On Thursday, a report from the Daily Beast alleged that the Guccifer 2.0 hacking persona—famous for leaking data stolen from the Democratic National Committee in 2016—has been linked to a GRU Russian intelligence agent. What appears to have given Guccifer away: The hacker once failed activate a VPN before logging into a social media account. This slip eventually allowed US investigators to link the persona to a Moscow IP address. In fact, they traced it directly to GRU headquarters.

Guccifer 2.0 took careful precautions to remain anonymous for months, yet one small mistake may have blown the whole cover. Such a gaffe may seem unthinkable for such a prominent and seemingly powerful hacker, but security experts note that, as the truism goes, everyone makes mistakes. And anyone who has worried about operations security, the process of limiting what information an outside party can discover, knows that you can't rely on being perfect.

"It's really easy for a hacker to slip up even if they've perfected their tradecraft," says David Kennedy, CEO of the security firm TrustedSec, who formerly worked at the NSA and with the Marine Corps' signal intelligence unit. "It happens all the time even to the most skilled of attackers, because it only takes one packet that an attacker didn't think about or data that wasn't intended to go to a certain destination to find its source."

Cyber Goofs

From the outside, the faceless world of cyber espionage and digital nation-state aggression has an air of drama and mystery. Personas like Guccifer 2.0 or so-called Advanced Persistent Threat hacking groups have a certain mystique that makes their capers even more disconcerting, like being under attack from a phantom. But in practice it's easy to see that the work isn't glamorous at all, and that the individuals behind it are, of course, regular people. Who screw up.

Though it may feel surprising every time, elite hackers regularly make crucial opsec mistakes. North Korean hackers accidentally exposed their IP addresses during their attack on Sony Pictures in 2015. Investigators traced two of the founders of the dark web marketplace Silk Road simply because both men used their personal email addresses to establish accounts related to the project. And researchers at the Russian antivirus firm Kasperksy Labs exposed evidence in 2015 of an elite hacking group tied to the NSA, after the group accidentally let some IP addresses it owned expire, allowing Kaspersky to buy them and track malware that phoned home to them.

In spite of their insuperable aura, black hat hackers don't all need to be at the very pinnacle of their field. Different skill levels suffice for different projects, and the goal is generally to do the minimum required and save resources rather than making everything completely watertight. Bad actors of all levels use slapdash code, open source tools, and sloppy methods if they'll get a job done.

"A key point when people talk about 'groups' is that in a lot of cases, operators are not always going to know exactly what they’re doing or how things work, regardless of how advanced the tooling is," says Will Strafach, a mobile security researcher and the president of Sudo Security Group.

StopSec

Though missteps can be damaging to offensive operations, attempting to avoid gaffes is just as crucial when people are using operations security best practices to defend themselves or others and use information control as a form of protection. For a survivor fleeing an abuser, a political dissident, or an activist, the cost of small mistakes can be enormous. But high-profile examples of the types of mistakes that can occur can serve as teachable anecdotes for those seeking to defend themselves.