This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.theguardian.com/world/2018/oct/04/netherlands-halted-russian-cyber-attack-on-chemical-weapons-body

The article has changed 11 times. There is an RSS feed of changes available.

Version 6 Version 7
Russia accused of cyber-attack on chemical weapons watchdog Russia accused of cyber-attack on chemical weapons watchdog
(about 4 hours later)
A Russian cyber-attack on the headquarters of the international chemical weapons watchdog was disrupted by Dutch military intelligence weeks after the Salisbury novichok attack, the Netherlands defence minister has said. A Russian cyber-attack on the headquarters of the international chemical weapons watchdog was disrupted by Dutch military intelligence just weeks after the Salisbury novichok attack, it emerged on Thursday, amid fresh revelations of spying that escalated the diplomatic war between the west and Vladimir Putin.
The incident, which was thwarted with the help of British officials, came after the Sandworm cybercrime unit of the Russian military intelligence agency GRU attempted unsuccessful spear phishing attacks on the UK Foreign Office in March and the Porton Down chemical weapons facility in April. The incident, which was thwarted with the help of British intelligence officials, came after the Sandworm cybercrime unit of the Russian military intelligence agency GRU had attempted unsuccessfully to hack the UK Foreign Office in March and the Porton Down chemical weapons facility in April.
Jeremy Hunt, the foreign secretary, said on Thursday that Moscow could face further sanctions as a result of an astonishingly detailed evidence trail laid out in the Netherlands, the UK and the US.
Defence secretary Gavin Williamson said Russia was now a “pariah state”, while the Russian foreign ministry dismissed the allegations on Thursday night and claimed the west was gripped by “spy mania”.
Four Russian intelligence officers, believed to have been part of a GRU “cleanup” unit for earlier failed operations, travelled to The Hague on diplomatic passports in April after unsuccessfully launching a remote attack.Four Russian intelligence officers, believed to have been part of a GRU “cleanup” unit for earlier failed operations, travelled to The Hague on diplomatic passports in April after unsuccessfully launching a remote attack.
At the time, the Organisation for the Prohibition of Chemical Weapons was investigating the attempted assassination of Sergei Skripal and his daughter in the UK, as well as a chemical weapons attack in Douma, Syria. At the time, the Organisation for the Prohibition of Chemical Weapons was investigating the attempted assassination of Sergei Skripal and his daughter Yulia in the UK, as well as a chemical weapons attack in Douma, Syria.
The British ambassador to the Netherlands, Peter Wilson, said: “With its aggressive cyber campaigns, we see the GRU trying to clean up Russia’s own mess – be it the doping uncovered by Wada [the World Anti-Doping Agency] or the nerve agent identified by the OPCW.”The British ambassador to the Netherlands, Peter Wilson, said: “With its aggressive cyber campaigns, we see the GRU trying to clean up Russia’s own mess – be it the doping uncovered by Wada [the World Anti-Doping Agency] or the nerve agent identified by the OPCW.”
They were caught “in flagrante” by Dutch security services on 13 April and immediately put on a plane back to Moscow. Their hire car was seized and found to contain a significant amount of technical equipment as well as laptops, phones, maps and cash. The US government announced criminal charges against the intelligence officers for targeting the watchdog, including computer hacking, wire fraud, aggravated identity theft and money laundering to promote Russian interests by nefarious means.
Dutch officials also found taxi receipts from a GRU facility in Moscow to the airport and an antenna hidden under a coat, which British intelligence helped establish had been pointed at the OPCW in an attempt to intercept computer logins via the wifi network. Train tickets to Basel were also found, along with evidence of online searches for the Spiez lab, Switzerland’s institute for nuclear, biological and chemical protection. They were also charged, along with three more of their colleagues, with being part of the Fancy Bears group that hacked anti-doping authorities and leaked records of sports stars including Sir Bradley Wiggins and Sir Mo Farah at a time when Russia was facing allegations of state-sponsored cheating.
Authorities in the Netherlands released images of all four men arriving at Schiphol airport, accompanied by a Russian embassy official, as well as their reconnaissance pictures and passport details. All four were named, with two cyber operators identified as Aleksei Sergeyvich and Evgenii Mikhaylovich. The Russian spies were named by the Dutch authorities as cyber experts Evgenii Serebriakov, 37 and Aleksei Morenets, 41, and Oleg Sotnikov, and Alexey Minin, both 46, who provided human intelligence.
They appeared to have made little attempt to hide their presence in the country, arriving together with Russian diplomatic passports at Schiphol airport, where they were captured on CCTV being met by a Russian embassy official. Once through customs and immigration controls, they hired a car and headed for The Hague.
Senior British security officials said they were caught “in flagrante” by Dutch intelligence three days later, on 13 April, sitting in their hire car which was parked close to the OPCW building. They tried – and failed – to destroy their equipment and were immediately put on a plane back to Moscow.
In the back of the vehicle, investigators found a laptop connected to a 4G mobile and a wifi panel antenna, partially hidden under a coat, as well as other specialist hacking equipment. They also recovered €20,000 and US$20,000 in cash, as well as taxi receipts from a GRU facility in Moscow and reconnaissance maps.
Train tickets to Basel were also found, along with evidence of online searches for the Spiez lab, Switzerland’s institute for nuclear, biological and chemical protection which had confirmed the British claim that the Skripals had been exposed to the military-grade nerve agent novichok.
The manager of the Marriott hotel next door to the OPCW headquarters where the four alleged Russian spies were staying said they were seized without force and with “no James Bond involved”. Vincent Pahlplatz told Associated Press the quartet were arrested by Dutch officers in broad daylight as they walked out of a lift.
Senior British security officials said the same GRU “close access” unit had previously travelled to Malaysia to attempt to hack the investigation into Malaysia Airlines flight MH17, which investigators have said was shot down by a Russian military missile, killing all 283 passengers and 15 crew on board.Senior British security officials said the same GRU “close access” unit had previously travelled to Malaysia to attempt to hack the investigation into Malaysia Airlines flight MH17, which investigators have said was shot down by a Russian military missile, killing all 283 passengers and 15 crew on board.
They said the unit, known in the Russian military as 26165, had also travelled to Switzerland during a Wada conference, at which officials from the International Olympic Committee and the Canadian Centre for Ethics in Sport were the victims of a cyber-attack, as well as to Brazil.They said the unit, known in the Russian military as 26165, had also travelled to Switzerland during a Wada conference, at which officials from the International Olympic Committee and the Canadian Centre for Ethics in Sport were the victims of a cyber-attack, as well as to Brazil.
It emerged last month that the Dutch government had expelled Russian spies in April after they were accused of planning to hack into the Spiez laboratory, which confirmed a British claim that the Skripals had been exposed to the military-grade nerve agent novichok. The laboratory had also been investigating poison gas attacks by the Syrian regime, which is backed by the Kremlin. It emerged last month that the Dutch government had expelled Russian spies in April after they were accused of planning to hack into the Spiez laboratory, which confirmed a British claim that the Skripals had been exposed to the military-grade nerve agent novichok.
In a joint statement, the British prime minister, Theresa May, and her Dutch counterpart, Mark Rutte, said: “This attempt to access the secure systems of an international organisation working to rid the world of chemical weapons demonstrates the GRU’s disregard for the global values and rules than keep us all safe.In a joint statement, the British prime minister, Theresa May, and her Dutch counterpart, Mark Rutte, said: “This attempt to access the secure systems of an international organisation working to rid the world of chemical weapons demonstrates the GRU’s disregard for the global values and rules than keep us all safe.
“Our action today reinforces the clear message from the international community: we will uphold the rules-based international system, and defend international institutions from those that seek to do them harm.”“Our action today reinforces the clear message from the international community: we will uphold the rules-based international system, and defend international institutions from those that seek to do them harm.”
Maria Zakharova, the Russian foreign ministry spokeswoman, dismissed the hacking accusations as “big fantasies”. Last month, May pledged to step up action against Russian intelligence following the Salisbury attack.
A senior British security official said: “For the GRU to get caught in this way would be considered a pretty bad day”. In a further blow to the GRU, Bellingcat, the investigative website, revealed that Russia appeared to have inadvertently identified the names and phone numbers of nearly 305 of its agents in its cyber-warfare department.
The Dutch defence minister, Ank Bijleveld, said Russian representatives had been summoned to the foreign ministry. She told reporters the decision to publicise the failed attack was a “far-reaching and unusual measure” designed to “send a very strong signal” to the Kremlin that such behaviour would not be tolerated. The names appear on a list of individuals that have access to cars registered to the headquarters of the GRU’s cyber division. Bellingcat said it may constitute “one of the largest mass breaches” of personal data in recent intelligence service history.
The head of Dutch counter-intelligence, Onno Eichelsheim, said: “We have concluded they targeted the OPCW during the period that the OPCW was occupied with the Skripal investigation, but we have not been able to prove that they targeted the OPCW because of the Skripal investigation.” Maria Zakharova, the Russian foreign ministry spokeswoman, dismissed the hacking accusations as “big fantasies”. A senior British security official said: “For the GRU to get caught in this way would be considered a pretty bad day.”
He said analysis of the men’s laptops showed they also had links to Switzerland and Malaysia. The Dutch defence minister, Ank Bijleveld, said Russian diplomats had been summoned to the foreign ministry. She told reporters the decision to publicise the failed attack was a “far-reaching and unusual measure” designed to “send a very strong signal” to the Kremlin that such behaviour would not be tolerated.
Commenting on the possible link to the Skripal investigation, a senior British security official said: “It’s hard to know their full intention as their operation failed. But judging from past form elsewhere, discrediting the investigation could well have been their motivation.” The head of Dutch counter intelligence said analysis of the men’s laptops showed they had links to operations in Switzerland and Malaysia. The OPCW had confirmed the UK’s analysis that a novichok nerve agent was used in the Salisbury attack.
The OPCW had confirmed the UK’s analysis that a novichok nerve agent was used in the Salisbury attack, which was carried out by serving GRU officers who also operated under false aliases. A senior British security official, commenting on the possible link to the Skripal investigation, said: “It’s hard to know their full intention as their operation failed. But judging from past form elsewhere, discrediting the investigation could well have been their motivation.”
Wilson said British intelligence would continue “confronting, exposing and disrupting” Russian cyber-attacks. One of the alleged agents, Serebriakov, was listed on a Moscow amateur football league website as a defender. “Our team is known as the ‘security services’ team. Almost everyone works for an intelligence agency,” a teammate told The Moscow Times. “I personally don’t.”
“We will shine a light on their activities, we will expose their methods, and we will share this with our allies. The GRU can only succeed in the shadows. We all agree that where we see their malign activities, we must expose it to together,” he said.
A senior British government official said: “Russian intelligence services are constantly conducting operations to try to penetrate UK government networks. It is a constant and pervasive threat.
“Whenever international institutions investigate activities attributed to the Russian state, such as the work of OPCW or MH17, it seems the GRU pops up. There is a correlation between international investigation of Russian activity and the GRU.”
British officials refused to say whether the Russian agents would have been detained if they had been caught undertaking the same activity in the UK, stressing operational decisions were for Dutch authorities.British officials refused to say whether the Russian agents would have been detained if they had been caught undertaking the same activity in the UK, stressing operational decisions were for Dutch authorities.
Asked if the UK undertook the same surveillance methods as Moscow, British government officials said: “British intelligence cannot to be put in the same moral and ethical bucket as the Russian security service. They do not have oversight.” Asked if the UK undertook the same surveillance methods as Moscow, they added: “British intelligence cannot be put in the same moral and ethical bucket as the Russian security service. They do not have oversight.”
Last month, Theresa May pledged to step up action against Russian intelligence following the Salisbury attack. On Thursday Labour leader Jeremy Corbyn said: “The evidence is clearly against Russia on both the Salisbury attack and of course on the latest cyber-attacks so there has to be a confrontation, a diplomatic confrontation, with Russia on this.”
The British defence secretary, Gavin Williamson, called Russia a “pariah state” and said it would continue to be isolated by the international community.
The shadow chancellor, John McDonnell, called for tougher financial penalties against Russia. “If there is hard evidence that we can accuse the Russians of activities in our country which are unacceptable and even criminal, we have to hit them where it hurts, in the pocket.,” he said.
The revelations came hours after the British government directly accused Russian military intelligence of being behind a spate of “reckless and indiscriminate cyber-attacks” carried out on the orders of the Kremlin, including the hacking in 2016 of the US Democratic National Committee headquarters.The revelations came hours after the British government directly accused Russian military intelligence of being behind a spate of “reckless and indiscriminate cyber-attacks” carried out on the orders of the Kremlin, including the hacking in 2016 of the US Democratic National Committee headquarters.
A joint statement by Donald Tusk and Jean-Claude Juncker, the presidents of the European council and European commission respectively, along with the EU’s foreign policy chief, Federica Mogherini, said: “We deplore such actions, which undermine international law and international institutions.A joint statement by Donald Tusk and Jean-Claude Juncker, the presidents of the European council and European commission respectively, along with the EU’s foreign policy chief, Federica Mogherini, said: “We deplore such actions, which undermine international law and international institutions.
“The EU will continue to strengthen the resilience of its institutions and those of its member states, and international partners and organisations in the digital domain.”“The EU will continue to strengthen the resilience of its institutions and those of its member states, and international partners and organisations in the digital domain.”
RussiaRussia
CyberwarCyberwar
HackingHacking
EspionageEspionage
NetherlandsNetherlands
InternetInternet
newsnews
Share on FacebookShare on Facebook
Share on TwitterShare on Twitter
Share via EmailShare via Email
Share on LinkedInShare on LinkedIn
Share on PinterestShare on Pinterest
Share on Google+Share on Google+
Share on WhatsAppShare on WhatsApp
Share on MessengerShare on Messenger
Reuse this contentReuse this content