NYT:

Who is Guccifer 2.0, the self-proclaimed Romanian “lone hacker” responsible for copying thousands of emails and other files from the Democratic National Committee — a real person, or a front created by Russian intelligence officials?

Technology specialists have been debating that question since June 15, when CrowdStrike, a cybersecurity firm hired by the Democratic National Committee, announced that sophisticated hacker groups with Russian links were responsible for breaching the committee’s computer servers. Within hours of the announcement, someone using the moniker Guccifer 2.0 started a blog to mock that finding, posting several of the stolen documents and claiming sole credit.

But the publication by WikiLeaks of an archive of the committee’s internal emails — and the uproar they caused on the eve of the Democratic National Convention — have focused wider attention on who, or what, is operating behind that name. While WikiLeaks has not said how it obtained the emails, Guccifer 2.0 claimed in a blog post last month to have sent them to WikiLeaks.

Cybersecurity specialists have pointed to an array of forensic and technical evidence suggesting that Guccifer 2.0 might not be a Romanian as claimed. That evidence included metadata hidden in the early documents indicating that they were edited on a computer with Russian language settings. American intelligence officials believe that Guccifer 2.0 is a front for the G.R.U., Russia’s military intelligence service, according to federal officialsbriefed on the investigation.