Trump and his surrogates have helped the Kremlin as well by making exclamations that Putin doesn’t respect Obama, and that Russia doesn’t like “crooked” Hilary because she helped spark political protests in Russia in 2011 and 2013, and by convincing formerly anti-Russian Americans that Putin is an ally to be assisted in the war against ISIS. It was a master stroke that would require considerable planning and precision to execute if it had been done by spies. However, it was executed by a carnival barker. To his followers, Trump has successfully spun the line that “Putin respects me and would work with me, he won’t work with Hilary,” and they love it.

The FSB CYBER BEARS strategy was to steal critical political intelligence data from all wings of the U.S. Democratic Party, the Democratic National Committee, the Democratic Congressional Campaign Committee, the Hillary Clinton Campaign, and donors and supporters. Republican Party enemies of Russian defense policy would also need to be hacked in case they became too opposed to the operation. A little side activity to guarantee the silence of the risk-adverse politicians would generally be found in the hidden corners of a laptop or nude photos that were deleted from the hard drive but still recoverable by one or more of the CYBER BEARS.

For old-school officers trained under the KGB, conducting a political and cyberwarfare operation would be a lifelong dream. It would create the space and environment to realign Russia as the preeminent power in the world. Even though most Russians who know Putin believe that this would be a very long shot, the fortunate emergence of a self-absorbed and servile Donald Trump coupled with Putin’s long hatred of Hillary Clinton meddling in his Eastern European plans would make this a tempting opportunity to severely damage the United States. Winning battles in Cyberspace are a matter of influencing the global perception thought output of “opinions” and “voices” to “trend” a perception that the producer wishes. Whether it’s the number of hits on the latest trending kitty playing with yarn video or the location of a Pokémon GO character, if an organization with a large enough computing system and secret operatives so wishes they can steal, smear, influence and quite possibly select a U.S. President with little pushback from the media. This is apparently the terminal mission objective of Operation Lucky-7: Direct the CYBER BEARS to collect enough damaging information on Hillary Rodham Clinton and the Democratic Party to damage them in the mind of the American public.

Russian intelligence would spare no effort to elect Donald J. Trump President of the United States. However, the IWMC needed to disseminate the information publically. A cut-out could be found, but the group needed its own “legend”—espionage terminology for a false backstory to protect the identities of the case officers. The Cyberspies decided to create their own legend and to honor a hacker that was already well known: Guccifer.

The original and only Guccifer was the Romanian eccentric Marcel Lehel Lazar who was arrested and extradited from Romania to the U.S. after breaking into dozens of emails that belonged to officials like both George Bush Sr. , George W. Bush, Colin Powell, and Sidney Blumenthal, long time friend of Hillary Clinton. He used the name Guccifer as his handle for his attacks. He had claimed that he successfully hacked a private server belonging to Hillary Clinton, but during the House hearing on the FBI decision not to prosecute Clinton for use of private server or other crimes, Representative Blake Farenthold asked FBI Director James Comey if there was any truth to the claims made by Guccifer that he breached the server. Comey stated unequivocally that Guccifer lied about the breach and there was no indication that any such breach ever occurred, even if the concerns or threat may have existed.

What better way to cause mayhem, confusion and mischief than to release the stolen emails under the same name? Google searches would only add to the confusion as the original Guccifer would always come up first. Since this was a new entity, a second generation, it was only fitting that he be version 2.0. Hence, Guccifer 2.0 was born.

In late July 2016, after the news of the DNC hack hit the headlines, two groups came to the center of attention after nearly a decade of engaging in attacks on perceived adversaries of the Russian government. These two groups carried the names given to them by the American cyber security firm CrowdStrike and thus the world would be introduced to two designations for Russian hackers: “FANCY BEAR” and “COZY BEAR.” These cryptonyms were assigned to hacking threats under the term “Advanced Persistent Threats” or APTs. APTs are often associated with nation-state actors because of the level of sophistication and resources needed to conduct persistent attacks on a given target. The weapon of choice for APTs is malware. Malware is malicious computer software, such as viruses or tools that can be inserted or introduced to a target’s computer. There are estimated to be just over a hundred APTs working hostile missions through cyberspace as of August 2016. ATPs include attacks by nation-state actors, cyber criminals, hacktivists (activists who use hacking as a tool of protest), and cyber mercenaries.

CYBER BEARS are what we will call the conglomeration of several Russian intelligence agencies, nationalist militias, criminal contractor cyber warfare units, and the malware weapons these groups use in cyberwarfare. The CYBER BEARS—so called due to Crowdstrike’s BEAR designation for the DNC hackers—have conducted numerous hacking and black political propaganda operations in states that came into conflict with Russia, including Estonia, Georgia, Lithuania, Kyrgyzstan, Crimea and Ukraine. COZY BEAR, FANCY BEAR, VENOUMOUS BEAR are specific cyber infection threats that have been traced to Russian intelligence, whereas CRIMINAL BEAR is the collective name for all Russian criminal hackers. MILITIA BEARS are pro-Russian nationalist hackers who pile onto Russian Intelligence attacks that become public.

Clusters of CYBER BEAR attacks occurred most often alongside tense geopolitical backdrops associated uniquely in line with the interest of one country, Russia. Whether it was retaliation in Lithuania or Estonia, data blinding operations in Georgia, or flipping the switches on power plants in Ukraine in an attempt to undermine confidence in the government, the CYBER BEARS attacks leave plenty of marks and footprints for cyber security companies and intelligence agencies to examine.

The history of the attacks of the CYBER BEARS demonstrates advanced abilities to create code-on-the-fly and to adapt to the security environment of their target in a way that few independent or lone attackers would be able to maintain due to the complexity of the attack alone. They are also believed to be associated with thousands of attempted penetrations of U.S. Defense and industry computers as well as cyber theft and internet fraud operations. Collectively, the BEARS are the definition of a national cyber threat.

The key characteristics of classifying an entity an APT is that they are:

• Advanced: The development skill for APTs is advanced enough to both develop their own tool kit and capable of using existing advanced tools with ease.

• Persistent: The Adversary is goal-oriented in the attack and is driven to achieve the mission. This can often indicate a nation-state actor who has been given orders to acquire specified information.