Archive

ShareThis Page
West accuses Russian spy agency GRU of scores of attacks | TribLIVE.com
U.S./World

West accuses Russian spy agency GRU of scores of attacks

The Associated Press
303465303465e7d4d3aff4724aa7993bcee6aae15143
In this image released and manipulated at source by the Dutch Defense Ministry, Thursday Oct. 4, 2018, four Russian officers of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation, GRU, are escorted to their flight after being expelled from the Netherlands on April 13, 2018, for allegedly trying to hack into the U.N. chemical watchdog OPCW’s network. The Dutch defense minister on Thursday Oct. 4, 2018, accused Russia’s military intelligence unit of attempted cybercrimes targeting the U.N. chemical weapons watchdog and the investigation into the 2014 Malaysian Airlines crash over Ukraine.(Dutch Defense Ministry via AP)
303465303465c957bca763184760a405a53727edd2ae
In this image released by the Dutch Defense Ministry on Thursday Oct. 4, 2018, the boot of a car filled with hacking equipment belonging to four Russian officers of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation, GRU, is seen on April 13, 2018. The officers were expelled from the Netherlands for allegedly trying to hack into the U.N. chemical watchdog OPCW’s network. The Dutch defense minister on Thursday Oct. 4, 2018, accused Russia’s military intelligence unit of attempted cybercrimes targeting the U.N. chemical weapons watchdog and the investigation into the 2014 Malaysian Airlines crash over Ukraine. (Dutch Defense Ministry via AP)
303465303465ddf739de481a4d51aeeb67aa06526d39
This image released by the Dutch Defense Ministry on Thursday Oct. 4, 2018, shows a combo of a taxi bill and a map, with a ride from a street next to the Main Directorate of the General Staff of the Armed Forces of the Russian Federation, GRU, to Sheremyetevo airport in Moscow, found in possession of one of four GRU officers who were expelled from the Netherlands for allegedly trying to hack into the chemical watchdog OPCW’s network in The Hague, Netherlands. The Dutch defense minister on Thursday Oct. 4, 2018, accused Russia’s military intelligence unit of attempted cybercrimes targeting the U.N. chemical weapons watchdog and the investigation into the 2014 Malaysian Airlines crash over Ukraine. (Dutch Defense Ministry via AP)

BRUSSELS — The United States and other Western nations leveled a torrent of new allegations against Moscow’s secretive GRU military spy agency on Thursday, accusing its agents of hacking anti-doping agencies, plane crash investigations and a chemical weapons probe as well as launching cyberattacks that rocked America’s 2016 election and crippled Ukraine in 2017.

The roll-call of GRU malfeasance began at midnight in Britain, when British and Australian authorities accused the Russian agency of being behind the catastrophic cyberattack that caused billions in losses to Ukraine in June 2017 and a host of other hacks, including the Democratic Party email leaks and online cyber propaganda that sowed havoc before Americans voted in the 2016 presidential election.

Hours later Thursday morning, Dutch defense officials broadcast photos and a timeline of GRU agents’ botched attempt to break into the Organization for the Prohibition of Chemical Weapons using Wi-Fi hacking equipment hidden in the back of a sedan. The chemical weapons watchdog was investigating a Novichok nerve agent attack on a former GRU spy, Sergei Skripal, that Britain has blamed on the Russian government. Moscow has denied the charge.

The Dutch also accused the Russian agency of trying to hack into the investigation of the 2014 downing of a Malaysian Airlines flight over eastern Ukraine that killed all 298 people on board. A Dutch-led investigation team says it has strong evidence that the Buk missile which brought the plane down came from a Russia-based military unit. Russia has denied the charge.

Then came the U.S. government’s turn, with the U.S. Justice Department charging seven Russian GRU intelligence officers — including the four nabbed in The Hague — of an international hacking rampage that targeted more than 250 athletes, a nuclear energy company and a Swiss chemical laboratory.

U.S. Defense Secretary James Mattis said the West has “a wide variety of responses” available.

“Basically, the Russians got caught with their equipment, people who were doing it, and they have got to pay the piper. They are going to have to be held to account,” Mattis said, speaking in Brussels where he was meeting with NATO allies.

Moscow issued more denials on Thursday, but the allegations leveled by Western intelligence agencies, supported by a wealth of surveillance footage and overwhelmingly confirmed by independent reporting, painted a picture of the GRU as an agency that routinely crosses red lines — and is increasingly being caught red-handed around the world.

The U.S. indictment said the GRU targeted its victims because they had publicly supported a ban on Russian athletes in international sports competitions and because they had condemned Russia’s state-sponsored athlete doping program. U.S. prosecutors said the Russians also targeted a Pennsylvania-based nuclear energy company and the OPCW, which was investigating possible war crimes in Syria and the March poisoning of Skripal and his daughter in the English city of Salisbury.

The U.S. indictment says the seven defendants are all Russian citizens and residents. They include four GRU agents expelled last spring from the Netherlands.

They were identified as: Aleksei Sergeyevich Morenets, 41; Evgenii Mikhaylovich Serebriakov, 37; Ivan Sergeyevich Yermakov, 32; Artem Andreyevich Malyshev, 30; and Dmitriy Sergeyevich Badin, 27; who were each assigned to Military Unit 26165, and Oleg Mikhaylovich Sotnikov, 46, and Alexey Valerevich Minin, 46, who were also GRU officers.

The U.S. indictment says the hacking was often conducted remotely. If that wasn’t successful, the hackers would conduct “on-site” or “close access” hacking operations, with trained GRU members traveling with sophisticated equipment to target their victims through Wi-Fi networks.

The GRU’s alleged hacking attempts on the chemical watchdog agency based in The Hague, Netherlands, took place in April and were disrupted by authorities, Dutch Defense Minister Ank Bijleveld said Thursday. Four Russian intelligence officers were immediately expelled from the Netherlands, she said. Those were Minin, Sotnikov, Serebriakov and Morenets.

The British ambassador to the Netherlands said the men caught with spy gear outside OPCW were from the very same GRU section (Unit 26165) accused by American investigators of having broken into the Democratic National Committee’s email system before the 2016 U.S. election.

On Thursday, Australian and British spies endorsed the American intelligence community’s reported attribution of the catastrophic June 2017 cyberattack on Ukraine to the GRU. The malicious software outbreak briefly knocked out cash machines, gas stations, pharmacies and hospitals and, according to a secret White House assessment recently cited by Wired, dealt $10 billion worth of damage worldwide.

The hack and release of sports figures’ medical data in 2016 and the downing of Flight MH17 over eastern Ukraine in 2014 also allegedly carry the GRU’s fingerprints. Dutch investigators said the snoopers nabbed outside the OPCW also appear to have logged into the Wi-Fi networks near the World Anti-Doping Agency and the Malaysian hotels where crash investigators had gathered to investigate the shooting down of passenger flight MH17.

Russia’s interests were at stake in both cases. The OPCW was investigating the Skripal nerve agent poisoning, which Russia denied, and Russia was being blamed for the shooting down of MH17 over eastern Ukraine, where Ukrainian forces were fighting Russia-backed separatists at the time.

The leaders of Britain and the Netherlands on Thursday condemned the GRU for “reckless” and “brazen” activities around the world and vowed to defend vital international agencies from Russian aggression.

“This attempt, to access the secure systems of an international organization working to rid the world of chemical weapons, demonstrates again the GRU’s disregard for the global values and rules that keep us all safe,” British Prime Minister Theresa May and Dutch counterpart Mark Rutte said in a joint statement.

Britain’s ambassador to the Netherlands, Peter Wilson, said the GRU would no longer be allowed to act with impunity. Britain blames the secretive agency for the March poisoning of Skripal and his daughter.

The Associated Press, meanwhile, independently corroborated information that matches details for two of the alleged Russian agents named by the Dutch authorities.

An online database for car registration in Russia showed that Aleksei Morenets, whose full name and date of birth are the same as one of the Russians expelled by the Dutch, sold his car in 2004, listing the Moscow address where the Defense Ministry’s Military University is based.

Alexey Minin, another Russian whose full name and date of birth match the details released by Dutch authorities, had several cars, including an Alfa Romeo, that were registered and sold at the address where the Defense Ministry’s GRU school is located. In some of the filings, Minin listed the official military unit number of the GRU school as his home address.

Earlier, British Defense Secretary Gavin Williamson branded a series of global cyberattacks blamed on Russia as the reckless actions of a “pariah state,” saying that the U.K. and its NATO allies would uncover such activities in the future.

“Where Russia acts in an indiscriminate and reckless way, where they have done in terms of these cyberattacks, we will be exposing them,” Williamson told reporters in Brussels at talks with Mattis and other NATO officials.

TribLIVE commenting policy

You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.