West Accuses Russia of Persistent Campaign of Hacking by the Kremlin

By Aruna Viswanatha, Max Colchester and Dustin Volz (Wall Street Journal)

Updated Oct. 4, 2018 6:59 p.m. ET

U.S. Justice Department charges seven Russian intelligence officers of malicious cyber efforts as part of coordinated effort with U.K., Dutch authorities

 

U.S., British and Dutch authorities jointly accused Russia of a widespread hacking campaign, describing on Thursday a persistent effort by the Kremlin to attack agencies that exposed Moscow’s alleged misdeeds, including doping by its athletes and the poisoning of a former Russian officer in Britain.

The Dutch government said early Thursday its intelligence services had disrupted a Russian plot to hack into the Organization for the Prohibition of Chemical Weapons in The Hague in April. Authorities said Russian officers tried to compromise the Wi-Fi network of the global watchdog, which had confirmed that chemical weapons were used as part of the attempted murder of the former Russian officer.

U.S. authorities then unsealed an indictment of seven Russian intelligence officers, including those who allegedly participated in The Hague effort, charging them with that and other malicious cyber efforts.

The officers worked from 2014 through this year, the indictment alleged, to hack into the networks of international antidoping organizations and officials’ email accounts. Russia’s widespread doping scheme resulted in the country’s being banned from using its flag or anthem during the 2018 Winter Olympic Games.

Moscow strongly rejected the claims on Thursday.

The coordinated international campaign comes amid a serious deterioration in Moscow’s relations with the West following the poisoning of Sergei Skripal and his daughter in March. The U.S., Canada and more than a dozen European countries together expelled scores of Russian diplomats and intelligence officers in response, and Washington imposed sanctions in August. Mr. Skripal was a former officer of the GRU, the Russian military agency that employs the indicted officers.

“Russia cheated. They got caught, they got banned from the Olympics. They got mad, and they retaliated, and in retaliating, they broke the law,” said Scott Brady, U.S. attorney for the Western District of Pennsylvania, where another victim of the alleged Russian efforts, Westinghouse Electric Co., is located.

“This is not spy versus spy,” Mr. Brady said, adding that the Russian efforts targeted “innocent citizens.”

The 41-page indictment names three defendants who were previously charged by special counsel Robert Mueller for their alleged role in hacking into Democratic servers and distributing stolen information in advance of the 2016 presidential election. The new case, however, didn’t stem from Mr. Mueller’s work, a Justice Department official said.

The U.K. also said on Thursday that it believed the GRU was behind a series of major hacks, including the disclosure of doping-test results from U.S. and other athletes. It also corroborated U.S. agencies’ conclusion that the GRU was responsible for the 2016 leak of Democratic National Committee emails.

 

The British Foreign Office said the GRU was guilty of “indiscriminate and reckless” cyberattacks over the past three years that targeted a range of political and media institutions.

The alleged Russian operations, which also targeted some 250 athletes including those who had condemned Russia’s doping program, mirrored in many ways Moscow’s alleged influence operation in the U.S. before the 2016 election.

Both were designed, U.S. authorities alleged, to promote disinformation and sway public opinion in ways that furthered Russia’s interests. The election-interference efforts allegedly involved remote hackers, while the doping operations also included in-person efforts by officers to target Wi-Fi networks used by individuals at hotels and other locations, the indictment said.

Adding to the unusually coordinated international initiative, Canada on Thursday said it had concluded with “high confidence” that the GRU was responsible for illegally obtaining information from the Montreal-based World Anti-Doping Agency.

At a news conference, Commodore Onno Eichelsheim, head of the Dutch Military Intelligence and Security Service, provided evidence that the attempted hack on the chemical-weapons watchdog came from close range “at a time when they were investigating the Skripal case.” He showed pictures of four alleged GRU operatives who had flown from Moscow to Amsterdam on April 10 using diplomatic passports.

Three days later, the alleged Russian operatives were intercepted by Dutch counterintelligence as they attempted to hack into the OPCW Wi-Fi network from a rental car parked in a nearby hotel parking lot. The four were escorted to the airport in Amsterdam and put on a flight back to Moscow rather than arrested, because “this was a counterintelligence, not a police investigation,” Mr. Eichelsheim said.

The OPCW said it learned on Thursday from British and Dutch officials about the attempted hack and that it “takes very seriously the security of its information systems.”

In its rejection of the allegations, Moscow described in particular the British claims as delusional and a “diabolical blend of perfume.”

“They mixed everything up in one bottle, which could be a bottle of Nina Ricci perfume: GRU, cyberspies, Kremlin hackers, and the [World Anti-Doping Agency],” the Russian news agency Interfax reported Russian Foreign Ministry spokeswoman Maria Zakharova as saying. British authorities believe the Novichok nerve agent was hidden in a Nina Ricci perfume bottle.

According to the U.S. indictment, the Russian intelligence operatives engaged in a “concerted effort to draw media attention to the leaks through a proactive outreach campaign” to journalists, after stealing information through their cyber campaigns.

Twitter handles used by the alleged hackers, @fancybears and @fancybearHT, sent direct messages to the Twitter accounts of about 116 reporters around the world to advertise the stolen information and solicit coverage, the indictment said.

Justice Department officials urged reporters to be more judicious in reporting on stolen information provided by hackers. The head of the Justice Department’s national security division, John Demers, said he hoped journalists would “cast a suspecting eye on future ‘hack and leak’ operations which seek in part to manipulate stories in furtherance of Russian state interests.”

Security researchers said the indictment was likely to have a major impact on the Russian hackers.

 

“A key part of their operation just came to a grinding halt,” said John Hultquist, director of intelligence analysis at the U.S.-based cyber firm FireEye.

Diplomatic relations between the U.K. and Russia have hit a low following the attempted murder of Mr. Skripal and his daughter in the English town of Salisbury this year.

Two men, identified as Russian GRU operatives by the British, have been charged in the U.K. Russian President Vladimir Putin has dismissed allegations of Kremlin involvement, saying the defendants were civilians. But Mr. Putin also this week called Mr. Skripal a “traitor.”

Mr. Skripal, a former colonel in Russian military intelligence who was a double agent for the U.K., is now under the protection of British authorities at an undisclosed location, along with his daughter.

—Sadie Gurman and Valentina Pop contributed to this article.

Related Articles

Analysis: Tech Advances Make It Easier to Assign Blame for Cyberattacks

U.S. Anti-Doping Agency Slams Move to Reinstate Russian Counterpart

Putin Says Accused Skripal Attackers Are Civilians

Chemical-Weapons Watchdog Backs Up U.K. View on Spy Poisoning (April 12)

The Quiet English Life of Sergei Skripal, Poisoned Former Russian Spy (March 11)

World Doping Agency Says Russian Hackers Stole Medical Records of Olympic Athletes (Sept. 13, 2016)