Not only that, but AFAIK it’s not that hard to fake access from an arbitrary IP address if you have control of any router on the path.

Which could mean the NSA, working with somebody in the US who faked the original Guccifer 2.0 account.

Or it could mean some hacker in Europe (Ukraine maybe?) who’d taken control of a router there.

And, of course, some NSA hacker could have simply faked the whole record (of the contact that “forgot” the VPN) up. Given the incompetence demonstrated in Dec. ’16 and Jan. ’17 with their public releases, this can’t be ruled out.

Frankly, I’d say the odds are on a Ukrainian hacker. Or Iranian. But a “Deep State” false flag can’t be ruled out.

Update: The Wired story on the slip-up, dated 03/25/18 makes this exact point:

Screen shot from

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store