Four men who tried to hack the global chemical weapons agency just got outed as Russian spies

Dutch Defense Minister Ank Bijleveld said he was taking the “extraordinary” step of naming the agents.
October 4, 2018, 1:20pm
Getty Images

Four Russian operatives sat in a rented car outside the offices of the Organisation for the Prevention of Chemical Weapons in The Hague.

It was mid-April. At the time the agency was examining the chemical used in the assassination attempt of former Russian spy Sergei Skripal in the English city of Salisbury in March, and the suspected chemical attack in Douma, Syria, earlier that month.

In the trunk of the car was modified equipment including a cell phone, a computer and a Wi-Fi antenna, all of which was pointed at the offices of the OPCW in an attempt to steal the login details of employees at the agency. As the agents switched on the equipment and began to collect data, Dutch authorities swooped.

Advertisement

The Dutch government revealed Thursday that all four men arrested — Alexei Morenets, Yevgeny Serebryakov, Oleg Sotnikov, and Alexei Minin — were members of Russia’s infamous military intelligence unit known as the GRU.

How did officials find out the men were part of Vladimir Putin’s clandestine services? Well, it wasn’t very difficult.

  • One of the men had a taxi receipt for a trip the previous day going from the GRU headquarters in Moscow to Sheremetyevo Airport.
  • The men arrived in The Hague on diplomatic passports — two of which had sequential passport numbers — and they were met at the airport by an official from the Russian embassy.
  • One of the cellphones in their possession had been first activated near the GRU headquarters earlier that week.
  • A laptop seized by Dutch authorities was linked to the several other hacking operations, including one to hit the investigation into MH17.
  • They were carrying more than €20,000 in cash.

The agents were quickly sent back to Russia, but Dutch Defense Minister Ank Bijleveld said Thursday he was taking the “extraordinary” step of naming the four agents, and revealed that the U.S. Department of Justice would be publishing indictments against them.

READ: Russia keeps changing its story on the chemical attack in Syria

Earlier, the British government directly accused the GRU of conducting “reckless and indiscriminate cyberattacks” on the orders of Putin’s Kremlin, including the 2016 attack on the Democratic National Committee headquarters.

"This cyber operation against the OPCW is unacceptable. By revealing this Russian action, we send out a clear message: Russia must stop this,” Bijleveld said during a press conference.

At the same conference, Peter Wilson, the U.K. ambassador in The Hague, revealed that GRU agents had attempted to compromise Foreign Office systems in a March attack.

U.K. Prime Minister Theresa May said in a joint statement with Dutch Prime Minister Mark Rutte that these incidents highlighted “the unacceptable cyber activities of the Russian military intelligence service, the GRU” and its “disregard for the global values.”

Russia has long been viewed as one of the most aggressive actors in cyberspace, conducting attacks on networks in Ukraine, the U.K., the U.S. and elsewhere with impunity.

Accurately attributing cyberattacks is notoriously difficult, but British, Australian, and New Zealand governments took the decision Thursday to publicly accuse the GRU of conducting several high profile attacks — including hacking the DNC and the World Anti Doping Agency, as well as carrying out a 2017 ransomware attack on independent news outlets in Russia and travel infrastructure within Ukraine.

“The GRU's actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens,” British Foreign secretary Jeremy Hunt said in a statement. “This pattern of behavior demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences.”

This unexpected coordinated pushback against the Kremlin by Dutch, U.S., Australian, and U.K. authorities is a significant escalation designed to dissuade Moscow from carrying out similar operations.

Advertisement

“If you continue to tolerate it, they will grow emboldened and I think that is what we are seeing, governments are saying we are going to stop this and stop it now, otherwise it is only going to make it worse,” Professor Alan Woodward, a cybersecurity expert at the University of Surrey, told VICE News.

May and her government have been publicly attacking Putin and the Kremlin for months, accusing the GRU of orchestrating the attack on Skripal and his daughter Julia — a claim Moscow has dismissed as “a fantasy.”

“The British government has been calling out Russia ever more publically in the last few months and I think that is part of the strategy to get rid of this sense of impunity and shoulder-shrugging about [the Kremlin's attacks],” Emily Taylor, an expert on international security at British think tank Chatham House, told VICE News.

Cover image: A protection mask is pictured at the OPCW headquarters in The Hague, The Netherlands, on April 20, 2017. (JOHN THYS/AFP/Getty Images)