Russia 'interfered in three elections' as it targeted Britain, Macedonia, U.S. and Ukraine in string of 'brazen' cyber attacks aimed at destabilising democracies around the world
- The Kremlin accused of using its agents to 'foster instability' around world
- Targets included metro in Ukraine, police in Malaysia and Olympics in Brazil
- Bungling spies caught in Holland had taxi receipts linking them to the GRU
- Evgenii Serebriakov's laptop had selfies and WiFi logins from previous missions
By Martin Robinson, Uk Chief Reporter For Mailonline
Published: 08:52 EDT, 4 October 2018 | Updated: 14:37 EDT, 4 October 2018
Russian spies launched a global cyber war to interfere with three elections, the Olympics, the MH17 investigation and the hunt for the men behind the Skripal attack in Salisbury, it was revealed today.
The Kremlin has been accused of using its agents to 'foster instability' in democracies around the world as their operations over the past three years were laid bare.
Targets included the metro and airports in Ukraine, police in Malaysia investigating claims the Russians shot down MH17 killing 300 passengers and even the emails of a small UK TV station.
Their hacking missions were inadvertently revealed by the four bungling spies caught in The Hague trying to hack into computers used by chemical weapons inspectors investigating Russian attacks in Salisbury and Syria.
Cyber expert Evgenii Serebriakov's laptop was seized and revealed he kept selfies from previous operations including at the 2016 Olympics in Brazil where Russian athletes' doping samples were tampered with and US athletes' medical records leaked.
His laptop contained WiFi logins and other evidence that also linked the men to cyber attacks in Switzerland and America, Denmark and Germany.
The Kremlin has been accused of using its agents to 'foster instability' in democracies around the world as their operations over the past three years were laid bare (pictured)
Evgenii Serebriakov was among four Russians trying to hack chemical weapons inspectors and his laptop contained this selfie at the 2016 Olympics in Brazil – revealing one of more than a dozen GRU missions across the globe
Pictures show the cache of equipment seized from the men. They attempted to smash up some of the phones (inset) when they realised authorities were on to them
Vladimir Putin is in India today as his spokesman said all the hacking claims are a 'diabolical perfume of lies'
They even kept receipts in their hire car that showed that the unit travelled from the GRU's Moscow headquarters to the airport for a flight to Amsterdam – linking them to the very heart of Putin's government.
Britain's Ambassador to the Netherlands Peter Wilson said today: 'The GRU has interfered in three elections and pursued a hostile campaign of cyber attacks', adding the Russians can no longer be allowed to act with 'apparent impunity'
Timeline: Putin's cyber army's worldwide missions
2015: The GRU accesses email accounts at a small UK-based TV station
2015-2016: Russia hacks the Danish defence ministry and gained access to employees' emails
May 2016: Russia accused of being behind a series of cyber attacks on German state computer systems
June 2016: Hackers accessed the Democratic National Committee during the 2016 US presidential campaign.
August 2016: Agent photographed posing at the Brazil Olympics where confidential US athlete medical data was hacked and leaked
September 2016: Serebriakov is in Lausanne, Switzerland, where a World Anti-Doping Agency conference is being held. Tackling Russia's widespread and systematic doping regime is a subject of debate.
A Canadian official's laptop is compromised by GRU malware, which spreads through the nation's sports ethics centre. IP addresses of the International Olympic Committee are also breached.
August 2017: Agents try to interfere and influence the Macedonian elections and GRU 'Fancy Bears' again attack WADA in August 2017
October 2017: The GRU behind a 'BadRabbit'attack that caused disruption to the Kiev metro and Odessa airport
December 2017: Serebriakov is in Kuala Lumpur, Malaysia, to target government institutions and commit 'malign activity' as investigators probe the downing of the MH17 flight.
It would later be concluded that the missile that blew the passenger jet out of the sky, killing 298, was launched from territory in Ukraine controlled by Russia-backed rebels.
March 4 2018: Former Russian spy Sergei Skripal and his daughter Yulia fight for their lives after GRU officers poison them with the nerve agent.
The GRU attempts to compromise Foreign Office computers with a 'spearphising' attack.
April 2018: The same Russian intelligence group targets the Porton Down military laboratory and the Organisation for the Prohibition of Chemical Weapons (OPCW). Both would test the Novichok.
April 10: The four GRU officers travelling on Russian diplomatic passports enter Amsterdam Airport Schiphol from Moscow.
April 11: They perform reconnaissance of the OPCW headquarters in The Hague, where the nerve agent sample was being independently verified.
April 12: The OPCW confirms Britain's analysis of the nerve agent used in the Salisbury poisoning. Its inspectors found the 'high purity' chemical was most likely to have been manufactured in a state laboratory.
April 13: GRU officers park a rental car with specialist hacking equipment outside the OPCW's headquarters to breach its systems. British and Dutch intelligence thwart the operation and the suspects are expelled from the Netherlands.
Later in April: Agents plan to travel to OPCW offices in Spiez, Switzerland, to commit further cyber operations.
May: GRU hackers target OPCW employees with 'spearphising' emails impersonating Swiss authorities.
October 4: British and Dutch politicians team up to announce the revelations, with the UK threatening further sanctions against Russia.
Details were revealed on Thursday after the UK Government accused the GRU of a wave of other cyber attacks across the globe.
Prime Minister Theresa May said the operation 'further shone a light on the unacceptable cyber activities' of the GRU and demonstrated its 'disregard for the global values and rules that keep us safe'.
The team of four GRU officers travelling on official Russian passports entered the Netherlands on April 10.
On April 13 they parked a car carrying specialist hacking equipment outside the headquarters of the OPCW in The Hague.
At that point Dutch counter-terrorism officers intervened to disrupt the operation and the four GRU officers were ordered to leave the country.
The 'close access' hacking attempt followed a failed 'spearphishing attack' on the OPCW headquarters.
Two of the officers were planning to travel on to Switzerland where the OPCW – which was at the time investigating the Salisbury attack and a suspected chemical weapons attack in Syria – has laboratories.
Dutch authorities released CCTV images of the four men arriving at Schiphol Airport as well photographs of their passports.
They were named in them as Alekski Morenets, described as a cyber operator, Evgenii Serebriakov, also a cyber operator, Oleg Soktnikov, described as humint (human intelligence) support, and Alexey Minin, also humint support.
The attempt on the OPCW headquarters followed unsuccessful 'spearphishing' attacks by the GRU on the UK Foreign Office and on the defence laboratories at Porton Down, which was also investigating the Salisbury attack.
Peter Wilson, the UK's ambassador to the Netherlands, said the hacking attack happened when the 'OPCW was working to independently verify the United Kingdom's analysis of the chemical weapons used in the poisoning of the Skripals in Salisbury'.
Mr Wilson also accused one of the GRU officers escorted out of the Netherlands of targeting the Malaysian investigation into the shooting down of flight MH17 over Ukraine in 2014, when more than 300 people travelling from Amsterdam to Kuala Lumpur died.
The OPCW has confirmed the toxic chemical that killed Dawn Sturgess in Amesbury was the same nerve agent as that which poisoned Sergei and Yulia Skripal three months earlier.
UK authorities believe two Russians, using the aliases Alexander Petrov and Ruslan Boshirov, smeared the highly toxic Novichok on a door handle at the Wiltshire home of Mr Skripal on March 4.
The attack left Mr Skripal and his daughter Yulia critically ill, and Ms Sturgess, 44, who was later exposed to the same nerve agent, died in July.
Conservative MP Tom Tugendhat, chairman of the UK's Commons Foreign Affairs Committee, tweeted: 'The catalogue of evidence shows why the Dutch are excellent partners and that the decades of theft have stripped Russia's intelligence of the skills they once had. Putin's corrupt greed has turned the GRU into an amateurish bunch of jokers.'
Earlier Foreign Secretary Jeremy Hunt said the GRU was waging a campaign of 'indiscriminate and reckless' cyber strikes targeting political institutions, businesses, media and sport.
The National Cyber Security Centre (NCSC) said a number of hackers known to have launched attacks have been linked to the GRU.
The NCSC associated four new attacks with the GRU, on top of previous strikes believed to have been conducted by Russian intelligence.
Among targets of the GRU attacks were the World Anti-Doping Agency (Wada), transport systems in Ukraine, and democratic elections, such as the 2016 US presidential race, according to the NCSC.
Dutch authorities have released images of four Russian agents who tried to hack into the global chemical weapons watchdog a month after the Salisbury novichok attack. CCTV shows them when they were kicked out of the Netherlands
Surveillance footage shows the moment Dutch intelligence officers descended on the scene and caught the four men outside the chemical weapons agency
Authorities released a picture of the car which was rigged up with hacking equipment
The men took their own rubbish – including several beer cans – out of their hotel room, presumably because they were concerned about an investigation
Dutch authorities released images of the huge amount the cash found on the men.Sotnikov had 20,000 euros and 20,000 dollars on him
The centre said it was 'almost certainly' the GRU behind a 'BadRabbit'attack in October 2017 that caused disruption to the Kiev metro, Odessa airport and Russia's central bank.
Britain's cyber security chiefs say they have 'high confidence' Russian intelligence was responsible for a strike on Wada in August 2017.
The NCSC also said the GRU was 'almost certainly' to blame for hacking the Democratic National Committee during the US presidential election in 2016.
And the agency pointed the finger at the GRU for accessing email accounts at a small UK-based TV station in 2015.
Britain, America and The Netherlands today launched a carefully coordinated fightback against Putin's army of hackers as the scale of Russia's global cyber warfare was laid bare.
First, the UK accused Russia's GRU intelligence agency of being behind hacks on the World Anti-Doping Agency (Wada), transport systems in Ukraine and democratic elections, such as the 2016 US presidential race.
Then, Dutch authorities revealed they had caught a team of Kremlin agents rigging up computers, phones and an antenna in the boot of a car to try and hack into the global chemical weapons watchdog in The Hague.
Then, this afternoon, the US Justice Department announced it has charged seven Russian military intelligence officers with hacking anti-doping agencies and other organizations.
The suspects, including some of The Hague cyber squad, are accused of hacking hundreds of people in 30 countries including people working in anti-doping organisation, for FIFA and staff at a US nuclear facility supplying power to Ukraine.
Five are also charged with aggravated identity theft, money laundering and using crypto-currencies illegally in transactions that occurred in part in US. Prosecutors said: 'We want them to face trial and be put in jail'.
The Kremlin was left trying to bat away a growing flood of evidence of its hacking activities around the world, with some allegations dating back years.
The passport numbers of the men were released, including Aleksei Morenets, from Murmansk
Another of the men was named as Oleg Sotnikov, said to have been born in Oeljanovsk
One of the men was named as Evgeny Serebriakov and his passport of photo was released
A briefing in The Hague was shown pictures of each of the men's passports. Alexey Minin, from Perm, to the north west of Moscow, was named as one of the men
'A diabolical perfume of lies': Russia makes novichok reference as it blasts claims its GRU agents were behind global cyber attacks
Russia today described British accusations that its spies were behind global cyber attacks as 'a diabolical perfume of lies'.
The Russian Foreign Ministry's phrase referred to the Salisbury poisonings earlier this year which saw the novichok nerve agent disguised in a fake perfume bottle.
Its spokesman Maria Zakharova said the new hacking allegations were unworthy and part of a disinformation campaign designed to damage Russian interests.
But Ms Zakharova said today the accusations were the product of someone with a 'rich imagination', adding: 'It's some kind of a diabolical perfume cocktail.'
Russian Foreign Ministry spokesman Maria Zakharova, pictured with President Vladimir Putin in January 2017, dismissed the new hacking accusations from the UK as 'a diabolical perfume of lies'. The statement is thought to be a reference to the fake perfume bottle used in the novichok attack which killed British mother Dawn Sturgess
Asked about accusations from the Foreign Office of Russia being involved in worldwide cyber attacks, a spokesman for the Russian embassy said: 'This statement is reckless. It has become a tradition for such claims to lack any evidence. It is yet another element of the anti-Russian campaign by the UK Government.
'In December 2017 during the then-foreign secretary Boris Johnson's visit to Moscow, Russia's Foreign Minister Sergei Lavrov proposed to launch expert consultations on cybersecurity in order to address UK's concerns, if any.
'The offer was turned down. The only reasonable explanation is that the UK has no facts for a substantive discussion.
'Thus, such statements by the Foreign Office are nothing but crude disinformation, aimed at confusing the British and world public opinion.
'By the way, it is hardly a coincidence that these accusations appear exactly at the time of Nato defence ministers meeting in Brussels and announcements of creating special cyber-attack military units in several western countries.'