U.S. indicts seven Russian military intelligence agents for role in alleged plot
Western powers have accused Russia of orchestrating a string of global cyber attacks including a bungled plot to hack the world’s chemical weapons watchdog in The Netherlands.
The United States indicted seven alleged Russian members of the GRU military intelligence agency on Thursday for targeting the Hague-based OPCW, the U.S. Democratic Party, world sports bodies and U.S. nuclear energy company Westinghouse.
The charges came as part of a coordinated pushback by allies Britain, The Netherlands, Canada and the U.S. against a series of hacking attempts by what London dubbed “pariah state” Russia.
Russia scathingly accused the West of “spy mania,” with the Russian foreign office describing the accusations as “propaganda.”
In scenes reminiscent of a Cold War spy novel, Dutch security services said Thursday they had expelled four Russian GRU agents in April after they attempted a cyber attack on the Organization for the Prohibition of Chemical Weapons from a car parked nearby. The OPCW was at the time probing the nerve agent poisoning of Russian ex-spy Sergei Skripal in Britain and an alleged chemical attack on the Syrian town of Douma by the Moscow-backed regime in Damascus.
Dutch and British prime ministers Mark Rutte and Theresa May in a joint statement accused the GRU of “disregard for global values” and lashed out at the Russian agency’s “unacceptable cyber activities.”
The Russians were tracked by Dutch and British secret services from their arrival in Amsterdam on diplomatic passports in April, and were then seen hiring a Citroen car which they parked outside the Marriott hotel next to the OPCW. When Dutch agents swooped on April 13 they found electronic equipment in the boot and back of the car to intercept the OPCW’s WiFi and login codes, including a hidden antenna facing the chemical weapons watchdog.
Marriott manager Vincent Pahlplatz told AFP there was “no James Bond involved” and the Russians had been arrested without force as they emerged from a lift into the hotel lobby.
Investigations found the Russians had originally taken a taxi from GRU barracks in Moscow to the airport, for which Dutch agents later found a receipt from their hotel. Some of their mobile phones were also activated in Moscow near the agency’s headquarters.
“They were clearly not here on holiday,” said the head of the Dutch MIVD intelligence service, Major-General Onno Eichelsheim.
A laptop belonging to one of the four was linked to Brazil, Switzerland and Malaysia—while the activities in Malaysia were related to the investigation into the 2014 shooting down of flight MH17 over Ukraine. It was also revealed that the agents had made searches for the OPCW-affiliated Spiez laboratory in Switzerland—which the Swiss last month said had been targeted by Russia.
Dutch authorities released the Russian diplomatic passports of the men identifying them as Oleg Sotnikov, Alexei Morenets, Alexei Minin and Yevgeny Serebryakov. They also showed photos of the men outside the hotel.
Rutte said the “unusual and powerful” step of releasing details of an intelligence sting was taken to bring Russia to account. “It is impossible for them to deny what has come out,” the Dutch P.M. told broadcaster NOS.
The OPCW confirmed it had suffered “increased cyber-related activities” since the beginning of the year and had “undertaken measures to mitigate them.”
The four Russians allegedly involved in the OPCW attack were included in the list of seven men indicted by the U.S. Justice Department.
John Demers, U.S. Assistant Attorney General for National Security, confirmed that known attack targets included the OPCW, football body FIFA, the World Anti-doping Agency (WADA) and Westinghouse. Demers said the operations dating back to 2014 “involved sophisticated, persistent and unauthorized access into the victims’ computer networks.”
The case also overlaps with U.S. Special Counsel Robert Mueller’s probe into Russian election meddling, with three of the men targeted on Thursday having featured in an earlier indictment on interference in the U.S. polls.
U.S. intelligence says the GRU conducted the 2016 Democratic Party hack in an effort to help Donald Trump win the presidency.
Canada confirmed on Thursday it believes itself to have been targeted by Russian cyber attacks, citing breaches at its center for ethics in sports and at the Montreal-based WADA.
Britain and Australia had just hours earlier pointed the blame directly at alleged GRU front operations such as Fancy Bear and APT 28 for the same string of worldwide attacks.
The West’s coordinated response also saw NATO chief Jens Stoltenberg warning Russia to halt its “reckless” behavior and the European Union condemning “aggressive” Russian spying. France separately denounced the attacks as “serious and worrying.”
British Defense Secretary Gavin Williamson said that these were “not the actions of a great power, this is the actions of a pariah state.”
Russia’s foreign ministry spokeswoman Maria Zakharova said the allegations had been mixed together “indiscriminately.”
“That’s a hell of a mix for a perfume,” she told reporters.
London has accused two GRU officers of poisoning former double-agent Skripal and his daughter Yulia in Salisbury in March, using a perfume bottle containing the powerful nerve agent Novichok. A Russian foreign ministry representative told AFP separately: “Western spy mania is gathering pace.”
GRU stands for the Main Intelligence Directorate, one of Moscow’s three spy agencies along with the FSB security service and the SVR foreign intelligence agency.