Russian cyber spies busted by Netherlands 'left behind evidence of many operations'

Equipment seized by Dutch intelligence points to Russia's involvement in hacking incidents around the world.
Written by David Meyer, Contributor

The accusations against Russia just keep on coming. On Thursday, just after the UK and Australia accused Russia of being behind a wave of global cyber-attacks, the Netherlands defense ministry announced that four Russian intelligence officers had been "escorted" out of the country back in April, after being caught in action.

The spies, who come from Russian military intelligence (GRU), had apparently been planning to hack into the networks of the Organisation for the Prohibition of Chemical Weapons (OPCW), which is located in The Hague.

Their equipment, seized by Dutch intelligence, also pointed to involvement in other hacking incidents around the world, including a hack on anti-doping officials.

The spies, Alexey Minin, Oleg Sotnikov, Evgenii Serebriakov, and Aleksei Morenets, were among the seven GRU officers indicted by the US Justice Department on Thursday, in part for the anti-doping attack.

According to a Nertherlands ministry statement, the operatives had set up equipment in the boot of a car in the parking lot of the Marriot Hotel next to the OPCW offices.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

The equipment was for hacking into the organization's Wi-Fi networks, and the ministry said it was "operational" when Netherlands intelligence officers rumbled the spies.

"The cyber operation targeting the OPCW is unacceptable," said defense minister Ank Bijleveld. "Our exposure of this Russian operation is intended as an unambiguous message that the Russian Federation must refrain from such actions."

The incident intersects with a multitude of diplomatic firestorms, including the Skripal poisoning investigation, the Syrian civil war, and the investigation into the downing of Malaysia Airlines flight MH17 over eastern Ukraine in 2014.

According to the UK ambassador to the Netherlands, Peter Wilson, at the time of the spying attempt, the OPCW was investigating the nerve-agent attack against former Russian spy Sergei Skripal and his daughter Yulia in Salisbury, England, earlier this year. The UK has attributed that attack to the GRU.

The OPCW was also investigating the April chemical attack in the Syrian city of Douma, which killed dozens of people. The attack was blamed on Syrian forces. Russia backs Assad's Syrian regime, and has been accused of working alongside it to cover up evidence of the use of chemical weapons in Douma.

"This operation in The Hague by the GRU was not an isolated act," said Wilson. "The unit involved, known in the Russian military as Unit 26165, has sent officers around the world to conduct brazen close-access cyber operations."

The laptops seized from the GRU agents proved interesting, as they appeared to have also connected to a Wi-Fi network at a 2016 World Anti-Doping Agency meeting in Lausanne, Switzerland, where conference-goers found their equipment compromised by 'APT28' malware that had probably been deployed by someone on the same hotel Wi-Fi network.

SEE: 10 ways to raise your users' cybersecurity IQ (free PDF)

One of the spies, named as Yevgeniy Serebriako, also conducted "malign activity" in Malaysia, in an attempt to learn more about the MH17 investigation there. Investigators believe Russia supplied the missile system that was used to bring down the passenger jet, killing 298 people.

"Any incident in which the integrity of international organizations is undermined is unacceptable," said Bijleveld. "We have therefore summoned the Russian ambassador to remind him of this."

US defense secretary Jim Mattis said Thursday that Russia had to be held accountable for the OPCW hacking attempt.

A Wednesday Reuters report said the US was planning to announce soon that it was willing to use offensive and defensive cyber capabilities on behalf of NATO.

According to The Guardian, a Russian foreign-ministry spokeswomen described the OPCW accusations as "big fantasies".

Previous and related coverage

The new weapon against Russian cyber attacks: Naming and shaming

Intelligence agencies are going public about cyber attacks and who they think is to blame. Can that help stop future attacks?

Russian election meddling continues, says US: So why can't it be stopped?

The US is struggling to find a way to deter hacking and other interference.

Can Russian hackers be stopped? Here's why it might take 20 years

Deterring hackers is almost impossible when the rewards are so great and the risks are so low. Can anything stop them?

Russia's 'Big Brother' data law now in force: Kremlin spies are the big winners

To help Russian security services, providers will now have to keep customers' texts, calls, and chat logs in full.

Facebook kills 650 Russian, Iranian accounts for 'inauthentic behavior'

Facebook suspends multiple campaigns that have used ads and fake news to manipulate political discourse.

Microsoft: We've just messed up Russian plans to attack US 2018 midterm elections

Claiming a win over Russian plans to hack US politicians, Microsoft unveils a new security service to detect attacks expected in the lead-up to the midterms.

US special counsel indicts 13 members of Russia's election meddling troll farm

Special Counsel Robert Mueller's office said Friday that a grand jury has indicted 13 Russian nationals and three Russian entities accused of election meddling.

Four things we learned when Facebook, Google, Twitter testified in Russia inquiry

Tuesday's hearing in the Senate marks the first of several hearings involving the tech giants and how Russian-backed hackers and propagandists used their services to spread misinformation and false news.

What chief data officers can learn from Facebook about building better big data security practices TechRepublic

Here are four tips for improving big data governance strategies in light of the news about Cambridge Analytica's harvesting of Facebook user profiles.

Facebook, Google, Twitter execs to head back to Capitol Hill on Sept. 5 CNET

Sheryl Sandberg, Sundar Pichai and Jack Dorsey have been invited to testify before the Senate Intelligence Committee, regarding Russian meddling in US elections.

Editorial standards