The alleged hacker behind the now infamous DNC cyberattack, Guccifer 2.0, made crucial mistakes that led the FBI to identify him. In the end, it all came down to lax procedures.

Reportedly, US investigators had narrowed down the identity behind Guccifer 2.0 to two officers of the the GRU, Russia’s foreign military intelligence agency. Then one day, one of the individuals briefly forgot to turn on his VPN, leaving his IP address exposed in the server logs of an unnamed American social media company. This gave investigators what they needed to link the specific IP address to a specific person.

That remarkable finding could end up playing a role in the probe between President Donald Trump and Russia, which is being led by Robert Mueller, according to The Daily Beast. Mueller, has taken over the probe into Guccifer, reports that media outlet, and has pulled the FBI agents who traced Guccifer’s persona onto his team.

“This kind of precise pinpointed attribution—when it comes from government investigators—shouldn’t surprise anyone,” reports Lorenzo Franceschi-Bicchierai for Motherboard. “Dutch intelligence officers reportedly infiltrated the computer networks of Russian spies so deep, they were able to literally watch the Russians hacking at their computers through their offices’ CCTV system.”

According to Franceschi-Bicchierai, this was just one of several sloppy errors. “When he posted stolen documents to prove he really hacked the DNC, Guccifer 2.0 forgot to remove metadata that revealed he used a computer set to Russian language when handling the PDFs. The hacker also used a cracked version of Office 2007 particularly popular in Russia.”

Get the full story at Motherboard.