United States charges six Russian intelligence operatives with hacking

US Department of Justice

THE UNITED STATES DEPARTMENT of Justice has unsealed charges against six members of Russia’s military intelligence agency for allegedly engaging in worldwide computer hacking against several countries. The charges, announced in Pittsburgh on Monday, represent in a rare move that targets specific intelligence operatives and identifies them by name and visually. According to the US government, the six Russian operatives were instrumental in some of the most destructive and costly cyber-attacks that have taken place worldwide in the past five years.

The indictment alleges that the six Russian intelligence operatives were members of a hacker group named “Sandworm Team” and “Voodoo Bear” by cybersecurity experts. In reality, however, they were —and probably still are— employees of Unit 74455 of the Russian Armed Forces’ Main Intelligence Directorate, known as GRU. Their cyber-attacks employed the full resources of the GRU, according to the indictment. They were thus “highly advanced”, and were carried out in direct support of “Russian economic and national objectives”. At times, the group allegedly tried to hide its tracks and connections to the Russian government, by making it seem like its cyber-attacks were carried out by Chinese- and North Korean-linked hackers. However, according to the US government, its operations and targets were carried out “for the strategic benefit of Russia”.

The hacker group has been active since the end of 2015, and is alleged to have continued its operations until at least October of 2019. Alleged attacks include a major assault on the power grid of Ukraine in December of 2015, which left hundreds of thousands without electricity and heat. Other alleged attacks targeted the government of Georgia and the French national elections of 2017. The charges include alleged attacks on Western chemical laboratories that examined the toxic substance used in 2018 against former GRU officer Sergei Skripal in England.

Finally, some of the group’s alleged efforts centered on sabotaging the 2018 Winter Olympics in Pyeongchang, South Korea. Russian athletes were barred from the games, after the Russian government was accused of participating in wholesale doping of its Olympic team. Notably, none of the attacks connected with the group’s operations appeared to have directly targeted the United States —though some of the viruses that were allegedly unleashed by the group affected some American companies.

Author: Joseph Fitsanakis | Date: 21 October 2020 | Permalink

Bulgaria expels two Russian diplomats for espionage, Russia vows to respond in kind

Russian embassy BulgariaBulgaria, a once close Soviet ally, which is now a member of the European Union and the North Atlantic Treaty Organization, has expelled two Russian diplomats whom it accuses of conducting military espionage. This raises to five the number of Russian diplomats who have been expelled from Bulgaria for espionage in the past year.

In a hastily announced press conference on Wednesday, a spokesman for the Ministry of Foreign Affairs told reporters in the Bulgarian capital Sofia that the ministry had “declared two Russian diplomats personae non grate”, a Latin term meaning unwanted persons. He added that the Bulgarian government had notified the Russian embassy of its decision with an official diplomatic note. The two Russian diplomats, who have not been named, were given 72 hours to leave the country, said the spokesman.

In addition to the expulsion of the two diplomats, it was later reported that the Bulgarian government had denied an earlier request by Moscow to provide diplomatic accreditation to Russia’s new military attaché to the country, who was expected to assume his post in Sofia this coming December. It is believed that this action by the Bulgarian government is connected to the alleged espionage case involving the two Russian diplomats.

Bulgarian government prosecutors allege that the two Russians have engaged in espionage activities in Bulgaria since 2016. Their goal, according to the Bulgarians, was to obtain classified information about the technological modernization of the Bulgarian Armed Forces, which is ongoing. They had allegedly already made contacts with Bulgarian officials who were privy to such information, and in some cases had already provided them with money in exchange for secrets. The two diplomats are believed to be working for the Main Directorate of the Russian Armed Forces’ General Staff, which is commonly referred to as GRU.

The Russian Embassy in Sofia confirmed late on Wednesday that it had received a telephone call from the Bulgarian Ministry of Foreign Affairs, informing it of the expulsion order issued for the two diplomats. It added, however, that it had not been given proof of acts of espionage by the two diplomats. In the same statement, the Russian Embassy said the two diplomats would leave Bulgaria as instructed, but warned that Moscow reserved the right “to a response in kind”.

Author: Joseph Fitsanakis | Date: 24 September 2020 | Permalink

French lieutenant-colonel serving with NATO arrested for spying for Russia

Florence ParlyFrench authorities are reportedly investigating a senior military officer, who is serving with the North Atlantic Treaty Organization in Italy, for spying on behalf of Russia, according to a news report from France. On Sunday, France’s Minister of the Armed Forces, Florence Parly (pictured), gave a press conference in Paris, during which she provided limited information about the ongoing investigation. Parly said she could confirm that “a senior officer” in the French military was undergoing “legal proceedings” relating to a “security breach”. She refused to provide specific details on the case.

Later on Sunday, however, French radio station Europe 1 reported that the military officer was a lieutenant-colonel who is currently serving at a NATO facility in Italy. The officer is believed to speak Russian and is considered a specialist on Russian military affairs, said the station. It added that French authorities began investigating him after he was spotted in Italy with a man who was later identified as an intelligence officer with the Main Directorate of the General Staff of the Russian Armed Forces, known commonly as GRU. According to Europe 1, the French military officer was arrested by the General Directorate for Internal Security (DGSI), France’s counterintelligence and counterterrorism agency.

At the time of his arrest, the unnamed man was making preparations to return to his NATO post in Italy, after holidaying in France, according to the radio station’s report. He is currently in detention in the French capital on suspicion of having supplied classified military documents to Russian intelligence. Europe 1 cited an unnamed source who said the officer would be prosecuted for “collecting [and] sharing information with a foreign power” that “harms the fundamental interests of the [French] nation” and “harms national defense”.

Author: Joseph Fitsanakis | Date: 31 August 2020 | Permalink

Austrian financier dubbed ‘world’s most wanted man’ hiding under Russian protection

Jan MarsalekAn Austrian financier, who disappeared following the outbreak of a massive financial scandal in Germany last month, and is wanted by several Western spy agencies, is reportedly hiding under Russian protection. The financier, Jan Marsalek, dubbed by some as “the world’s most wanted man”, is connected with the sudden collapse of Wirecard AG in Germany last month.

Wirecard (est. 1999) was a German provider of financial services, such as mobile phone payment processing and other electronic payment transaction systems. The company also issued physical and virtual credit and pre-paid cards. But on June 25, the company declared itself insolvent, after an audit revealed that nearly €2 billion ($2.3 billion) in cash deposits were missing from its accounts. Soon afterwards, the company’s share value lost over 70 percent of its value and its management team, including its chief executive officer, Markus Braun, stepped down.

On June 22, Braun was arrested, and a criminal investigation was launched following reports that the missing €2 billion probably never existed in the first place. Meanwhile, German police sought to arrest Marsalek, who had worked as Wirecard’s chief operating officer since 2010. Marsalek, 40, was also in charge of Winecard’s operations in Asia and specifically the Philippines, where the fictitious €2 billion was reportedly deposited.

On June 18, after getting fired from his job, Marsalek told colleagues that he was leaving immediately for Manilla, in order to track down the missing funds and clear his name. However, he never arrived there, as he seemed to disappear into thin air on the way. An investigative report by The Financial Times revealed that Marsalek never made use of his airline ticket to the Philippine capital, and that the immigration records that showed him entering the country and then flying from there to China had been forged. This was later confirmed by the Philippines government.

According to the investigative website Bellingcat, Marsalek never went to the Philippines, but instead fled to Belarus via Estonia. By the time he arrived in Minsk, the Austrian financier was reportedly “a person of interest” to at least three Western spy agencies, and is now believed to have links to Russian intelligence. Bellingcat said Marsalek has made over 60 trips to Russia since 2010, in some cases staying on Russian soil for just a few hours before flying back to Germany. He is also wanted by several European governments on charges of embezzlement and fraud.

On Sunday, German financial newspaper Handelsblatt said Marsalek had been located in Russia and was allegedly staying at a villa outside Moscow, under the protection of Russian military intelligence. The newspaper claimed that the Austrian financier was being protected by officers of the Main Directorate of the General Staff of the Russian Armed Forces, which is commonly known as GRU. According to Handelsblatt, the current tension in relations between Russia and Belarus made it “too risky” for the Kremlin to keep Marsalek in the Belarussian capital. The decision was therefore made to secretly transport him to Moscow.

The German newspaper said it found out about Marsalek’s whereabouts from sources including “financiers, judges and diplomats”. On Monday the Russian government said it had no information about Marsalek’s current whereabouts. It also denied that the Austrian financier has any ties to its intelligence services.

Author: Joseph Fitsanakis | Date: 21 July 2020 | Permalink

Austrian court finds unnamed retired Army colonel guilty of spying for Russia

Igor Egorovich ZaytsevA court in Austria has found a retired Army colonel guilty of providing classified military information to Russia, following a closed-door trial. Interestingly, the alleged spy’s name has not been made public. Some Austrian media have been referring to him as “Martin M.”.

The retired colonel was arrested in November of 2018, reportedly after having recently retired following a long military career. Austria’s Defense Ministry said at the time that the arrest came after a tip given to the Austrian government by an unnamed European intelligence agency from a “friendly country”. Martin M. reportedly served in peacekeeping missions in the Golan Heights and Cyprus before being posted at one of the Austrian Armed Forces’ two headquarters, located in the western city of Salzburg. It was around that time, say prosecutors, that the unnamed man began spying for Russia. Starting in 1992, he was in regular contact with his Russian handler, who was known to him only as “Yuri”.

“Yuri” was later identified by Austrian authorities as Igor Egorovich Zaytsev, who is allegedly an intelligence officer for the Main Directorate of the General Staff of the Russian Armed Forces. Known as GRU, the organization is Russia’s primary military-intelligence agency. The Austrian government has issued an international arrest warrant for a Zaytsev.

Zaytsev reportedly trained Martin M. in the use of “sophisticated equipment”, according to the Austrian prosecutor, which he used to communicate classified information to Moscow. He is thought to have given Russia information on a range of weapons systems used by the Austrian Army and Air Force, as well as the personal details of high-ranking officers in the Austrian Armed Forces. Austrian media initially reported that the alleged spy was paid nearly $350,000 for his services to Moscow.

During his trial, Martin M. reportedly admitted that he had received payments form the Russians to provide information. But he claimed that the information he gave them was already publicly available. His legal team compared his role to that of a “foreign correspondent” for a news service. The court, however, did not accept that argument and on Tuesday sentenced Martin M. to three years in prison.

Soon after his sentencing, the defendant was released on parole, after the court counted the 18 months he has served behind bars since his arrest as part of his prison sentence. His legal team said they plan to appeal the sentence.

Author: Joseph Fitsanakis | Date: 11 May 2020 | Permalink

Russian spy who tried to kill Bulgarian arms dealer is now a diplomat, report claims

Emilian GebrevA Russian intelligence officer, who was allegedly involved in an attempt to kill a Bulgarian arms dealer in Sofia in 2015, is now a diplomat, according to report published on Tuesday by the investigative website Bellingcat. The website also claimed that there is a possible connection between the intelligence officer and the attempted assassination of Russian intelligence defector Sergei Skripal in England in 2018.

In January, prosecutors in Bulgaria charged three Russian men with attempted murder. The men were identified as Sergei Fedotov, Sergei Pavlov and Georgy Gorshkov, all of them residents of Moscow, according to Bulgarian prosecutors. They were charged with attempting to kill Emilian Gebrev (pictured), a wealthy Bulgarian defense industry entrepreneur and trader. Gebrev was hospitalized for several days for signs of poisoning, along with his son and one of his company’s executives. All of them eventually made a full recovery. Gebrev’s lawyers claim that he suffered from “intoxication with an unidentified organophosphorus substance”.

The case had been shelved for several years, but the Bulgarian state revived it following the attempted assassination of Skripal, which British officials blamed on the Russian state. British authorities charged two men, Anatoly Chepiga and Alexander Miskin —both of them allegedly Russian military intelligence officers— with attempting to kill Skripal. In February of 2019, Bulgarian officials claimed that there might have been a link between the attacks on Skripal and Gebrev. Last December, Bulgaria’s chief prosecutor announced that his office was investigating the alleged link between the two cases.

Now Bellingcat has said that it has discovered the real name of one of the three Russian men who were allegedly involved in the attempted killing of Gebrev. According to Bellingcat, the man, identified by Bulgarian authorities as Georgy Gorshkov, is in fact Yegor Gordienko, who is currently posted under diplomatic in Switzerland. According to the investigative website, Gordienko, 41, is currently serving as third secretary at the Russian Federation’s mission to the World Trade Organization in Geneva. State prosecutors in Bulgaria and the United Kingdom are investigating reports that Gordienko/Gorshkov was present in those countries when the attacks against Gebrev and Skripal took place, said Bellingcat.

Author: Joseph Fitsanakis | Date: 26 February 2020 | Permalink

Russia sent spies to Ireland to check undersea fiber-optic cables: report

Undersea cableThe Russian government sent a team of spies to Ireland to monitor undersea fiber-optic cables, which enable communications traffic between North America and Western Europe, according to a new report. The spies were allegedly sent to Ireland by the Main Directorate of the General Staff of the Russian Armed Forces, which is known in Russia as GU, and formerly as GRU.

Due to its geographical proximity to both North America and Europe, Ireland constitutes a major hub for several of the more than 300 undersea cables that currently cross the world’s oceans. Totaling over 500,000 miles, these cables deliver Internet and telephone traffic across every continent. Nearly all transcontinental communications traffic is facilitated through these cables.

According to the London-based Sunday Times newspaper, the Irish security services believe that the GU spies were sent to Ireland to check the cables for weak points, in case Moscow decides to sabotage them in the future. Others claim that the Russian spies sought physical access to the cables in order to install wiretaps. The Times article also claims that Russian spies were detected by Irish security personnel monitoring the Dublin Port, which is Ireland’s primary seaport. This, said The Times, prompted a security alert in government facilities along the Irish coastline.

The same report claimed that the GU has been using Ireland as a base for operations in northwestern Europe, from where Russian spies can gather intelligence on European targets such as Belgium, the United Kingdom, Holland and France.

Author: Ian Allen | Date: 18 February 2020 | Permalink

Elite Russian spy unit used French Alps region as logistical base

Chamonix FranceAn elite group Russian military intelligence officers, who have participated in assassinations across Europe, have been using resorts in the French Alps as logistical and supply bases, according to a new report. The report concerns Unit 29155 of the Main Directorate of the General Staff of the Russian Armed Forces, commonly known as GRU. According to The New York Times, which revealed its existence of 29155 in October, the unit has been operating for at least 10 years. However, Western intelligence agencies only began to focus on it in 2016, after it was alleged that an elite group of Russian spies tried to stage a coup in the tiny Balkan country of Montenegro.

Unit 29155 is believed to consist of a tightly knit group of intelligence officers led by Major General Andrei V. Averyanov, a hardened veteran of Russia’s Chechen wars. The existence of the unit is reportedly so secret that even other GRU operatives are unlikely to have heard of it. Members of the unit frequently travel to Europe to carry out sabotage and disinformation campaigns, kill targets, or conduct other forms of what some experts describe as the Kremlin’s hybrid war. They are believed to be responsible for the attempt on the life of Sergei Skripal, a former GRU intelligence officer who defected to Britain. He almost died in March 2018, when two Russian members of Unit 29155 poisoned him in the English town of Salisbury.

On Wednesday, a new report in the French newspaper Le Monde claimed that Unit 29155 used the French Alps as a “rear base” to carry out operations throughout Europe. According to the paper, the information about the unit’s activities in France emerged following forensic investigations of the activities of its members by British, Swiss, French and American intelligence agencies. In the same article, Le Monde published the names of 15 members of Unit 29155, which allegedly stayed in various French alpine towns and cities between 2014 and 2018. The paper said that they traveled to France from various countries in Europe, such as Spain, the United Kingdom, Switzerland, or directly for Russia.

The alleged Russian spies stayed in France’s Haute-Savoie, which borders Switzerland, and is among Europe’s most popular wintertime tourist destinations. The area includes the world-famous Mont Blanc mountain range and the picturesque alpine towns of Annemasse, Evian and Chamonix. Several members of the unit visited the region repeatedly, said Le Monde, while others entered France once or twice, in connection with specific spy missions. It is believed that the reasoning behind their trips to the French Alps was to blend in with the large numbers of international tourists that travel to the region throughout the year. However, the unit also utilized several other areas in Eastern Europe as rear bases, including cities and towns in Moldova, Montenegro and Bulgaria, said Le Monde.

Author: Joseph Fitsanakis | Date: 05 December 2019 | Permalink

Russia has a dedicated spy unit to destabilize Europe, Western officials claim

GRURussian intelligence maintains an elite spy unit whose sole goal is to run operations that have the potential to subvert European political and economic systems, according to a new report by The New York Times. The unit is behind a string of intelligence operations in recent years, which range from espionage to disinformation campaigns and even assassinations.

The Times cited “four Western officials” who said that the group is known as Unit 29155 and operates within the Main Directorate of the General Staff of the Russian Armed Forces, commonly known as GRU. It has allegedly been in existence for at least 10 years, but it only recently appeared on the radar of Western intelligence agencies. The latter began to take note of Unit 29155 in 2016, after it was alleged that an elite unit of Russian spies tried to stage a coup in the tiny Balkan country of Montenegro. The former Yugoslav Republic was seeking to join the North Atlantic Treaty Organization at the time. It was claimed that the Russian intelligence operatives carried out a failed attempt to kill its prime minister and instigate a pro-Russian coup.

According to the paper, Western intelligence officials do not have a clear picture of the structure of Unit 29155, nor are they able to predict where it will strike next. But they believe that it consists of a very tightly knit group of intelligence officers led by Major General Andrei V. Averyanov, a hardened veteran of Russia’s Chechen wars. The existence of the unit is so secret that even other GRU operatives are unlikely to have heard of it, said The Times. Members of the unit frequently travel to Europe to carry out sabotage and disinformation campaigns, kill targets, or conduct other forms of what some experts describe as the Kremlin’s hybrid war. They tend to travel on the cheap, in order to economize and avoid attention, said the paper.

The Times said it reached out to the Kremlin with a number of questions about Unit 29155. It received a response from Kremlin spokesman Dmitri S. Peskov, who suggested that the questions be directed instead to Russia’s Defense Ministry. But the ministry did not return any messages.

Author: Joseph Fitsanakis | Date: 09 October 2019 | Permalink

Austria issues international arrest warrant for alleged Russian spy

Igor Egorovich ZaytsevThe Austrian government has issued an international arrest warrant for a Russian man who allegedly recruited a retired colonel in the Austrian Federal Army to spy for Moscow. The arrest warrant was issued on Tuesday by the public prosecutor’s office in the city of Salzburg. It identifies the Russian man as Igor Egorovich Zaytsev. Austrian officials allege that the Moscow-born Zaytsev is in fact an intelligence officer for the Main Directorate of the General Staff of the Russian Armed Forces. Known as GRU, the organization is Russia’s primary military-intelligence agency.

In an accompanying press statement issued on Tuesday, the Austrian Ministry of the Interior said that Zaytsev had facilitated the “betrayal of state secrets” and that his actions had been “to the detriment of the Republic of Austria”. The arrest warrant accuses Zaytsev of having participated in the “intentional disclosure of a military secret”, but does not provide details. However, in a subsequent statement, Austrian police directly linked the search for Zaytsev with an espionage case that was reported in the Austrian media last year. The statement said that Zaytsev is believed to have recruited a man known as “Martin M.” to spy on Austria. This appears to refer to the arrest last November of a 70-year-old colonel in the Austrian Army, who was stationed in Salzburg. He is believed to have spied for Russia from at least 1992 until his arrest. Austrian media reported that the accused spy was believed to have given Russia information on a range of weapons systems used by the Austrian Army and Air Force, as well as the personal details of high-ranking officers in the Austrian Armed Forces.

Soon after the arrest of “Martin M.”, Austrian authorities arrested a second man, identified only as “O.”, who is also suspected on having spied for Russia. According to the Vienna Public Prosecutor’s Office, “O.” was an employee of the Austrian Office for Protection of the Constitution and Counterterrorism, known as BVT. He had been investigated on suspicion of espionage for more than a year prior to his arrest. The man’s arrest took place alongside simultaneous raids at two residential addresses associated with him, according to reports. No further details have been made available since the arrest. It is not known whether Zaytsev’s is also connected with the case of “O.”.

Author: Joseph Fitsanakis | Date: 26 July 2019 | Permalink

Reports allege third man was involved in poisoning of Sergei Skripal

Sergei SkripalNew reports from Russian investigative sites claim that a third man using a fake name was involved in the attempted assassination of former double spy Sergei Skripal in England last year. Skripal, a former military intelligence officer, was resettled in the English town of Salisbury in 2010, after spending several years in a Russian prison for spying on behalf of Britain. But he and his daughter Yulia almost died in March 2018, after they were poisoned with a powerful nerve agent that nearly killed them. The attack has been widely blamed on the Russian government, though the Kremlin denies it had any role in it. Two assailants have so far been identified by British intelligence. They have been named as Dr. Alexander Yevgenyevich Mishkin —cover name ‘Alexander Petrov’— and Colonel Anatoliy Chepiga —cover name ‘Ruslan Boshirov’. Both are said to be employees of the Russian military intelligence agency known as the Main Directorate of the General Staff of the Armed Forces, commonly referred to as the GRU. The two men spoke on Russian television last year, denying any involvement in the attack on the Skripals. Their whereabouts since their television interview remain unknown. Moscow denies that it had any role in the attack.

In October of last year, the Russian investigative news site Fontanka claimed that a third man under the name of Sergey Fedotov, may have been involved in the attack on Skripal. Last Thursday, another Russian investigative news site, Bellingcat, said that the name Sergey Fedotov appears to have been created out of thin air for operational purposes by Russia’s intelligence services. According to Bellingcat, Fedotov appears to have no past prior to 2010, when his identity was invented using the same techniques that the fake identities of ‘Petrov’ and ‘Boshirov’ were concocted by the GRU. Moreover, Fedotov’s records show that he traveled extensively in the Middle East, Asia and Europe between 2010 and 2015. The Russian news site claims that he was in Bulgaria in late April 2015, when Emilian Gebrev, a wealthy local defense industry entrepreneur, fell violently ill. Gebrev was hospitalized for signs of poisoning along with his son and one of his company’s executives for several days, eventually making a full recovery. As the Bulgarian businessman was being taken to hospital, Fedotov skipped his return flight out of Sofia and instead drove to Istanbul, Turkey, where he bought a one-way airline ticket to Moscow, says Bellingcat.

The BBC’s Gordon Corera said he contacted the Russian embassy in London and the Kremlin in Moscow. Both sources strongly refuted the Bellingcat report. A Kremlin spokesman cautioned the BBC to be skeptical about Bellingcat’s report, since “we don’t know what [its] authors based their work on [or] how competent they are”. British Police told Corera that they were “still investigating whether further suspects were involved” in the attack on Skripal and were “not prepared to discuss” details pertaining to “an ongoing investigation”.

Author: Joseph Fitsanakis | Date: 11 February 2019 | Permalink

Nerve agent used in Skripal attack ‘could have killed thousands’ say experts

GRUThe amount of poison smuggled into Britain for a near-fatal attack on Russian former spy Sergei Skripal was powerful enough to kill “thousands of people”, according those leading the investigation into the incident. Skripal, a former military intelligence officer, was resettled in the English town of Salisbury in 2010, after spending several years in a Russian prison for spying for Britain. But he and his daughter Yulia almost died in March of this year, after being poisoned by a powerful nerve agent that nearly killed them. The attack has been widely blamed on the Russian government, though the Kremlin denies that it had a role in it.

Investigators from Britain and other Western countries have identified the poison used in the attack on the Skripals as novichok. The term (meaning ‘newbie’ in Russian) was given by Western scientists to a series of rarely used nerve agents that were developed the Soviet Union and Russia between 1971 and the early 1990s. It is believed that the poison was smuggled into the United Kingdom hidden inside an imitation perfume bottle, which had been fitted with a custom-made pump used to apply the poison. British authorities have determined that the assailants sprayed the poison on the doorway —including the handle— of the Skripals’ house in Salisbury. They then discarded the perfume bottle, containing the leftover novichok, in a garbage can before leaving the country in a hurry. The bottle was eventually recovered by Salisbury resident Charlie Rowley. His partner, Dawn Sturgess, died of poisoning after she applied some of the contents of the bottle on her wrists. British government scientists have since been examining the contents of the perfume bottle found inside Sturgess’ home.

On Thursday, BBC Television’s Panorama investigative program aired an episode entitled “Salisbury Nerve Agent Attack: The Inside Story”. Among those interviewed was Dean Haydon, a British Deputy Assistant Commissioner who is leading the ongoing investigation into the Salisbury attack. He told Panorama that “a significant amount” of novichok was left behind by the assailants inside the discarded perfume bottle. The amount of poison in the discarded bottle could have been used to kill “thousands”, he said, adding that the way it was applied to the Skripals’ home was “completely reckless”. The BBC program’s producers also spoke to a British government chemical weapons scientist, identified only as “Tim”, who is credited with having identified the substance used on the Skripals. He told the program that less than 100g of novichok was used against the Skripals, leaving the vast majority of the nerve agent inside the bottle. Given that novichok is “one of the deadliest substances known”, which has a “unique ability to poison individuals at very low concentrations”, the scientist said he was shocked by the amount of poison that was smuggled into Britain by the assailants.

The assailants have been identified by British intelligence as Dr. Alexander Yevgenyevich Mishkin (cover name “Alexander Petrov”) and Colonel Anatoliy Chepiga (cover name “Ruslan Boshirov”). Both men are said to be employees of the Russian military intelligence agency known as the Main Directorate of the General Staff of the Armed Forces, commonly referred to as the GRU. Moscow denies that it had any role in the attack on the Skripals.

Author: Joseph Fitsanakis | Date: 22 November 2018 | Permalink

Russia claims ‘misunderstanding’ led to arrests of four spies in Holland

Sergei LavrovRussia’s minister of foreign affairs has downplayed the arrest and expulsion of four Russian military intelligence officers in Holland last April, saying that the incident was caused by a “misunderstanding”. Last Thursday, the US government named and indicted seven officers of the Main Directorate of the General Staff of Russia’s Armed Forces, known as GRU. The seven are alleged to have participated in cyber-attacks on international agencies, private companies and government computer networks in at least half a dozen countries around the world since 2015. Four of the men named last week were reportedly detained in April of this year while trying to hack into the computer network of the Organization for the Prohibition of Chemical Weapons (OPCW). Headquartered in The Hague, the OPCW oversees efforts by its 193 member states to detect and eliminate chemical weapons stockpiles around the world. In the past year, the OPCW has been probing the failed attempt to poison the Russian former double spy Sergei Skripal in England, which the British government has blamed on Moscow.

On Monday, Russia’s Minister of Foreign Affairs Sergei Lavrov dismissed Washington’s accusations against the GRU and said that the Dutch authorities had overreacted in detaining the four Russian officers in April. Following a meeting in Moscow with his Italian counterpart Enzo Moavero Milanesi, Lavrov said that the visit of the four GRU officers in Holland had been “customary”, adding that “there was nothing clandestine in it”. The GRU specialists were in Holland in order to secure computer servers used at the Russian embassy there. “They were not trying to hide from anyone once they arrived at the airport”, said Lavrov. They then “checked into a hotel and paid a visit to our embassy”, he added. Had they been engaged in espionage, the men would have taken strict precautions, said the Russian foreign affairs minister. They were eventually “detained by Dutch police without any reason or explanations, and were not allowed to contact our embassy”, said Lavrov. Eventually they were “asked to leave the country”, but it was “all because of a misunderstanding”, he concluded.

The Russian official did not address the information provided a series of photographs released by Holland’s Ministry of Defense, which show a car used by the four Russians at the time of their arrest in April. The photographs show that the car was equipped with WiFi antennas and transformers. A wireless server and batteries can also be seen in the photographs. Lavrov said that the allegations against the GRU were meant to draw attention to Russia and distract Western citizens from “widening divisions that exist between Western nations”.

Author: Joseph Fitsanakis | Date: 09 October 2018 | Research credit: S.F. | Permalink

Britain sees Russian government hackers behind Islamic State cyber group

Cyber CaliphateA new report by the British government alleges that the so-called ‘Cyber Caliphate’, the online hacker wing of the Islamic State, is one of several supposedly non-state groups that are in fact operated by the Russian state. The group calling itself Cyber Caliphate first appeared in early 2014, purporting to operate as the online wing of the Islamic State of Iraq and Syria (ISIS), which was later renamed Islamic State. Today the Cyber Caliphate boasts a virtual army of hackers from dozens of countries, who are ostensibly operating as the online arm of the Islamic State. Their known activities include a strong and often concentrated social media presence, as well as computer hacking, primarily in the form of cyber espionage and cyber sabotage.

But an increasing number of reports, primarily by Western government agencies, have claimed in recent years that the Cyber Caliphate is in fact part of a Russian state-sponsored operation, ingeniously conceived to permit Moscow to hack Western targets without retaliation. On Wednesday, a new report by Britain’s National Cyber Security Centre (NCSC) described the Cyber Caliphate and other similar hacker groups as “flags of convenience” for the Kremlin. The report was authored by the NCSC in association with several British and European intelligence agencies. American spy agencies, including the National Security Agency and the Federal Bureau of Investigation, also helped compile the report, according to the NCSC. The report names several hacker groups that have been implicated in high-profile attacks in recent years, including Sofacy, Pawnstorm, Sednit, Cyber Berkut, Voodoo Bear, BlackEnergy Actors, Strontium, Tsar Team, and Sandworm. Each of these, claims the NCSC report, is “an alias of the Main Directorate of the General Staff of Russia’s Armed Forces”, more commonly known as the GRU. The report concludes that Cyber Caliphate is the same hacker group as APT 28, Fancy Bear, and Pawn Storm, three cyber espionage outfits that are believed to be online arms of the GRU.

The NCSC report echoes the conclusion of a German government report that was leaked to the media in June of 2016, which argued that the Cyber Caliphate was a fictitious front group created by Russia. In 2015, a security report by the US State Department concluded that despite the Cyber Caliphate’s proclamations of connections to the Islamic State, there were “no indications —technical or otherwise— that the groups are tied”. In a statement issued alongside the NCSC report on Wednesday, Britain’s Secretary of State for Foreign and Commonwealth Affairs, Jeremy Hunt, described the GRU as Moscow’s “chosen clandestine weapon in pursuing its geopolitical goals”. The Russian government has denied these allegations.

Author: Ian Allen | Date: 05 October 2018 | Permalink

Western spy agencies thwarted alleged Russian plot to hack Swiss chemical lab

OPCW HagueWestern intelligence agencies thwarted a plot involving two Russians intending to travel to a Swiss government laboratory that investigates nuclear, biological and chemical weapons, and hack its computer systems. According to two separate reports by Dutch newspaper NRC Handelsblad and Swiss newspaper Tages-Anzeiger, the two were apprehended in The Hague in early 2018. The reports also said that the Russians were found in possession of equipment that could be used to compromise computer networks. They are believed to work for the Main Intelligence Directorate, known as GRU, Russia’s foremost military intelligence agency. The apprehension was the result of cooperation between various European intelligence services, reportedly including the Dutch Military Intelligence and Security Organization (MIVD).

The laboratory, located in the western Swiss city of Spiez, has been commissioned by the Netherlands-based Organization for the Prohibition of Chemical Weapons (OPCW) to carry out investigations related to the poisoning of Russian double agent Sergei Skripal and his daughter Yulia in March of this year. It has also carried out probes on the alleged use of chemical weapons by the Russian-backed government of President Bashar al-Assad in Syria. In the case of the Skripals, the laboratory said it was able to duplicate findings made earlier by a British laboratory.

Switzerland’s Federal Intelligence Service (NDB) reportedly confirmed the arrest and subsequent expulsion of the two Russians. The Swiss agency said it “cooperated actively with Dutch and British partners” and thus “contributed to preventing illegal actions against a sensitive Swiss infrastructure”. The office of the Public Prosecutor in the Swiss capital Bern said that the two Russians had been the subject of a criminal investigation that began as early as March 2017. They were allegedly suspected of hacking the computer network of the regional office of the World Anti-Doping Agency in Lausanne. The Spiez laboratory was a target of hacking attempts earlier this year, according to a laboratory spokesperson. “We defended ourselves against that. No data was lost”, the spokesperson stated.

On April 14, Russian Minister of Foreign Affairs Sergei Lavrov stated that he had obtained the confidential Spiez lab report about the Skripal case “from a confidential source”. That report confirmed earlier findings made by a British laboratory. But the OPCW, of which Russia is a member, states that its protocols do not involve dissemination of scientific reports to OPCW member states. Hence, the question is how Foreign Minister Lavrov got hold of the document.

As intelNews reported in March, in the aftermath of the Skripals’ poisoning the Dutch government expelled two employees of the Russian embassy in The Hague. In a letter [.pdf] sent to the Dutch parliament on March 26 —the day when a large number of countries announced punitive measures against Russia— Holland’s foreign and internal affairs ministers stated that they had decided to expel the two Russian diplomats “in close consultation with allies and partners”. The Russians were ordered to leave the Netherlands within two weeks. It is unknown whether the two expelled Russian diplomats are the same two who were apprehended in The Hague, since none have been publicly named.

A November 2017 parliamentary letter from Dutch minister of internal affairs Kajsa Ollongren, states[4] that Russian intelligence officers are “structurally present” in the Netherlands in various sectors of society to covertly collect intelligence. The letter added that, in addition to traditional human intelligence (HUMINT) methods, Russia deploys digital means to influence decision-making processes and public opinion in Holland.

Author: Matthijs Koot | Date: 17 September 2018 | Permalink