US and its allies target Russian cyber spies with indictments, public shaming
October 4 at 6:24 PM
The United States and major Western allies on Thursday forcefully condemned Russiaâs hacking and disinformation operations, announcing indictments and describing in striking detail Moscowâs targeting of top Olympic athletes, anti-doping organizations, and chemical weapons monitors.
In the morning, Justice Department officials unveiled charges against seven officers with Russiaâs GRU military intelligence agency who, authorities said, were linked to the leak of athletesâ drug-test data and efforts to steal information from organizations probing Russiaâs alleged use of chemical weapons, including the poisoning of a former GRU spy in Britain. Three of the cyber spies were indicted previously for allegedly conspiring to interfere in the 2016 presidential election.
[Read the DOJâs indictment of Russiaâs military spies]
Hours ea rlier, the Dutch government outlined an operation â" almost comedic in its haplessness â" in which Dutch counterintelligence forces caught the Russians red-handed as they sought to hack a chemical weapons agency in The Hague.
The British government, meanwhile, accused Russiaâs GRU of âreckless and indiscriminate cyberattacks,ââ blaming it for everything from the hacking of Olympic athletesâ medical records to disruptions on the Kiev subway system and the 2016 theft of emails from the Democratic National Committee.
Taken together, the indictments and condemnations represented a coordinated effort to further expose Moscowâs ongoing, widespread campaign to discredit democracy and international institutions through disinformation and its attacks on the rule of law. Russiaâs aim, officials said, is to muddy or alter perceptions of the truth, even if its efforts sometimes fail spectacularly.
âNations like Russia, and others that engage in mal icious and norm-shattering cyber and influence activities, should understand the continuing and steadfast resolve of the United States and its allies to prevent, disrupt and deter such unacceptable conduct,â said John Demers, assistant attorney general for national security.
A spokeswoman for Russiaâs foreign ministry, Maria Zakharova, dismissed Britainâs allegations as a delusional and âdiabolical perfume blend.â The ministry had no immediate comment on the U.S. indictment.
The flurry of activity on Thursday follows separate moves earlier this year stemming from special counsel Robert S. Mueller IIIâs probe of Russian interference in the 2016 U.S. election. In July, he obtained an indictment of 12 GRU members for hacking and leaking emails of Democratic officials and organizations. In February, officials announced an indictment of more than a dozen Russian âtrollsâ who spread disinformation online and of several operatives who traveled to the United St ates and posed as Americans to whip up protests and stoke political divisions.
In the summer of 2016, the GRU hacked drug-test results from the World Anti-Doping Agency (WADA) and leaked onto the Internet confidential information about U.S. Olympic athletes, including tennis stars Serena and Venus Williams, and gold medal gymnast Simone Biles. WADA that year called out the Russian military agency for the information operation.
[World Anti-Doping Agency confirms Russian hack of Rio Olympic drug-testing database]
U.S. indicts Russian spies in hacking campaign. (Department of Justice/Department of Justice)
Now, the U.S. government is seeking to punish the cyberspies.
âWe at the Department of Justice are not satisfied with merely exposing the conduct,â said Scott Brady, U.S. attorney for the Western District of Pen nsylvania, where a grand jury indicted the Russians. âWe seek to arrest those who broke the law. We want to bring them to Pittsburgh. We want them to stand trial. And we want to put them in jail.â
Dutch security officials said they expelled four of the Russians from the Netherlands for attempting in April to hack the Organization for the Prevention of Chemical Weapons (OPCW), an international watchdog organization based in The Hague. All seven GRU officers are now believed to be in Russia, U.S. officials said.
Allegations in the indictment show âthe defendants believed that they could use their perceived anonymity to act with impunity, in their own countries and on territories of other sovereign nations, to undermine international institutions to distract from their governmentâs own wrongdoing,â said Demers.
The GRU campaign ran from December 2014 until at least May 2018, targeting U.S. individuals, corporations and international organizations based on their strategic interest to the Russian government, officials said.
In July 2016, WADA released a report describing Russiaâs systematic subversion of the drug-testing process before, during and after the 2014 Sochi Winter Olympics. As a result, 111 Russian athletes were banned from the 2016 Summer Games in Rio de Janeiro. The International Paralympic Committee imposed a blanket ban on Russian athletes for its 2016 games.
Days after WADA released its report, the GRU officers prepared to hack the networks of WADA and the United States Anti-Doping Agency (USADA), among others, from Russia, the indictment alleges. Apparently unsuccessful in the effort from afar, two of the spies flew to Rio to hack the WiFi networks used by anti-doping officials in their hotels and elsewhere, officials said. They succeeded in stealing the log-in and password for one U.S. Anti-Doping Agency officialâs email account, obtaining summaries of test results and prescribed medications, they s aid.
In September, they flew to Lausanne, Switzerland, where WADA was hosting a conference, and managed to steal the credentials of an official with the Canadian Centre for Ethics in Sport by hacking the hotelâs WiFi. Other GRU spies used the credentials to compromise the anti-doping agencyâs networks in Canada.
Using social media accounts and other computer sites operated by GRU Unit 74455 in Russia â" one of two units implicated in July for interfering in the 2016 U.S. election â" the cyberspies posed as a hacktivist group calling itself the âFancy Bearsâ Hack Team.â
They leaked medical information and emails stolen from officials with 40 anti-doping and sporting organizations. In some instances, WADA documents were altered, officials said. In all, the GRU spies leaked the private data of 250 athletes from almost 30 countries, officials said.
As part of its disinformation effort, the operatives in some cases paired the leaks with posts and c omments that parroted themes used by the Russian government to push back against the anti-doping agenciesâ findings, officials said. Between 2016 and 2018 they also exchanged emails and private messages with some 186 reporters âto amplify the exposure and effect of their message,â the Justice Department said.
âI also hope that responsible members of the international news media will cast a suspecting eye on future âhack and leakâ operations which seek in part to manipulate stories in furtherance of Russian state interests,â Demers said.
Four defendants belong to GRU Unit 26165, which was the other team implicated in Muellerâs July indictment. They are Aleksei Morenets, 41; Evgenii Serebriakov, 37; Ivan Yermakov, 32; Artem Malyshev, 30; Dmitriy Badin, 27. Also charged Thursday were Oleg Sotnikov, 46, and Alexey Minin, 46.
They were accused of conspiracy to commit computer fraud and abuse, wire fraud and money laundering.
In April, Morenets, Serebriakov, Sotnikov and Minin, traveled on diplomatic passports to The Hague and sought through WiFi connections to target OPCW computers. But Dutch counterintelligence agents were watching, and the GRU plot unraveled when authorities caught the Russians in a rental car parked just outside the agencyâs semicircular building in The Hague. The spies were carrying taxi receipts for the trip from GRUâs barracks to a Moscow airport. And one of their phones had been activated on a transmission tower near the barracks.
A laptop confiscated by Dutch authorities contained web searches for a Swiss lab that helps the OPCW in its analyses, and the Russian spies were carrying GoogleMaps printouts of Russian diplomatic facilities in Geneva and Bern. One man had hidden an antenna under a coat in the carâs trunk, which was pointed at the OPCW to try to intercept login information to the organizationâs wireless Internet network, officials said.
The Russians were carrying dip lomatic passports, which may be why the Dutch authorities returned them to Moscow rather than arresting them. The Dutch released surveillance images of the men being accompanied by a Russian embassy official after landing at Amsterdamâs Schiphol airport.
The four had train tickets from the Netherlands to Switzerland, officials said, where they intended to target the Spiez Swiss Chemical Laboratory, which was analyzing military nerve agents, including the Novichok chemical agent that Britain said was used to poison former GRU officer Sergei Skripal in Salisbury, England, in March.
[In Russiaâs Far East, villagers recognize a Skripal poisoning suspect]
OPCW independently confirmed earlier this year that the Soviet-era nerve agent was used in the Skripal attack. The Russian mission to the OPCW has declined to comment on the Dutch findings, Interfax reported. The Russian ambassador to the Netherlands was summoned Thursday to the foreign ministry, officials said.
British diplomats on Thursday said Russian military intelligence was behind six separate cyberattacks between mid-2015 and March 2018. At least five were newly attributed on Thursday. Although some were high-profile and obviously political, others ranged across industries? business and media life.
Britain accused the GRU of hacking email accounts at a âsmall UK-based TV station,â stealing their contents. It blamed Russia for the WADA leak. It said Russia was behind a foiled attempt in March to compromise Britainâs Foreign Office servers. The British also blamed the GRU for the October 2017 BadRabbit ransomware attack that rendered computer systems inoperable in Ukraine and at the Russian central bank.
U.S. Defense Secretary Jim Mattis told reporters in Brussels that Washington stood âshoulder-to-shoulderâ with NATO allies who said they had been subject to Russian cyber attacks and pledged U.S. cyber offense capabilities to other allies if called upon.
But he said that NATO would not necessarily respond in kind.
Governments have been cautious about attributing similar attacks, in part because their origin can be hard to trace and because they do not want to reveal how they have tracked or penetrated the groups. But Britain and its allies have pushed this year for significantly more transparency, particularly after the Skripal attack in March.
Nakashima reported from Washington. Birnbaum reported from Brussels. Booth reported from London. Anton Troianovski and Amie Ferris-Rotman in Moscow contributed to this report.
Video: Putin says ex-Russian spy Sergei Skripal a âscumbagâ
Mueller probe indicts 12 Russians with hacking of Democrats in 2016
Inside a Russian disinformation campaign in Ukraine in 2014
Todayâs coverage from Post correspondents around the world
Like Washington Post World on Facebook and stay updated on foreign newsSource: Google News Russia | Netizen 24 Russia