5 Oct 2018

West accuses Russia of global cyber-plots

6:18 am on 5 October 2018

Russian spies have been accused of involvement in a series of cyber-plots across the globe, leading the US to level charges against seven agents.

Alleged Russian agents in a parking lot near the OPCW in The Hague in April during the intervention of Dutch officers.

Alleged Russian agents in a parking lot near the OPCW in The Hague in April during the intervention of Dutch officers. Photo: AFP PHOTO /DUTCH DEFENCE MINISTRY

The US justice department said targets included the global chemical weapons watchdog, anti-doping agencies and a US nuclear company.

The allegations are part of an organised push-back against alleged Russian cyber-attacks around the world.

Russia earlier dismissed the allegations as "Western spy mania".

BBC security correspondent Gordon Correra says counterintelligence investigations - tracking another country's spies - are normally among the most secret, so some of Thursday's revelations are stunning.

What is Russia accused of?

  • The Netherlands has accused four Russians of plotting to hack the Organisation for the Prohibition of Chemical Weapons (OPCW), which had been probing the chemical attack on a Russian ex-spy in the UK.
  • The UK government accused the GRU of being behind four high-profile cyber-attacks, whose targets included firms in Russia and Ukraine; the US Democratic Party; and a small TV network in the UK.
  • The US said its anti-doping agency and the US nuclear energy company Westinghouse were targeted by Russian intelligence.
  • Canada said "with high confidence" that breaches at its centre for ethics in sports and at the Montreal-based World Anti-Doping Agency were carried out by Russian intelligence.
  • Added to this, the Dutch authorities have said a laptop seized from the four suspects in April was found to have been used in Brazil, Switzerland and Malaysia.

    In Malaysia, the Dutch said, it was used to target the investigation into the downing of Malaysia Airlines flight MH17 in 2014 over territory held by Russian-backed rebels in eastern Ukraine. All 298 people on board were killed.

    What has Russia said?

    Its foreign ministry has said a statement would follow shortly after it dismissed the earlier allegations from the UK and the Netherlands as "Western spy mania... picking up pace".

    The Russian embassy in London said the UK's statement was "reckless" and part of an "anti-Russian campaign by the UK government".

    What have the other countries said?

    John Demers, US Assistant Attorney General for National Security, told a press conference in Washington that many of the attacks were aimed at "altering perceptions of the truth".

    It has indicted seven people, four of whom were the men expelled from the Netherlands, while the other three were among those charged in July with hacking Democratic officials during the 2016 US elections.

    A joint statement from British Prime Minister Theresa May and her Dutch counterpart Mark Rutte said the alleged plot demonstrated "the GRU's disregard for global values and rules that keep us all safe".

    Meanwhile, British Foreign Secretary Jeremy Hunt said the UK was discussing further sanctions against Russia with its allies.

    The EU has also denounced the alleged cyber-plots.

    The US Justice Department indicted seven agents of Russia's GRU military intelligence agency as part of a joint crackdown with allies Britain and the Netherlands on a series of major hacking plots attributed to Moscow.

    The US Justice Department indicted seven agents of Russia's GRU military intelligence agency as part of a joint crackdown with allies Britain and the Netherlands on a series of major hacking plots attributed to Moscow. Photo: AFP / FBI

    What were the suspects doing in the Netherlands?

    The four suspects identified by Dutch officials had diplomatic passports and included two IT experts and two support agents, officials said.

    They hired a car and parked it in the car park of the Marriot hotel in The Hague, which is next to the OPCW office, to hack into the OPCW's wifi network, Major General Onno Eichelsheim from the Dutch MIVD intelligence service said.

    Equipment in the car boot was pointed at the OPCW and was being used to intercept login details, he said, adding that the antenna for the operation lay under a jacket on the car's rear shelf.

    When the men were intercepted they tried to destroy one of the mobile phones they were carrying, Maj Gen Eichelsheim said.

    He said one of their mobile phones was found to have been activated near the GRU building in Moscow, while another carried a receipt for a taxi journey from a street near the GRU to the airport.

    Maj Gen Eichelsheim said the group were planning to travel to Switzerland, to a laboratory in Spiez where the OPCW analysed samples.

    They never made it. Instead, the four were immediately escorted out of the country, he added.

    Who are the suspects?

    They were named by the MIVD as hackers Alexei Morenetz and Yevgeny Serebriakov, and support agents Oleg Sotnikov and Alexei Minin.

    Officials said they were from the GRU's Unit 26165, which has also been known as APT 28. The UK's ambassador to the Netherlands, Peter Wilson, said the unit had "sent officers around the world to conduct brazen close access cyber-operations" - which involve hacking into wifi networks.

    He said the hackers were planning to travel on to the OPCW-certified laboratory in Spiez near Berne in Switzerland, where the Novichok nerve agent used in March's attack on Sergei Skripal and his daughter in the British city of Salisbury was identified.

    At the time the Russian operation was disrupted, the OPCW was investigating the Skripal case as well as an alleged chemical attack in April on the Syrian town of Douma near Damascus by Russian-backed government forces, the MIVD said.

    "With its aggressive cyber-campaigns, we see the GRU trying to clean up Russia's own mess - be it the doping uncovered by Wada [the World Anti-Doping Agency] or the nerve agent identified by the OPCW," Mr Wilson said.

    What was on their computer?

    A laptop seized from the suspects was found to have been used in Brazil, Switzerland and Malaysia, the Dutch officials said.

    The cyber-operation in Malaysia targeted the attorney general's office and Malaysian police as well as the investigation into MH17's shooting down, Ambassador Wilson said.

    Earlier this year Dutch-led international investigators concluded that a missile that brought down MH17 belonged to a Russian brigade. Russia has denied any involvement in the plane's destruction, which led to the deaths of many Dutch citizens.

    Data from the laptop showed it was also present in the Swiss city of Lausanne where it was linked to the hacking of a laptop belonging to Wada, which has exposed doping by Russian athletes.

    What is the GRU?

    The GRU, also known as the Main Intelligence Directorate, is the intelligence arm of the Russian military.

    It is different to the former KGB (now known as the SVR and FSB) as it conducts undercover military operations and collects intelligence operations around the globe.

    In recent years the GRU has been accused of undercover involvement in the conflict in Ukraine, which saw the Russian annexation of Crimea in 2014.

    It is believed that the two men accused of poisoning Russian ex-spy Sergei Skripal and his daughter Yulia, named as Alexander Petrov and Ruslan Boshirov, are GRU agents.

    One of the men was subsequently identified by an investigative website as Colonel Anatoliy Chepiga, an officer in Russia's GRU military intelligence.

    - BBC

Get the RNZ app

for ad-free news and current affairs