• United States




Guccifer gets 52 months in prison

Sep 01, 20163 mins
Data BreachSecurity

The attacker with the nom de plume of Guccifer, who had breached all manner of email accounts including exposing the existence of the Clinton’s ill advised self-hosted email server has gotten himself thrown in prison.

This was an outcome that really comes as a surprise to no one in particular. He already had a series of convictions in Romania from 2014 as a part of his spree. The attacker from Sâmbăteni Romania, Marcel Lehel Lazar aka Guccifer pled guilty to charges including breaching systems and identity theft. The original US indictment included charges of aggravated identity theft, wire fraud and obstruction of justice.

He had made some claims that he had in fact compromised an email server the Clinton’s were running at home. But, as far as law enforcement could discern, this simply wasn’t verifiable.

He was jailed in Romania in 2014 for compromising the email accounts of several Romanian officials. Prior to that he managed to breach multiple high profile email accounts belonging to the likes of Colin Powell, Jim Nantz from CBS Sports and in 2013 the email account of Sidney Blumenthal a former Bill Clinton political aide.

Not happy to simply occupy himself with breaching email accounts, Lazar apparently breached the Twitter account of the creator of the show Sex in the City as well as others.

The 40 something year old Lazar will be spending the next 52 months in Federal prison. He could count himself fortunate that the sentence was not far worse than he received. If Lazar had the book thrown at him he could could have potentially received 20 years just for the charge for wire fraud alone.

Now, all of this was accomplished not but some super elite computer criminal. This was accomplished by a guy with little in the way of computer skills.

From NY Times:

The hacker who signed off as Guccifer (pronounced GUCCI-fer) — a nom de guerre coined, he said, to combine “the style of Gucci and the light of Lucifer” — turned out to be Marcel-Lehel Lazar, a jobless 43-year-old former taxi driver. He had no expertise in computers, no fancy equipment, only a clunky NEC desktop and a Samsung cellphone, and no special skills beyond what he had picked up on the web.

Viorel Badea, the Romanian prosecutor who directed the case, expressed dismay that Mr. Lazar had gotten so far with so little. “He was not really a hacker but just a smart guy who was very patient and persistent,” Mr. Badea said.

Lazar already possessed a criminal record for similar activities in 201 when he was arrested in Romania under the moniker of “Little Smoke”.

Everyday the barrier to entry into the dark side of web security gets lower. He didn’t have any great exploits that he leveraged. He was just very good at socially deconstructing his targets using publicly available information and then…making a guess.

Too bad that he wasted his talent on activities such as he had engaged in. I would hazard that he could have a good career if he had applied himself differently.


Dave Lewis has over two decades of industry experience. He has extensive experience in IT security operations and management. Currently, Dave is a Global Security Advocate for Akamai Technologies. He is the founder of the security site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast.

The opinions expressed in this blog are those of Dave Lewis and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author