This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.nytimes.com/2018/10/04/us/politics/russia-hacks-doping-poisoning.html

The article has changed 8 times. There is an RSS feed of changes available.

Version 4 Version 5
Russia Accused in Cyberattacks on Investigators Pursuing Doping and Poisoning Cases Russia Targeted Investigators Trying to Expose Its Misdeeds, Western Allies Say
(about 7 hours later)
WASHINGTON — Russian intelligence officers brazenly launched cyberattacks on investigators pursuing Russian malfeasance around the globe, Western officials said on Thursday, offering a litany of victims including antidoping agencies, inspectors scrutinizing the poisoning of a former spy in Britain and others examining the downing of a passenger jet in 2014. WASHINGTON — Western allies accused Russian intelligence officers on Thursday of launching cyberattacks against organizations around the globe that challenged Russian wrongdoing, exposed Kremlin disinformation campaigns or took on President Vladimir V. Putin.
The Justice Department indicted seven Russian officers on charges of trying to hack into antidrug agencies in the United States, Canada and Europe, an apparent effort to undermine their pursuit of Russian doping. Officers operating near Red Square sought to hack the British foreign ministry, antidoping agencies in Colorado Springs and Canada, as well as investigators examining the shoot-down of a Malaysian passenger jet over Ukraine in 2014, the officials said.
Hours earlier, officials in Europe accused Russia of cyberattacks on the Organization for the Prohibition of Chemical Weapons. The group was investigating the poisoning in Britain in March of a former Russian intelligence officer, Sergei V. Skripal, and his daughter. British officials have accused Russia of using a nerve agent to try to kill Mr. Skripal, whom President Vladimir V. Putin of Russia called this week “simply a scumbag” and “a traitor to the motherland.” Other Russian officers armed with mobile computer equipment traveled to the Netherlands in April to tap into the headquarters of the world’s chemical weapons watchdog, which was investigating the poisoning in Britain a month earlier of a Russian former spy and his daughter. Those officers were caught and expelled.
Officials in London also revealed an attempted hack on the British Foreign and Commonwealth Office by Russian military intelligence officers in the aftermath of the attempted assassination of Mr. Skripal. Seeking to deter Moscow, officials in Washington, London and Amsterdam released extraordinarily detailed accounts of Russian misdeeds on Thursday in intelligence reports and a Justice Department indictment charging seven Russian officers. They named the officers, published photographs of them and their equipment, and released maps charting their travel and their targets. One officer caught in the Netherlands, they said, was carrying a receipt for a taxi ride to the Moscow airport from the street outside the headquarters of the military intelligence agency formerly known as the G.R.U.
The Russian officers also targeted Malaysian investigators examining the downing of a passenger jet over Ukraine in 2014, the officials said. Russia has been blamed in that crash. The complaints echoed the case that British authorities recently made against Russia in the poisoning of the former spy, Sergei V. Skripal, by publishing photographs of two Russian officers and other evidence. American officials also expanded the constellation of cyberattacks they blamed on Russia, which they had previously limited to election interference.
Though unlikely to lead to arrests or convictions, the accusations formed the latest round of an international public shaming of the Kremlin by the West. In a similar coordinated diplomatic offensive against Russia in March, European nations, the United States and Canada expelled scores of Russian diplomats in a sign of allegiance with Britain over the poisoning of Mr. Skripal and his daughter. The accusations also demonstrated that even while its hacking of the Democratic National Committee was underway, the G.R.U. was conducting similar operations around the world.
“The defendants believed that they could use their perceived anonymity to act with impunity, in their own countries and on territories of other sovereign nations, to undermine international institutions and to distract from their government’s own wrongdoing,” John C. Demers, the assistant attorney general for national security, said on Thursday. “They were wrong.” “The defendants believed that they could use their perceived anonymity to act with impunity, in their own countries and on territories of other sovereign nations, to undermine international institutions and to distract from their government’s own wrongdoing,” said John C. Demers, the assistant attorney general for national security. “They were wrong.”
Three of the seven agents charged in the United States case were also indicted in July by the special counsel, Robert S. Mueller III, for their roles in interfering in the 2016 presidential election, Mr. Demers said, though he added that this case did not come out of Mr. Mueller’s investigation. As with previous Justice Department criminal complaints against hackers from Russia, China, Iran and North Korea, the indictments were unlikely to lead to arrests. But taken together, the accusations formed the West’s latest public shaming of the Kremlin, over malfeasance that President Trump has shown reluctance to condemn. In the case of election interference in the United States, he has cast doubt that it ever happened.
“Nevertheless, these two indictments charge overlapping groups of conspirators,” Mr. Demers said. “And they evince the same methods of computer intrusion and the same overarching Russian strategic goal: to pursue its interests through illegal influence and disinformation operations aimed at muddying or altering perceptions of the truth.” Instead, Vice President Mike Pence denounced China on a number of fronts on Thursday, saying that its influence campaigns were more worrisome than Russia’s. He made no reference to the Russian indictments.
The Kremlin dismissed the accusations, with a spokesman for the Foreign Ministry calling them the result of a “rich imagination” and “some kind of diabolical perfume cocktail,” Russian state media reported. The Kremlin dismissed the accusations. A spokesman for the Foreign Ministry called them the result of a “rich imagination” and “some kind of diabolical perfume cocktail,” Russian state media reported.
The charges unsealed by the Justice Department primarily focused on allegations that the Russian officers hacked into several antidoping agencies and sporting federations, including the global soccer organization FIFA, and stole private medical information about roughly 250 athletes from 30 countries. The hackers released the information “selectively, and sometimes misleadingly,” in retaliation for the revelations of a state-sponsored Russian doping program that led to a ban on the Russian team from the 2018 Winter Olympics, prosecutors said. The combined effort by Western officials is based on a theory that Mr. Putin and his aides can be embarrassed into paring back their operations. But past cases cast doubt on that theory. American intelligence agencies accused the Russians, and ultimately Mr. Putin, of the Democratic National Committee hack in 2016; Thursday’s allegations documented misconduct this year, by the same agency and, in some cases, the same operatives.
With far fewer details, the indictment also charged one officer, Ivan Sergeyevich Yermakov, with creating a fake website and sending spear-phishing emails to employees of Westinghouse Electric Company, based near Pittsburgh, who worked on nuclear reactor technology. Westinghouse has supplied Ukraine with nuclear fuel, but Mr. Demers declined to detail the larger aim of the Russian operation. Of the seven Russian officers charged by the Justice Department, three were also indicted in July by the special counsel, Robert S. Mueller III, for interfering in the 2016 election. The new Justice Department case did not emerge from the Mueller investigation, Mr. Demers said, but added, “They evince the same methods of computer intrusion and the same overarching Russian strategic goal: to pursue its interests through illegal influence and disinformation operations aimed at muddying or altering perceptions of the truth.”
In the Netherlands, the Kremlin’s attempt to hack the Organization for the Prohibition of Chemical Weapons unfolded over three days in April before it was abruptly thwarted. The indictment primarily focused on allegations that the Russian officers hacked into antidoping agencies and sporting federations, including the global soccer organization FIFA, and stole private medical information about roughly 250 athletes from 30 countries. The hackers released the data “selectively, and sometimes misleadingly,” in retaliation for the revelations of a state-sponsored Russian doping program that led to a ban on the Russian team from the 2018 Winter Olympics, prosecutors said.
Dutch officials identified four Russian military intelligence operatives two of whom specialize in cyberattacks soon after they arrived in Amsterdam on April 10 carrying diplomatic passports, Gen. Onno Eichelsheim, director of the Dutch Military Intelligence and Security Service, said in an unusually detailed explanation of a counterespionage operation. The Dutch intelligence officials also contributed evidence to the hacks of the sports groups. The authorities who foiled the Russian operation in the Netherlands seized a laptop that had a picture of one of the G.R.U. officers with a Russian athlete during the 2016 Summer Olympics in Brazil. It also contained evidence that a Russian spy stayed in the same Lausanne, Switzerland, hotel as a Canadian antidoping official during a meeting of the World Anti-Doping Agency as it investigated allegations of Russian doping.
British intelligence officials alerted their Dutch counterparts that the Russian officers intended to conduct reconnaissance for a hacking operation, General Eichelsheim said. The four were also behind an attempt to hack a Swiss laboratory that tested a nerve agent for the chemical weapons organization’s investigation of the Skripal poisoning and had also done testing in 2013 of the agent used in a chemical attack in Syria, Dutch officials said. After the Canadian official logged on to the hotel’s Wi-Fi network, the Russian and some of his colleagues used it to illegally access his laptop, according to the Justice Department indictment. The Canadian later noticed a strange message in his sent mail riddled with typos and a fake signature. Investigators found a malicious link embedded in the email; Russian intelligence had apparently used it to stealthily access the Canadian antidoping agency’s network for weeks in the fall of 2016.
A day after their arrival in the Netherlands, the Russian spies rented a Citroën hatchback to travel to and around The Hague. One of them, Alexey Minin, took several pictures around the chemical weapons organization’s headquarters. Beginning that September, officers from G.R.U. Unit 74455 released information stolen from the World Anti-Doping Agency. Claiming to be “hacktivists,” court papers show they went by the name Fancy Bears’ Hack Team, an ironic reference to the name that investigators have given to that G.R.U. unit and another.
On their third day in the country, the Russian officers parked the Citroën in the lot of a neighboring Marriott hotel late in the afternoon, pointing its trunk toward the headquarters of the arms control organization. Inside the car was a sophisticated device for penetrating a Wi-Fi network to gather the login credentials of its users, its antenna hidden under a jacket. As they did that summer and fall with stolen Democratic emails, the Russians played off the Western news media’s hunger for scoops. Through this July, the indictment alleged, the Fancy Bears’ Hack Team communicated with about 70 reporters, doling out stories on an exclusive basis.
After about 30 minutes, the Dutch authorities moved in on the Citroën, catching the Russians in the act and, General Eichelsheim said, preventing “severe damage” to the chemical weapons organization. In one case, the Justice Department alleged, an unidentified reporter suggested ways for the spies to sift through their stolen data for nuggets of news. When articles resulting from their documents were published, the Russian intelligence officers distributed them “in an apparent attempt to amplify the exposure and effect of their message,” the indictment said.
The Dutch seized a mobile phone that one of the Russian agents tried to destroy and discovered that it had been used in Moscow four days earlier at the headquarters of the Russian military intelligence branch known as the G.R.U. The same division is believed to be behind the cyberattacks on the Democratic National Committee in 2016.
The Dutch also recovered a receipt for a taxi ride from the G.R.U. headquarters in Moscow to the airport; a laptop whose internet search history included research into the Swiss facility, said to be the Russians’ next target; and evidence that train tickets were purchased for an April 17 trip from the Netherlands to Bern, Switzerland.
In disrupting the Russian plot against the chemical weapons organization, Dutch officials also found evidence that a Russian officer had been in a hotel in Kuala Lumpur, Malaysia, near where Malaysian government officials were investigating the 2014 crash of a passenger jet over Ukraine that killed nearly 300 people. In May, international investigators said Russia had supplied the missile that downed the plane.
The laptop also had a picture of one of the G.R.U. officers with a Russian athlete during the 2016 Olympic Games in Brazil and evidence that a Russian spy stayed in the same Lausanne, Switzerland, hotel as a Canadian antidoping official during a meeting of the World Antidoping Agency as it investigated allegations of Russian doping.
After the Canadian official logged on to the hotel’s Wi-Fi network, the Russian and some of his colleagues used it to illegally access the Canadian’s laptop, according to the Justice Department indictment. The official later noticed a strange message in his sent mail riddled with typos and a fake signature. Investigators found a malicious link embedded in the email, and Russian intelligence apparently used it along with the Canadian’s login credentials to stealthily access the agency’s network for weeks in the fall of 2016.
In September 2016, the Russian military intelligence agency set up websites, including fancybear.org, and posted stolen information and altered documents naming athletes and linking them to various ailments or addictions. The Russians created a fake online persona who communicated with dozens of reporters around the world, advertising the information and making deals for exclusive access to certain information.
“All of this was done to undermine those organizations’ efforts to ensure the integrity of the Olympic and other games,” Mr. Demers said.“All of this was done to undermine those organizations’ efforts to ensure the integrity of the Olympic and other games,” Mr. Demers said.
British officials said that the Russian attempts to hack the British Foreign and Commonwealth Office were carried out by a group of hackers known as Sandworm, and that the same Russian military intelligence agents were also behind attempted cyberattacks in April on the British Defense and Science Technology Laboratory as well as attacks in April and May on the Organization for the Prohibition of Chemical Weapons. All of those were carried out from Russia, the officials said. One officer, Ivan Sergeyevich Yermakov, was also charged with creating a fake website and sending spear-phishing emails to employees of Westinghouse Electric Company, based near Pittsburgh, who worked on nuclear reactor technology. Westinghouse has supplied Ukraine with nuclear fuel, but Mr. Demers declined to detail whether the larger aim of the Russian operation was to steal nuclear technology or interfere with fuel deliveries to Ukraine, which Mr. Putin has sought to destabilize.
The Dutch defense minister, Ank Bijleveld-Schouten, called on Russia to stop its hacking offensives. One of the most detailed and well-documented of the charges involved the attack on the Organization for the Prohibition of Chemical Weapons. The group was investigating the poisoning in March of the Skripals. British officials have accused Russia of using a nerve agent to try to kill Mr. Skripal, whom Mr. Putin called on Wednesday “simply a scumbag” and “a traitor to the motherland.”
“The Russian intelligence service must stop with these undermining cyberoperations,” he said. “By revealing the methods of the G.R.U., we are making it more difficult and at the same time increasing our own resiliency.” The attack on the O.P.C.W., as the group is known, unfolded over three days before it was thwarted.
Dutch officials identified four Russian military intelligence operatives — two of whom specialize in cyberattacks — soon after they arrived in Amsterdam on April 10 carrying diplomatic passports, said Maj. Gen. Onno Eichelsheim, the director of the Dutch Military Intelligence and Security Service. They were also behind an attempt to hack a Swiss laboratory that tested a nerve agent for the O.P.C.W. in the Skripal poisoning and had also done testing in 2013 of the agent used in a chemical attack in Syria, a Russian ally, Dutch officials said.
British intelligence officials alerted their Dutch counterparts that the Russian officers intended to conduct reconnaissance for a hacking operation, General Eichelsheim said. A day after their arrival, the spies rented a Citroën hatchback to travel to and around The Hague. One of them, Alexey Minin, took several pictures around O.P.C.W. headquarters, according to Dutch officials.
On their third day in the Netherlands, the Russian officers parked the Citroën in the lot of a Marriott Hotel next door, its trunk pointed toward the headquarters of the arms control organization. Inside the car was a sophisticated device for penetrating a Wi-Fi network to gather the login credentials of its users, its antenna hidden under a jacket.
After about 30 minutes, the Dutch authorities moved in on the Citroën, catching the Russians in the act and, General Eichelsheim said, preventing “severe damage” to the O.P.C.W.
The Dutch recovered the taxi receipt and the laptop, whose internet search history included evidence that train tickets were purchased for an April 17 trip from the Netherlands to Bern, Switzerland, about 25 miles from the Swiss facility, said to be their next target.
The Dutch also seized a mobile phone that one of the Russian agents tried to destroy and discovered that it had been used four days earlier at G.R.U. headquarters.
They also found evidence that a Russian officer had been in a Kuala Lumpur hotel near where Malaysian government officials were investigating the 2014 crash of the passenger jet over Ukraine that killed nearly 300 people. In May, international investigators said Russia had supplied the missile that downed the plane.
And British officials identified a group of hackers known as Sandworm as the culprits in Russia’s attempt to hack the British Foreign and Commonwealth Office and said that the same Russian officers were behind attempted cyberattacks in April on the British Defense and Science Technology Laboratory.