Russia

Russia’s Global Hacking Op Busted, Seven Agents Indicted

NAMED AND SHAMED

Four GRU operatives who targeted the chemical-weapons watchdog are publicly outed while the DOJ indicts seven operatives.

dutch_k3e2gs
Dutch Government

Western governments joined forces to lay bare the inner workings of Russian military intelligence Thursday, with Britain and the Netherlands providing unprecedented detail on how Russia has gone about trying to sow chaos in foreign lands and the U.S. indicting seven GRU officers.

The Department of Justice revealed that the GRU targeted U.S. and international sports anti-doping agencies in cyberattacks, as well a U.S. nuclear energy company that supplied fuel to Ukraine, leading to charges of hacking, wire fraud, identity theft, and money laundering.

The Netherlands named four Russian military intelligence officers in a failed April cyberattack on the Organization for the Prohibition of Chemical Weapons (OPCW)—the group responsible for investigating the Sergei Skripal poisoning and a Russia-linked chemical attack in Syria.

ADVERTISEMENT

Britain also accused the GRU of a string of of cyberattacks on organizations around the world, including the U.S. Democratic National Committee in 2016 and privately owned Russian media outlets.

The level of detail provided by the governments appears to be the result of a new tactic to publicly expose Russian methods to disrupt foreign governments and institutions—instead of combating it behind the scenes—and hope that it makes the Kremlin reconsider future attacks.

Britain’s ambassador to the Netherlands said Western intelligence would continue “confronting, exposing, and disrupting” Russian attacks. “The GRU can only succeed in the shadows,” said Peter Wilson. “We are all agreed that where we see their malign activities, we must expose it to the light together.”

Wilson said his government was now considering new Russia sanctions.

Dutch military intelligence gave excruciating detail on how it thwarted the OPCW attack and expelled the four alleged Russian operatives. The fact that Russian operatives were targeting institutions that were investigating their alleged misdeeds is no surprise—but the careless workmanship of the spies involved has raised eyebrows.

Dutch officials detailed how the men logged into public WiFi hotspots, left a paper trail of taxi receipts showing journeys from GRU barracks to the Moscow airport, carried huge wads of cash on them, and searched online for the facilities they’re accused of attempting to target with cyberattacks.

“This cyberoperation against the OPCW is unacceptable. By revealing this Russian action, we send out a clear message: Russia must stop this,” said Dutch Defense Minister Ank Bijleveld-Schouten.

The four suspects identified by Dutch officials had diplomatic passports and included two IT experts and two support agents. They rented a car on April 11, parked as close to the OPCW as possible, and tried to intercept log-in details from its WiFi network using equipment in the vehicle’s trunk.

When caught, according to Dutch officials, the men tried to destroy the mobile phones that they were carrying—and for good reason. One was found to have been activated near the GRU building in Moscow. Another carried a receipt for a taxi journey from a street near the GRU to the airport.

Not only that, but a laptop found on them was discovered to have been used in Brazil, Switzerland, and Malaysia. In Malaysia, it was allegedly used to target the investigation into the downing of Malaysia Airlines Flight 17 over eastern Ukraine in 2014, killing all 298 people on board.

The four alleged Russian officers were named as Aleksei Morenets and Evgenii Serebriakov—who had suspiciously similar passport numbers—as well Oleg Sotnikov and Alexey Minin. When caught, they were immediately escorted out of the country.

In a reference to the suspects in the Salisbury Novichok attacks, Maj. Gen. Onno Eichelsheim pre-empted the we’re-just-on-vacation excuse. “We know for sure they were not on holiday in the Netherlands,” he said, adding that Sotnikov had €20,000 and $20,000 on him. “That is not an amount I carry on holiday,” he said.

He went on to say he was forced to intervene to prevent “serious damage” to the OPCW, adding: “We must not forget that at that time, the OPCW was investigating the Skripals and the chemical attack in Douma, Syria.”

Meanwhile, the U.S. Department of Justice charges against the seven operatives detailed conspirators’ attempts to undermine sports anti-doping efforts by attempting to expose the medical information of nearly 250 athletes as part of an effort to distract from Russia’s state-sponsored doping program.

To help publicize their efforts, the operatives provided test results and other details directly to journalists, with the DoJ alleging that operatives were in contact with “approximately 186 reporters in an apparent attempt to amplify the exposure and effect of their message.”

Three of the seven defendants were also charged in the hacking of U.S. citizens involved in the 2016 election, but the DoJ stressed that this investigation was separate to special counsel Robert Mueller’s probe into Russian interference in the 2016 presidential election.

As expected, the Kremlin strongly denied the fresh round of hacking allegations, with Russian foreign ministry spokeswoman Maria Zakharova describing them as “big fantasies,” but the evidence stacking up against the Kremlin is now plain for everyone to see.