West Accuses Russian Spy Agency of Scores of Attacks
7.10.2018 securityweek BigBrothers
LONDON (AP) — The West unleashed an onslaught of new evidence and indictments Thursday accusing Russian military spies of hacking so widespread that it seemed to target anyone, anywhere who investigates Moscow's involvement in an array of criminal activities — including doping, poisoning and the downing of a plane.
Russia defiantly denied the charges, neither humbled nor embarrassed by the exceptional revelations on one of the most high-tension days in East-West relations in years. Moscow lashed back with allegations that the Pentagon runs a clandestine U.S. biological weapons program involving toxic mosquitoes, ticks and more.
The nucleus of Thursday's drama was Russia's military intelligence agency known as the GRU, increasingly the embodiment of Russian meddling abroad.
In the last 24 hours: U.S. authorities charged seven officers from the GRU with hacking international agencies; British and Australian authorities accused the GRU of a devastating 2017 cyberattack on Ukraine, the email leaks that rocked the U.S. 2016 election and other damaging hacks; And Dutch officials alleged that GRU agents tried and failed to hack into the world's chemical weapons watchdog, the Organization for the Prohibition of Chemical Weapons.
The ham-handed attempted break-in — involving hacking equipment in the trunk of a car and a trail of physical and virtual clues — was the most stunning operation revealed Thursday. It was so obvious, in fact, that it almost looked like the Russians didn't care about getting caught.
"Basically, the Russians got caught with their equipment, people who were doing it, and they have got to pay the piper. They are going to have to be held to account," U.S. Defense Secretary James Mattis said in Brussels, where he was meeting with NATO allies.
Mattis said the West has "a wide variety of responses" available.
Britain's ambassador to the Netherlands, Peter Wilson, said the GRU would no longer be allowed to act with impunity.
Calling Russia a "pariah state," British Defense Secretary Gavin Williamson said: "Where Russia acts in an indiscriminate and reckless way, where they have done in terms of these cyberattacks, we will be exposing them."
Deputy Foreign Minister Sergei Ryabkov of Russia said in a statement that the U.S. is taking a "dangerous path" by "deliberately inciting tensions in relations between the nuclear powers," adding that Washington's European allies should also think about it.
While the accusations expose how much damage Russia can do in foreign lands, through remote hacking and on-site infiltration — they also expose how little Western countries can do to stop it.
Russia is already under EU and U.S. sanctions, and dozens of GRU agents and alleged Russian trolls have already been indicted by the U.S but will likely never be handed over to face American justice.
Still, to the Western public, Thursday may have been a pivotal day, with accusations so extensive, and the chorus of condemnation so loud, that it left little doubt of massive Russian wrongdoing. A wealth of surveillance footage released by Western intelligence agencies was quickly and overwhelmingly confirmed by independent reporting.
The litany of accusations of GRU malfeasance began overnight, when British and Australian authorities accused the Russian agency of being behind the catastrophic 2017 cyberattack in Ukraine. The malicious software outbreak knocked out ATMs, gas stations, pharmacies and hospitals and, according to a secret White House assessment recently cited by Wired, caused $10 billion in damage worldwide.
The British and Australians also linked the GRU to other hacks, including the Democratic Party email leaks and online cyber propaganda that sowed havoc before Americans voted in the 2016 presidential election.
Later Thursday, Dutch defense officials released photos and a timeline of GRU agents' botched attempt to break into the chemical weapons watchdog using Wi-Fi hacking equipment hidden in a car parked outside a nearby Marriott Hotel. The OPCW was investigating a nerve agent attack on a former GRU spy, Sergei Skripal, and his daughter in Salisbury, England, that Britain has blamed on the Russian government. Moscow vehemently denies involvement.
Photographs released by the Dutch Ministry of Defense showed a trunk loaded with a computer, battery, a bulky white transformer and a hidden antenna; officials said the equipment was operational when Dutch counterintelligence interrupted the operation.
What Dutch authorities found seemed to be the work of an amateur. A taxi receipt in the pocket of one of the agents showed he had hired a cab to take him from a street next to GRU headquarters to Moscow's Sheremetyevo Airport. A laptop found with the team appeared to tie them to other alleged GRU hacks.
The men were expelled instead of arrested, because they were traveling on diplomatic passports.
The Dutch also accused the GRU of trying to hack investigators examining the 2014 downing of a Malaysian Airlines jetliner over eastern Ukraine that killed all 298 people on board. A Dutch-led team says it has strong evidence the missile that brought the plane down came from a Russia-based military unit. Russia has denied the charge.
Later Thursday, the U.S. Justice Department charged seven GRU officers — including the four caught in The Hague — in an international hacking rampage that targeted more than 250 athletes, a Pennsylvania-based nuclear energy company, a Swiss chemical laboratory and the OPCW.
The indictment said the GRU targets had publicly supported a ban on Russian athletes in international sports competitions and because they had condemned what they called a state-sponsored doping program by Russia.
U.S. prosecutors said the Russians also targeted a Pennsylvania-based nuclear energy company and the OPCW.
The seven were identified as: Aleksei Morenets, 41; Evgenii Serebriakov, 37; Ivan Yermakov, 32; Artem Malyshev, 30; and Dmitriy Badin, 27; who were each assigned to Military Unit 26165, and Oleg Sotnikov, 46, and Alexey Minin, 46, who were also GRU officers.
The U.S. indictment says the hacking was often conducted remotely. If that wasn't successful, the hackers would conduct "on-site" or "close access" hacking operations, with trained GRU members traveling with sophisticated equipment to target their victims through Wi-Fi networks.
The World Anti-Doping Agency, the U.S. Anti-Doping Agency and the Canadian anti-doping agency were all identified by the U.S. indictment against the Russians.
WADA said the alleged hackers "sought to violate athletes' rights by exposing personal and private data — often then modifying them — and ultimately undermine the work of WADA and its partners in the protection of clean sport."
Travis Tygart, the CEO of the U.S. anti-doping agency and a prominent critic of Russian athletes' drug use, says "a system that was abusing its own athletes with an institutionalized doping program has now been indicted for perpetrating cyberattacks on innocent athletes from around the world."
Russia denied everything.
Konstantin Kosachev, the head of the foreign affairs committee in the upper house of Russian parliament, said the accusations were fake and intended to "delegitimize" a resurgent Russia. The West has picked up the GRU as "a modern analogue of the KGB which served as a bugaboo for people in the West during the Cold War," he said.
Russia countered with accusations of their own: The Defense Ministry unveiled complex allegations that the U.S. has a clandestine biological weapons lab in the country of Georgia as part of a network of labs on the edges of Russia and China that flout international rules.
Pentagon spokesman Eric Pahon called the accusations "an invention" and "obvious attempts to divert attention from Russia's bad behavior on many fronts."
The Associated Press, meanwhile, independently corroborated information that matches details for two of the alleged Russian agents named by the Dutch authorities.
An online car registration database in Russia showed that Aleksei Morenets, whose full name and date of birth are the same as one of the expelled Russians, sold his car in 2004, listing the Moscow address where the Defense Ministry's Military University is based.
Alexey Minin, another Russian whose full name and date of birth match the Dutch details, had several cars, including an Alfa Romeo, that were registered and sold at the address where the Defense Ministry's GRU school is located. In some of the filings, Minin listed the official military unit number of the GRU school as his home address.