special thanks to David Baker of Angel, London, for his assistance with this story.