Remember That Bush Paintings Hacker Guccifer Used Wikipedia to Hack Email

You don’t need to be a mastermind to embarrass some of the most powerful people in America. All it requires is that you have a lot of time on your hands and the patience to research their boring life details. Just ask Guccifer.

The Romanian hacker (real name: Marcel Lazar Lehel) has been portrayed as a brilliant criminal who broke into Bush family email accounts, distributed Hillary Clinton’s Benghazi memos, infiltrated Colin Powell’s website, and carried out other attacks. But you don’t even need to be a member of Anonymous to recognize Guccifer had more motivation than skill.

Now the 44-year-old has been extradited to the United States after being indicted in 2014 of wire fraud, unauthorized access to a protected computer, cyberstalking, obstruction of justice, and aggravated identity theft. Lehel made his first U.S. court appearance on April 1 in Alexandria, Virginia, reported Reuters. In all, a fifteen-page federal indictment charges him with nine counts of computer hacking.

The hacker dominated headlines in 2013 after leaking images of the paintings done by George W. Bush, including one piece the former president painted of himself in the shower. While the revelations that Bush was a painter undoubtedly made him a far more interesting human than we might have thought prior, Guccifer still allegedly broke the law by hacking into the email account of Dorothy Bush Koch, G.W.’s sister, where he found the photos.

Guccifer also discovered pictures of a hospitalized George H.W. Bush and broke into accounts of other Bush family members as well as longtime Bush family friend and CBS Sports broadcaster Jim Nantz.

But there’s nothing to suggest Guccifer used any kind of sophisticated hacking techniques to trick his targets into providing their email credentials or other sensitive information. Instead, according to an interview with The New York Times, Guccifer simply stalked his subjects online and figured out the answers to their security questions, which he used to enter their email accounts without a password. It was all part of a not-so-brilliant plan that “relied mostly on educated guesswork,” the Times noted, adding that Guccifer didn’t have any special computer training of his own.

A key aspect of Guccifer’s modus operandi was to closely analyze each subject’s Wikipedia page and to reference lists of the world’s most popular pet names, which people often use to answer their security questions. Other popular questions include mother’s maiden name, city of birth, favorite movie, the name of your first school, and others that can probably be found without too much Googling.

“He is just a poor Romanian guy who wanted to be famous,” Viorel Badea, the Romanian prosecutor who put Guccifer behind bars, told the Times. Before he was Guccifer, Lehel was just an unemployed taxi driver who was obsessed with the Illuminati, Badea said. “He made many mistakes.”

Other victims included Sidney Blumenthal, one of Hillary Clinton’s closest advisers during her time as Secretary of State, and Corina Cretu, a Romanian politician who send photos of herself in a bikini to another former U.S. Secretary of State, Colin Powell. Steve Martin, Rockefeller family members, and a range of British politicians were also among the victims.

That so many of the world’s rich and powerful were snagged in the ruse again highlights the cybersecurity community’s longstanding complaint that the security question recovery process creates a massive security risk for users trying to protect their account.

It’s also possible that Guccifer had a base level of hacking knowledge and was able to use that to his advantage. Various marketplaces on the dark net make it possible for angry, motivated novices to educate themselves, or outsource hacking tools. One site called the Hacker’s List was an infamous posting board meant to connect morality-challenged technicians with people offering hack contracts. Another site, a dark net hub called Rent-a-Hacker, promises to carry out “spear phishing attacks to get accounts from selected targets.”