The West fights back against Putin’s cyber war

0
13
The US today charged seven Russian military intelligence officers over hacking attacks around the world. The group are accused of a range of attacks on institutions and individuals around the world. The attacks are linked to Russian attempts to spy on investigations into doping in sport, politics in the Ukraine and the US, and the poisoning of Sergei Skripal in the UK


Russian hackers waged a four-year ‘disinformation’ campaign against the US and the West in which they obtained sensitive information from anti-weapons watchdogs and anti-doping bodies, it emerged today.

Seven Kremlin agents working for the GRU – the military intelligence service of the Russian Federation – are accused of hacking into anti-drug agencies in an attempt to undermine their investigations into Russia’s ‘state-sponsored doping program’ which led to the country’s athletes being stripped of dozens of Olympic medals and banned from the 2016 Summer Olympics.  

They also accessed the records of 250 athletes, from 30 countries, who had been critical of the doping scandal in an attempt to discredit them, exonerate Russia and bolster President Vladimir Putin’s position on the world stage.  The spies, identified as working for the GRU’s Unit 26165, shared the hacked data, including confidential medical records of Olympians, through their fake ‘hacktivist’ group Fancy Bears.

Three of the seven agents were also accused of meddling in the 2016 presidential election. The trio were among 12 GRU officers indicted as part of Robert Mueller’s Russian probe, for launching a well-executed attack on the Hillary Clinton campaign and Democratic Party organizations, in a bid to sabotage Clinton. 

Other targets included the World Anti-Doping Agency and FIFA, the international governing body of soccer. 

But despite their ‘sophisticated’ operation, the bungling spies were today revealed to have left a trail including  a taxi receipt for a journey from GRU headquarters to Moscow’s Sheremetyevo airport the very day that four agents arrived in Amsterdam.

When Dutch authorities caught four of the suspects in The Hague – the Dutch-based home of the United Nations’ International Court of Justice – trying to hack the Organisation for the Prohibition of Chemical Weapons as it investigated the attempt to poison a former Russian spy and his daughter in the UK, they had to send them back to Russia on account of their diplomatic passports.

The US today charged seven Russian military intelligence officers over hacking attacks around the world. The group are accused of a range of attacks on institutions and individuals around the world. The attacks are linked to Russian attempts to spy on investigations into doping in sport, politics in the Ukraine and the US, and the poisoning of Sergei Skripal in the UK

The US today charged seven Russian military intelligence officers over hacking attacks around the world. The group are accused of a range of attacks on institutions and individuals around the world. The attacks are linked to Russian attempts to spy on investigations into doping in sport, politics in the Ukraine and the US, and the poisoning of Sergei Skripal in the UK

As Russia's hacking activities around the world were exposed, Dutch authorities detailed how they caught four GRU agents in The Hague, trying to hack into the chemical weapons watchdog's computers at a time the body was investigate the Sergei Skripal novichok poisoning in Salisbury

As Russia's hacking activities around the world were exposed, Dutch authorities detailed how they caught four GRU agents in The Hague, trying to hack into the chemical weapons watchdog's computers at a time the body was investigate the Sergei Skripal novichok poisoning in Salisbury

As Russia’s hacking activities around the world were exposed, Dutch authorities detailed how they caught four GRU agents in The Hague, trying to hack into the chemical weapons watchdog’s computers at a time the body was investigate the Sergei Skripal novichok poisoning in Salisbury

The US Justice Department announced it has charged seven Russian military intelligence officers with hacking anti-doping agencies and other organizations.

It came in retaliation to the agencies revealing Russia‘s ‘state-sponsored doping program’ for its athletes which led to the country’s athletes being stripped of dozens of Olympic medals and banned from the 2016 Summer Olympics.

Russian president Vladimir Putin waves to spectators prior to boarding a car after his arrival in New Delhi as the GRU's campaign of cyber warfare against the west was today exposed 

Russian president Vladimir Putin waves to spectators prior to boarding a car after his arrival in New Delhi as the GRU's campaign of cyber warfare against the west was today exposed 

Russian president Vladimir Putin waves to spectators prior to boarding a car after his arrival in New Delhi as the GRU’s campaign of cyber warfare against the west was today exposed 

‘All of this was done to undermine those organizations’ efforts to ensure the integrity of the Olympic and other games,’ said John Demers, assistant attorney general for national security.  

‘Nations like Russia and others that engage in malicious and norm-shattering cyber and influence activities should understand the continuing and steadfast resolve of the United States and its allies to prevent, disrupt and deter such unaccountable conduct,’ Demers told a news conference.

‘The defendants in this case should know that justice is very patient, its reach is long and its memory is even longer,’ he said.

The seven Russian intelligence officers charged with hacking doping agencies have also been accused of other high profile hacks and interference in other countries. 

The defendants, all Russian nationals and residents, are Aleksei Sergeyevich Morenets, 41, Evgenii Mikhaylovich, Serebriakov, 37, Ivan Sergeyevich Yermakov, 32, Artem Andreyevich Malyshev, 30, and Dmitriy Sergeyevich Badin, 27, who were each assigned to Military Unit 26165, and Oleg Mikhaylovich Sotnikov, 46, and Alexey Valerevich Minin, 46, who were also GRU officers.  

The FBI indictment lists a series of allegations against the seven wanted men. It says: 

  • As early as November 2014, Yermakov performed reconnaissance of Westinghouse Electric Company’s (WEC) in Pennsylvania, a company involved in the supply of power to the Ukraine.
  • In July 2016, Yermakov and Malyshev used ‘spoofed domains’ to unleash ‘spearphishing’ attacks on WADA and United States Anti-Doping Agency (USADA) employees.
  • Also in 2016, Morenets and Serebriakov, with the support of Yermakov, went to Rio to target wifi networks used by anti-doping officials at the Olympic Games. 
  • In mid-September 2016, Morenets and Serebriakov compromised the wifi network of a hotel hosting a WADA anti-doping conference in Lausanne, Switzerland.
  • In December 2016 and January 2017, the group successfully compromised the networks of International Association of Athletics Federations (IAAF) and football’s governing body FIFA, targeting computers used by each organization’s top anti-doping official.  Among the data stolen from officials were anti-doping policies, lab results, and medical reports.
  • In April 2018, Morenets, Serebriakov, Sotnikov, and Minin travelled to The Hague to try and hack into the headquarters of the Organisation for the Prohibition of Chemical Weapons (OPCW) during the investigation in the Salisbury novichok attack. The case against these four was also set out by the Dutch Defence ministry today.
Dutch authorities released images of four Russian agents who tried to hack into the global chemical weapons watchdog a month after the Salisbury novichok attack. CCTV shows them when they were kicked out of the Netherlands

Dutch authorities released images of four Russian agents who tried to hack into the global chemical weapons watchdog a month after the Salisbury novichok attack. CCTV shows them when they were kicked out of the Netherlands

Dutch authorities released images of four Russian agents who tried to hack into the global chemical weapons watchdog a month after the Salisbury novichok attack. CCTV shows them when they were kicked out of the Netherlands

CCTV images show Alexey Minin, who was today unmasked as members of the GRU's hacking squad

CCTV images show Alexey Minin, who was today unmasked as members of the GRU's hacking squad

Oleg Sotnikov is pictured on a photo recovered from a phone. He was today unmasked as members of the GRU's hacking squad

Oleg Sotnikov is pictured on a photo recovered from a phone. He was today unmasked as members of the GRU's hacking squad

CCTV images show Alexey Minin (left), while Oleg Sotnikov (right) is pictured on a photo recovered from a phone. They are both alleged to be members of the GRU’s hacking squad, who were unmasked today

It came after the British National Cyber Security Centre (NCSC) accused Russia’s GRU intelligence agency of being behind hacks on the World Anti-Doping Agency (WADA), transport systems in Ukraine and democratic elections, such as the 2016 US presidential race. 

Britain has warned Russia it could face new sanctions, with foreign secretary Jeremy Hunt saying the disclosures were ‘hard evidence’ of the activities of the ‘unacceptable’ of Russian intelligence.

HOW RUSSIA’S ATTEMPT TO POISON IT’S EX-SPY UNRAVELED ITS INTERNATIONAL HACKING CAMPAIGN

Russian’s four-year campaign of cyber attacks may never have come to light if it was not for it’s agents’ rather clumsy attempts to cover their tracks.

Their coordinated campaign of ‘disinformation’ began to unravel after KGB agents were accused of attempting to kill former Russian spy Sergei Skripal, 66, and his daughter Yulia, 33, on the streets of the small English city of Salisbury.

Sergei Skripal was poisoned in March this year

Sergei Skripal was poisoned in March this year

Sergei Skripal was poisoned in March this year

The pair were found slumped on a bench in the middle of town on March 4 this year  after being poisoned with Novichok – a deadly nerve agent manufactured in Russia’s lab rooms at the height of the Cold War.  

The father and daughter were rushed to hospital where they remained in critical condition for weeks but survived the attack. 

Novichok can death in as little as 10 minutes unless an antidote is taken almost immediately after being exposed.  

UK Prime Minister Theresa May immediately blamed Russia for the poisoning, to which the Kremlin hit back with wild accusations Britain carried out the attack itself.

Now the Russian spies have been caught attempting to hack into the Organisation for the Prohibition of Chemical Weapons’s lab in Switzerland  – which was at the time investigating the Salisbury attack and a suspected chemical weapons attack in Syria – has laboratories. 

Skripal, a former colonel in Russian military intelligence, was considered by the Kremlin to be one of the most damaging spies of his generation – responsible for unmasking dozens of secret agents threatening Western interests by operating undercover in Europe.

He was alleged by Russia’s security service, the FSB, to have begun working for the British secret services while serving in the army in the 1990s. He passed information classified as state secrets and was paid for the work by MI6, the FSB claimed.

Col Skripal pleaded guilty at the trial but in July 2010, he was pardoned by then Russian president Dmitry Medvedev and was one of four spies exchanged for ten Russian agents deported from the US in an historic swap involving red-headed ‘femme fatale’ Anna Chapman. 

After the swap at Vienna airport, Col Skripal was one of two spies who came to Britain and he has kept a low profile for the past eight years.

The four hacks include: 

  • A hacking strike on World Anti-Doping Code Agency in August 2017.
  • A ‘BadRabbit’ attack in October 2017 that caused disruption to the Kiev metro and Odessa airport in the Ukraine.
  • The NCSC also stated that the GRU was ‘almost certainly’ to blame for hacking the Democratic National Committee during the US presidential election in 2016.
  • The agency pointed the finger at the GRU for accessing email accounts at a small UK-based TV station in 2015. 

Dutch authorities revealed they had caught a team of Kremlin agents rigging up computers, phones and an antenna in the boot of a car to try and hack into the global chemical weapons watchdog in The Hague.

The Kremlin was left trying to hold back a growing flood of evidence of its hacking activities around the world, spread over four years.

The three governments’ public expose of the operation will reignite hostilities between Putin’s regime and the West, following tit-for-tat diplomatic expulsions in the wake of the Salisbury attack.

Russian Foreign Ministry spokeswoman Maria Zakharova dismissed the new hacking accusations from the Netherlands and UK as ‘big fantasies’. 

The Dutch Defence Ministry said the team of GRU officers – travelling on official Russian passports – entered the Netherlands on April 10, just a month after the Salisbury nerve agent attack.

Three days later, they parked a car carrying specialist hacking equipment outside the headquarters of the OPCW in the The Hague, where the novichok attack was being investigated.

However, before they could initiate the hacking attack, Dutch counter-intelligence officers descended on the vehicle and seized the men, who were then kicked out of the country.

The hacking attempt – described as a ‘close access’  attack due to the attempt by the group to get close to the building – followed a longer-range earlier ‘spearphishing attack’ on the OPCW headquarters. 

A laptop belonging to one of the four Hague hackers was linked to Brazil, Switzerland and Malaysia, with the activities in Malaysia related to the investigation into the 2014 shooting down of flight MH17 over Ukraine, Dutch Defence Minister Ank Bijleveld told a news conference. 

At a joint press conference in The Hague, British ambassador to the Netherlands Peter Wilson said: ‘This disruption happened in April. Around that time the OPCW was working to independently verify the United Kingdom’s analysis of the chemical weapons used in the poisoning of the Skripals in Salisbury.’ 

Surveillance footage shows the moment Dutch intelligence officers descended on the scene and caught the four men outside the chemical weapons agency

Surveillance footage shows the moment Dutch intelligence officers descended on the scene and caught the four men outside the chemical weapons agency

Surveillance footage shows the moment Dutch intelligence officers descended on the scene and caught the four men outside the chemical weapons agency

A briefing in The Hague was shown pictures of each of the men’s passports. Alexey Minin, from Perm, to the north west of Moscow, (left) and  Evgeny Serebriakov (right)

Aleksei Morenets

Aleksei Morenets

Oleg Sotnikov

Oleg Sotnikov

The passport numbers of the men were released, including Aleksei Morenets, from Murmansk, (left) and Oleg Sotnikov (right)

The FBI later released this copy of the passport of Dimitry Badin who is accused of hacking related to the 2016 US elections

The FBI later released this copy of the passport of Dimitry Badin who is accused of hacking related to the 2016 US elections

The FBI later released this copy of the passport of Dimitry Badin who is accused of hacking related to the 2016 US elections

In a joint statement UK Prime Minister Theresa May and Dutch Prime Minister Mark Rutte said: ‘We have, with the operations exposed today, further shone a light on the unacceptable cyber activities of the Russian military intelligence service, the GRU.

Laptop belonging to Russian spies was also used to hack MH17 investigation in Malaysia

The Russian intelligence officers expelled from the Netherlands after the Dutch government thwarted a major cyber attack had targeted the investigation into the downing of Malaysia Airlines flight MH17.

A laptop belonging to one of the four Russian spies caught trying to hack into the global chemical weapons watchdog OPCW in the wake of the Salisbury Novichok attack could also be placed in Brazil, Switzerland and Malaysia.

Data found on the laptop of the GRU intelligence agency officer put it as having been in use in Kuala Lumpur, and linked it to the MH17 investigation. 

It had been used to specifically target Malaysian police and the country’s attorney general, Dutch authorities announced at a press conference in the Hague today.

Malaysia Airlines flight MH17 was shot down over Ukraine in July 2014, killing 298 people, with an four-year investigation finding Russia responsible earlier this year.  

British ambassador to the Netherlands Peter Wilson said there was proof of ‘malign activity’ in Malaysia, stating: ‘This GRU operation was trying to collect information about the MH17 investigation.

‘And targeted Malaysian government institutions, including the attorney general’s office and the Royal Malaysian Police.’

‘This attempt to access the secure systems of an international organisation working to rid the world of chemical weapons, demonstrates the GRU’s disregard for the global values and rules that keep us safe.

‘Our action today reinforces the clear message from the international community: we will uphold the rules-based international system and defend international institutions from those that seek to do them harm.’ 

Meanwhile NATO Secretary General Jens Stoltenberg warned Russia to halt its ‘reckless’ behavior amid a series of global cyberattacks blamed on Moscow. 

In a statement issued during a meeting of NATO defense ministers today,  Stoltenberg said: ‘NATO allies stand in solidarity with the decision by the Dutch and British governments to call out Russia on its blatant attempts to undermine international law and institutions.’

He said that ‘Russia must stop its reckless pattern of behavior, including the use of force against its neighbors, attempted interference in election processes, and widespread disinformation campaigns.’ 

The 29 NATO allies are discussing cybersecurity at talks in Brussels, with the US, Britain, Denmark and the Netherlands due to announce that they will provide offensive cyber-capabilities for use by NATO.

The revelations will further strain relations with Russia after Britain blamed Moscow for the nerve agent attack in Salisbury last March which left one person dead.  

Foreign Secretary Jeremy Hunt said Russia could face further sanctions in the wake of the latest ‘hard evidence’.

Mr Hunt said: ‘The first thing we are doing is to expose it and the words matter because there are countries all over the world that are hearing both sides of the story – they’re hearing what the Russians say as well. 

Pictures show the cache of equipment seized from the men. They attempted to smash up some of the phones (inset) when they realised authorities were on to them

Pictures show the cache of equipment seized from the men. They attempted to smash up some of the phones (inset) when they realised authorities were on to them

Pictures show the cache of equipment seized from the men. They attempted to smash up some of the phones (inset) when they realised authorities were on to them

Dutch authorities released images of the huge amount the cash found on the men.Sotnikov had 20,000 euros and 20,000 dollars on him

Dutch authorities released images of the huge amount the cash found on the men.Sotnikov had 20,000 euros and 20,000 dollars on him

The men took their own rubbish - including several beer cans - out of their hotel room, presumably because they were concerned about an investigation

The men took their own rubbish - including several beer cans - out of their hotel room, presumably because they were concerned about an investigation

Dutch authorities released images of the huge amount the cash found on the men.Sotnikov had 20,000 euros and 20,000 dollars on him. The men also took their own rubbish – including several beer cans – out of their hotel room, presumably because they were concerned about an investigation

Surveillance pictures show the men at the scene on the day of the thwarted hacking attack

Surveillance pictures show the men at the scene on the day of the thwarted hacking attack

Surveillance pictures show the men at the scene on the day of the thwarted hacking attack

Surveillance pictures show the men at the scene on the day of the thwarted hacking attack

Surveillance pictures show the men at the scene on the day of the thwarted hacking attack

Incredibly, a taxi receipt found on the one of the men named the street in Moscow where the GRU has its headquarters

Incredibly, a taxi receipt found on the one of the men named the street in Moscow where the GRU has its headquarters

Incredibly, a taxi receipt found on the one of the men named the street in Moscow where the GRU has its headquarters

A map released by the Dutch authorities shows how close the group managed to park their rental car to the OPCW headquarters, where chemical weapons are investigated

A map released by the Dutch authorities shows how close the group managed to park their rental car to the OPCW headquarters, where chemical weapons are investigated

A map released by the Dutch authorities shows how close the group managed to park their rental car to the OPCW headquarters, where chemical weapons are investigated

‘This is the evidence that what we are getting from Russia is fake news, and here is the hard evidence of Russian military activity.

Hackers’ visit to Rio Olympics exposed by a selfie with female friend

One of the team of hackers unmasked today unwittingly bolstered the evidence against him when he took a selfie at the Rio Olympic Games.

Evgenii Serebriakov was pictured clutching a female friend dressed in a Russia athletes T-shirt in the crowd at the Olympics.

Investigators have since exposed his cyber attacks on doping officials at the games. 

The FBI say Serebriakov hacked into wifi networks used by anti-doping officials and helped access a medical database.

Evgenii Serebriakov was among four Russians trying to hack chemical weapons inspectors and his laptop contained this selfie  at the 2016 Olympics in Brazil - revealing one of more than a dozen GRU missions across the globe

Evgenii Serebriakov was among four Russians trying to hack chemical weapons inspectors and his laptop contained this selfie  at the 2016 Olympics in Brazil - revealing one of more than a dozen GRU missions across the globe

Evgenii Serebriakov was among four Russians trying to hack chemical weapons inspectors and his laptop contained this selfie  at the 2016 Olympics in Brazil – revealing one of more than a dozen GRU missions across the globe

‘But of course it will go beyond that, and that is why we will be discussing with our allies what further sanctions should be imposed.

‘We will also be discussing how we need, working with our friends and allies, to counter this pattern of cyber attacks, which is the new type of attack that the whole world is having to deal with.’ 

UK Defence Secretary Gavin Williamson, attending a Nato summit in Brussels, said Moscow was targeting organisations with no military value.

He told Sky News: ‘What we are seeing is that Russia is quite willing to use such weapons such as cyber attacks against these organisations, and here at Nato we stand shoulder to shoulder with our allies in unity against such actions.

‘What we have made clear is that we are not going to be backward leaning. We are going to actually make it clear where Russia acts that we are going to be exposing that action.

‘And we believe that by doing so this will act as a disincentive for acting in such a way in the future.’

Details were revealed on Thursday after the UK Government accused the GRU of a wave of other cyber attacks across the globe. 

He added: ‘The Russian government needs to know that if they flout international law in this way, there will be consequences, they will be exposed, and people will see the Russian government for what they are; which is an organisation that is trying to foster instability throughout the world and that is totally unacceptable.’

The NCSC associated four new attacks with the GRU, on top of previous strikes believed to have been conducted by Russian intelligence. 

Dutch Minister of Defence Ank Bijleveld, director of Netherlands Defence Intelligence Onno Eichelsheim and British Ambassador to the Netherlands Peter Wilson revealed details of the thwarted hacking attempt at a briefing in The Hague today

Russia's GRU intelligence agency targeted the global chemical weapons watchdog, the OPCW, whose headquarters are in The Hague, Dutch authorities revealed today

Russia's GRU intelligence agency targeted the global chemical weapons watchdog, the OPCW, whose headquarters are in The Hague, Dutch authorities revealed today

Russia’s GRU intelligence agency targeted the global chemical weapons watchdog, the OPCW, whose headquarters are in The Hague, Dutch authorities revealed today

GRU’s links to the ‘Fancy Bears’ hackers group revealed

GRU hackers operate under a dozen different names, with the most well-known being ‘Fancy Bears’ group, according to allegations announced over the last 24 hours.

A Fancy Bear hack obtained confidential medical records for international athletes from the World Anti-Doping Agency (WADA) in August last year.

British cyclists Bradley Wiggins and Chris Froome were among those who had records released on their use of banned substances for a legitimate medical reasons.

Another attack, outlined by UK authorities this morning, was made on the US Democrat party, which was targeted by Fancy Bear in 2016 when documents from the Democratic National Committee (DNC) were published online.

Security expert Hamish de Bretton-Gordon said the cyber attacks in The Hague and at Porton Down showed Putin was bent on disrupting the investigation into the novichok attack in Salisbury. 

Mr de Bretton-Gordon said: ‘It shows how the Russians did everything they could to undermine and disrupt the novichok investigation and try to make it fall apart. It is completely cynical and they didn’t care at all’.

He added: ‘Britain asked the OPCW to help and then soon afterwards Russian agents target them in The Hague and in Switzerland. It is no coincidence’.

The intervention by Britain, The Netherlands and the US today will put pressure on Putin to curb his cyber warfare.

But his spies’ failure to kill Sergei Skripal and being caught trying to hack the OPCW ‘will hurt him more’, Mr de Bretton-Gordon said.

He added: ‘The British secret services may have considered the GRU as equals but the past few months have shown they are amateurish and the West is now one step ahead of them. Putin will not like that and there will be a lot of anger in Moscow about some of these recent bungled missions’. 

Fancy Bear’s trail of blunders: How Putin’s elite globe-trotting hacking squad were caught after leaving a trail of clues across the world including a selfie at the Olympics and a TAXI RECEIPT from their spy base to the airport 

Western intelligence today revealed the trail of clues that bungling Russian spies known as Fancy Bears left in their wake as they waged a war of disinformation across the globe. 

It started when one spy was caught with a mobile phone that had been activated on the GRU’s doorstep in Moscow. Then a taxi receipt revealed a journey from GRU headquarters to Moscow’s Sheremetyevo airport the very day that four agents arrived in Amsterdam, when two of the spies were seen using consecutive passport numbers.

Operatives who would later be found with an Aldi bag of empty lager cans even tried to carry out covert operations using a public wi-fi hotspot. And when the men were arrested, they were caught with €20,000 ($23,000) and $20,000 (£15,000) in cash. The group also tried – and failed – to destroy a mobile phone, and they were caught with incriminating laptops.

One laptop even contained selfies from the 2016 Olympics in Brazil where Russian athletes’ doping samples were tampered with and US athletes’ medical records leaked.

The boot of a car filled with hacking equipment in the Citroen rental car which was being used by the four Russian officers

The boot of a car filled with hacking equipment in the Citroen rental car which was being used by the four Russian officers

The boot of a car filled with hacking equipment in the Citroen rental car which was being used by the four Russian officers

Operatives used a laptop, Wi-Fi dongle and a rudimentary battery pack stored in the boot of a rented Citroen C3 in a botched cyber attack on the global chemical weapons watchdog.

Using a technique from the early days of Wi-Fi, they attempted to break into the Organisation for the Prohibition of Chemical Weapons’s network in The Hague by tricking staff into logging into their fake router.

They parked the car at a local hotel and disguised the Wi-Fi antenna hidden inside the router, so staff would login. The laptop then stole their username and password, allowing the agents to get into the OPCW’s network.

Through the network they could spy on operations within the building, including investigations into the Salisbury Novichok attack.

It also emerged today that Russia’s bungling GRU agents left a trail of clues that helped authorities link them to the string of cyber attacks.

Among the items revealed at an extraordinary briefing in The Hague today was a mobile phone one of the men was caught with having been activated near the Russian military intelligence’s headquarters in Moscow.

Also discovered on one of the spies was a taxi receipt showing a journey from a street next to the GRU base to Moscow Airport on April 10, the day that the four agents later arrived at Amsterdam Schiphol Airport.

The team of four GRU officers travelling on official Russian passports entered the Netherlands on April 10 – but it turned out that two of them were carrying documents with consecutive passport numbers.

On April 11, they hired a Citroen C3 and scouted the area around the OPCW – all the time being watched by Dutch intelligence.

The agents, who stayed at a Marriott Hotel next to the Organisation for the Prohibition of Chemical Weapons in The Hague, were also found to have used public WiFi hotspots to conduct their operations in the Netherlands.

Authorities released a picture of the car which was rigged up with hacking equipmen

And they were photographed performed reconnaissance of the OPCW headquarters, where the nerve agent sample was being independently verified.

When leaving The Hague, the men took all the rubbish from their room – including empty cans of Heineken beer and what appeared to be an empty cold meat packet in an Aldi bag – in a further bid to cover their tracks.

On April 13, the GRU officers were said to have parked a rental car with specialist hacking equipment outside the OPCW’s headquarters to breach its systems – but British and Dutch intelligence thwarted the operation.

And when the men were arrested, they were caught with the cash. The group also tried – and failed – to destroy a mobile phone, and they were caught with incriminating laptops.

A researcher has revealed that the rudimentary technique they used to hack into the OPCW is common – though it has never been used in such a high-profile case.

Professor Alan Woodward, a computer scientist at the University of Surrey, said the Russians likely used an ordinary laptop attached to a directional antenna, which was pointed at the OPCW building.

He said unlike more common remote hacking techniques, the GRU agents needed to park close to the site in order for the WiFi signal to be strong enough.

However, before they could initiate the attack, Dutch counter-intelligence officers descended on the vehicle and seized the men, who were kicked out of the country.

The Dutch Defence Ministry took the extraordinary step this morning of naming and picturing four Russian agents caught as they tried to carry out the cyber attack.

Looking at the equipment in the boot of the car it appears they were attempting to intercept login credentials as people tried to connect to the WiFi network at OPCW, Professor Woodward said.

‘A classic way of doing this is to set yourself up as what is known as an ‘evil access point’, he told MailOnline. ‘You pretend to be the network they are attempting to connect to and steal their login details as their computer or phone tries to connect.’

The cyber security expert said it was unusual for high level intelligence officials to use such a rudimentary form of attack. ‘[The technique] has been around as long as WiFi has,’ he told MailOnline.

One of the many phones belonging to four Russian GRU officers is seen after they tried to destroy it when they were arrested

One of the many phones belonging to four Russian GRU officers is seen after they tried to destroy it when they were arrested

One of the many phones belonging to four Russian GRU officers is seen after they tried to destroy it when they were arrested

‘Attacks have evolved as security in WiFi has evolved. But it’s so basic that most enterprise style organisations are well protected. Hence the high profile cases tend to be from some more remote source.’

What the Russians had in the back of the rental car 

WiFi panel antenna – This would have projected a fake network, known as an ‘evil access point’, into the building.

The chemical weapons analysts would have tried to connect to this access point thinking they were connecting to their own WiFi network.

When staff logged into the fake router the laptop stole their username and password, allowing agents to break into the OPCW’s computer network.

Using the network they could spy on operations within the building, including staff investigations into the March 2018 Salisbury Novichok attack.

The directional antenna were pointing specifically at the OPCW offices which means the fake network would have had a stronger signal than the real signal.

This would have lured the devices away from the real network. 

Smartphone (4G) – The hackers may have created a hotspot using their mobile.

This was then projected into the building using the antenna.

Computer – Using the computer they would have been able to siphon off staff login details.

A laptop belonging to one of the four was linked to Brazil, Switzerland and Malaysia, with the activities in Malaysia related to the investigation into the 2014 shooting down of flight MH17 over Ukraine.

Bag with battery – The battery would have been for powering the computer because when these attacks are mounted the device is left running for a long time.

‘That was just to power the computer, and ancillary equipment’, Professor Woodward told MailOnline.

‘When you mount these attacks you often leave the device in situ running for a long time so it needs a hefty battery and most of those need to have their voltage converted to run, say, laptops.’

Transformer – The battery voltage would need to be converted in order to run the computers and phones.

Even if the security analysts were already attached to a WiFi, the attackers would have been able to launch a ‘deauthentication attack’.

This automatically disconnects them so their device tries to reconnect. The directional antenna were pointing specifically at the OPCW offices which means the fake network – the ‘evil access point’ – would have had a stronger signal than the real signal.

This would have lured the devices away from the real network. ‘Once you have someone’s login credentials you can obviously access the WiFi as an attacker if you are in range, which this vehicle apparently was’, Professor Woodward said.

The battery would have been for powering the computer because when these attacks are mounted the device is left running for a long time so needs a big battery.

Most of those need to have their voltage converted in order to run, which explains the transformer.

Security expert Hamish de Bretton-Gordon said the cyber attacks in The Hague and at Porton Down showed Putin was bent on disrupting the investigation into the novichok attack in Salisbury.

Four Russian agents were caught with a car full of kit trying to hack into the OPCW’s IT systems just two days before their experts confirmed that novichok from Russia was used in Salisbury on Sergei Skripal.

Mr de Bretton-Gordon told MailOnline: ‘The items in the boot may not look sophisticated but there will be some high-tech equipment too and it has obviously worked for them elsewhere around the world’

‘It shows how the Russians did everything they could to undermine and disrupt the novichok investigation and try to make it fall apart. It is completely cynical and they didn’t care at all’.

He added: ‘Britain asked the OPCW to help and then soon afterwards Russian agents target them in The Hague and in Switzerland. It is no coincidence’.

‘It was evident that this was a close axis hack operation,’ said Onno Eichelsheim, director of the MIVD Dutch military intelligence and security service.

Mr Eichelsheim said that the hack was spotted at 4.30pm on April 13, at which point experts inside the OPCW noted the ‘direct digital threat’.  

Russia ‘interfered in three elections’ as it targeted Britain, Macedonia, U.S. and Ukraine in string of ‘brazen’ cyber attacks aimed at destabilising democracies around the world

Russian spies launched a global cyber war to interfere with three elections, the Olympics, the MH17 investigation and the hunt for the men behind the Skripal attack in Salisbury, it was revealed today.

The Kremlin has been accused of using its agents to ‘foster instability’ in democracies around the world as their operations over the past three years were laid bare.

Targets included the metro and airports in Ukraine, police in Malaysia investigating claims the Russians shot down MH17 killing 300 passengers and even the emails of a small UK TV station.

Russian president Vladimir Putin appeared untroubled the growing storm over Russian hacking as he met India's Prime Minister Narendra Modi in New Delhi today

Russian president Vladimir Putin appeared untroubled the growing storm over Russian hacking as he met India's Prime Minister Narendra Modi in New Delhi today

Russian president Vladimir Putin appeared untroubled the growing storm over Russian hacking as he met India’s Prime Minister Narendra Modi in New Delhi today

Timeline: Putin’s cyber army’s worldwide missions 

2015: Hacker sent to Kuala Lumpur targets the Malaysian investigation into the shooting down of flight MH17 over Ukraine. He targeted Malaysian government institutions, including the attorney general’s office and the Royal Malaysian Police

2015: The GRU accesses email accounts at a small UK-based TV station

2015-2016: Russia hacks the Danish defence ministry and gained access to employees’ emails

May 2016: Russia accused of being behind a series of cyber attacks on German state computer systems

June 2016: Hackers accessed the Democratic National Committee during the 2016 US presidential campaign.

August 2016: Agent photographed posing at the Brazil Olympics where confidential US athlete medical data was hacked and leaked

September 2016: GRU officers connected to WiFi at the Alpha Palmiers Hotel in Lausanne, Switzerland, where a WADA conference was taking place

August 2017: Agents try to interfere and influence the Macedonian elections and GRU ‘Fancy Bears’ again attack WADA in August 2017

October 2017: The GRU behind a ‘BadRabbit’attack that caused disruption to the Kiev metro and Odessa airport

March 2018: The GRU attempted to compromise UK Foreign and Commonwealth Office computer systems in London via a spear phishing attack

April 2018: GRU intrusions targeted both the computers Porton Down in Salisbury and the Organisation for the Prohibition of Chemical Weapons in The Hague

May 2018: GRU hackers sent spear phishing emails which impersonated Swiss federal authorities to target OPCW employees in Holland

Their hacking missions were inadvertently revealed by the four bungling spies caught trying to hack into computers used by chemical weapons inspectors investigating Russian attacks in Salisbury and Syria at their Dutch headquarters.

Cyber expert Evgenii Serebriakov’s laptop was seized at The Hague and revealed he kept selfies from previous operations including at the 2016 Olympics in Brazil where Russian athletes’ doping samples were tampered with and US athletes’ medical records leaked.

His laptop also linked the men to cyber attacks in Switzerland, America, Denmark and Germany.

Two of the officers were planning to travel on to Switzerland where the OPCW – which was at the time investigating the Salisbury attack and a suspected chemical weapons attack in Syria – has laboratories.

The National Cyber Security Centre (NCSC) has said a number of hackers known to have launched attacks have been linked to the GRU.

The NCSC associated four new attacks with the GRU, on top of previous strikes believed to have been conducted by Russian intelligence.

Among targets of the GRU attacks were the World Anti-Doping Agency (Wada), transport systems in Ukraine, and democratic elections, such as the 2016 US presidential race, according to the NCSC.

The centre said it was ‘almost certainly’ the GRU behind a ‘BadRabbit’ attack in October 2017 that caused disruption to the Kiev metro, Odessa airport and Russia’s central bank.

Britain’s cyber security chiefs say they have ‘high confidence’ Russian intelligence was responsible for a strike on Wada in August 2017.

The NCSC also said the GRU was ‘almost certainly’ to blame for hacking the Democratic National Committee during the US presidential election in 2016.

And the agency pointed the finger at the GRU for accessing email accounts at a small UK-based TV station in 2015.

The hackers were planning to travel on to the Spiez Laboratory, where the OPCW was studying chemical weapons

The hackers were planning to travel on to the Spiez Laboratory, where the OPCW was studying chemical weapons

The hackers were planning to travel on to the Spiez Laboratory, where the OPCW was studying chemical weapons

Foreign Office and computers at British research facility were hacked by Russian spies from GRU cyber unit ‘Sandworm’ in wake of novichok attack on former Spy in the UK

Russian spies attempted to hack computers at the British Foreign Office and the Porton Down military research facility, in England, days after assassins tried to murder the Skripals in the British city of Salisbury.

Moscow’s feared GRU cyber unit nicknamed ‘Sandworm’ tried and failed to infiltrate UK IT systems as part of a series of attacks across Europe this year.

They carried out an unsuccessful ‘spearfishing’ attack on the Foreign Office in March as the police, MI5 and MI6 were trying to find out who attacked Sergei and Yulia Skripal with novichok.

At the same time they targeted computers at Porton Down in April, Britain’s top military research facility where experts were testing for the nerve agent.

Computers at Porton Down were targeted by Russian spies at a time when British experts inside were testing for novichok

Computers at Porton Down were targeted by Russian spies at a time when British experts inside were testing for novichok

Computers at Porton Down were targeted by Russian spies at a time when British experts inside were testing for novichok

British intelligence helped thwart the operation, which was launched in April, a month after the Salisbury Novichok poisoning.

Details were revealed on Thursday after the UK Government accused the GRU of a wave of other cyber attacks across the globe.

At a press conference in The Hague, British ambassador to the Netherlands Peter Wilson said: ‘The disruption of this attempted attack on the OPCW was down to the expertise and the professionalism of the Dutch security services in partnership with the United Kingdom.

‘The OPCW is a respected international organisation which is working to rid the world of chemical weapons.

‘Hostile action against it demonstrates complete disregard for this vital mission.’ 

Conservative MP Tom Tugendhat, chairman of the UK’s Commons Foreign Affairs Committee, tweeted: ‘The catalogue of evidence shows why the Dutch are excellent partners and that the decades of theft have stripped Russia’s intelligence of the skills they once had. Putin’s corrupt greed has turned the GRU into an amateurish bunch of jokers.’ 

Dutch authorities released a diagram showing how the hacking equipment was set up in the boot of the car

Dutch authorities released a diagram showing how the hacking equipment was set up in the boot of the car

Some of the haul of electronic kit found in the group's possession

Some of the haul of electronic kit found in the group's possession

Dutch authorities released a diagram showing how the hacking equipment was set up in the boot of the car. Right: Some of the haul of electronic kit found in the group’s possession

Russia’s GRU intelligence agency targeted the global chemical weapons watchdog, the OPCW, whose headquarters are in The Hague, Dutch authorities revealed today

Theresa May and the Dutch PM blast the Kremlin for ‘unacceptable’ cyber attacks and warn Russia is showing a total ‘disregard for the global values and rules that keep us safe’ 

Theresa May today tore into Russia for its ‘unacceptable cyber activities’ and vowed to hit back to defend the international order against their strikes.

In a joint statement with the Dutch Prime Minister, she said the Kremlin is showing flagrant ‘disregard’ for the global values which keep the world safe.

And she warned that Britain and its allies will stand up to the Russian aggression to  ensure that Western institutions are protected from the onslaught of attacks ordered by Moscow.

She issued the stern rebuke in a joint statement with the Dutch PM Mark Rutte after the two countries today revealed Russia’s GRU intelligence agency tried to hack into the global chemical weapons watchdog a month after the Salisbury attack. 

In a joint statement with the Dutch Prime Minister, Theresa May (pictured at Tory party conference in Birmingham yesterday) said the Kremlin is showing flagrant 'disregard' for the global values which keep the world safe

In a joint statement with the Dutch Prime Minister, Theresa May (pictured at Tory party conference in Birmingham yesterday) said the Kremlin is showing flagrant 'disregard' for the global values which keep the world safe

The Dutch Defence Ministry this morning took the extraordinary step of naming and picturing four Russian agents involved in the attack on the OPCW in April (pictured, Dutch PM Mark Rutte)

The Dutch Defence Ministry this morning took the extraordinary step of naming and picturing four Russian agents involved in the attack on the OPCW in April (pictured, Dutch PM Mark Rutte)

Theresa May (pictured left at her party conference in Birmingham yesterday) and Dutch PM Mark Rutte (pictured at the UN Assembly in September today tore into Russia for its ‘unacceptable cyber activities’ and vowed to hit back to defend the international order against their strikes

The Dutch Defence Ministry this morning took the extraordinary step of naming and picturing four Russian agents involved in the attack on the OPCW in April.

The two leaders said: ‘We have, with the operations exposed today, further shone a light on the unacceptable cyber activities of the Russian military intelligence service, the GRU.

‘This attempt to access the secure systems of an international organisation working to rid the world of chemical weapons, demonstrates the GRU’s disregard for the global values and rules that keep us safe.

‘Our action today reinforces the clear message from the international community: we will uphold the rules-based international system and defend international institutions from those that seek to do them harm.’

‘A diabolical perfume of lies’: Russia makes novichok reference as it blasts claims its GRU agents were behind global cyber attacks

Russia today described British accusations that its spies were behind global cyber attacks as ‘a diabolical perfume of lies’.

The Russian Foreign Ministry’s phrase referred to the Salisbury poisonings earlier this year which saw the novichok nerve agent disguised in a fake perfume bottle.

Its spokesman Maria Zakharova said the new hacking allegations were unworthy and part of a disinformation campaign designed to damage Russian interests.

But Ms Zakharova said today the accusations were the product of someone with a ‘rich imagination’, adding: ‘It’s some kind of a diabolical perfume cocktail.’

Russian Foreign Ministry spokesman Maria Zakharova, pictured with President Vladimir Putin in January 2017, dismissed the new hacking accusations from the UK as 'big fantasies'

Russian Foreign Ministry spokesman Maria Zakharova, pictured with President Vladimir Putin in January 2017, dismissed the new hacking accusations from the UK as 'big fantasies'

Russia's phrase of 'a diabolical perfume of lies' referred to the Salisbury poisonings earlier this year which saw the novichok nerve agent disguised in a fake perfume bottle (above)

Russia's phrase of 'a diabolical perfume of lies' referred to the Salisbury poisonings earlier this year which saw the novichok nerve agent disguised in a fake perfume bottle (above)

Russian Foreign Ministry spokesman Maria Zakharova, pictured with President Vladimir Putin in January 2017, dismissed the new hacking accusations from the UK as ‘a diabolical perfume of lies’. The statement is thought to be a reference to the fake perfume bottle used in the novichok attack which killed British mother Dawn Sturgess

Asked about accusations from the Foreign Office of Russia being involved in worldwide cyber attacks, a spokesman for the Russian embassy said: ‘This statement is reckless. It has become a tradition for such claims to lack any evidence. It is yet another element of the anti-Russian campaign by the UK Government.

‘In December 2017 during the then-foreign secretary Boris Johnson’s visit to Moscow, Russia’s Foreign Minister Sergei Lavrov proposed to launch expert consultations on cybersecurity in order to address UK’s concerns, if any. 

‘The offer was turned down. The only reasonable explanation is that the UK has no facts for a substantive discussion.

‘Thus, such statements by the Foreign Office are nothing but crude disinformation, aimed at confusing the British and world public opinion. 

‘By the way, it is hardly a coincidence that these accusations appear exactly at the time of Nato defence ministers meeting in Brussels and announcements of creating special cyber-attack military units in several western countries.’

 



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here