THE HAGUE: Dutch security services said Thursday they had thwarted a Russian cyber attack on the global chemical weapons watchdog, as Western powers blamed Moscow for some of the biggest hacking plots of recent years.
The Netherlands expelled four alleged Russian agents in April after uncovering a spy-novel-style bid by Russia’s GRU military intelligence agency to target the Organisation for Prohibition of Chemical Weapons (OPCW) in The Hague.
The allegation came hours after Britain and Australia separately blamed the GRU for some major hacking plots including the US Democratic Party and world sport’s anti-Doping authority.
Russian President Vladimir Putin has repeatedly and angrily rejected similar charges.
In the Dutch case, the Russians allegedly set up a car full of electronic equipment in the car park of a Marriott hotel next to the OPCW and tried to hack its wifi system and computer passwords.
At the time of the attack the OPCW was investigating the nerve agent poisoning of former Russian spy Sergei Skripal and his daughter Yulia in Salisbury, England. Dutch officials said it was not clear if the cyber operation was linked to that.
But Russians were being trailed by Dutch and British intelligence and left a trail of evidence including a laptop and a taxi receipt from GRU headquarters to Moscow airport, the Dutch said.
In a sign of the network’s reach, a laptop belonging to one of the four was linked to Brazil, Switzerland and Malaysia — while the activities in Malaysia were related to the investigation into the 2014 shooting down of flight MH17 over Ukraine.
Unacceptable cyber activities
The Dutch and British prime ministers Mark Rutte and Theresa May in a joint statement accused the GRU of “disregard for global values” and lashed out at the Russian agency’s “unacceptable cyber activities”.
The Dutch government said it had summoned the Russian ambassador over the incident.
NATO chief Jens Stoltenberg separately warned Russia to halt its “reckless” behaviour.
Russian foreign ministry spokeswoman Maria Zakharova, speaking about the British and Australian claims, said that the allegations had been mixed together “indiscriminately”.
“That’s a hell of a mix for a perfume,” she told reporters, in an apparently mocking reference to the fact that the Novichok nerve agent used on the Skripals was contained in a fake Nina Ricci perfume bottle.
In a dramatic news conference in The Hague, the head of the Dutch MIVD intelligence service, Major-General Onno Eichelsheim, said that the men travelled to Amsterdam’s Schiphol Airport on April 10 on Russian diplomatic passports, and were met by a Russian embassy official
He showed passports identifying the Russians as Alexeksei Morenets, Evgenii Serebriakov, Oleg Sotknikov and Alexey Minin.
The Russians had originally taken a taxi from a GRU base in Moscow to the airport, for which Dutch agents later found a receipt from their hotel. Some of their mobile phones were also activated in Moscow near the agency’s headquarters.
On April 11 they then hired a Citroen C3 and scouted the area around the OPCW in The Hague — all the time being watched by Dutch intelligence.
The Russians then on April 13 set up in the Marriott Hotel next door to the OPCW and took photos, while parking the car at the hotel with the boot facing the OPCW, he said.
In the boot was electronic equipment to intercept the OPCW’s wifi as well as log in codes at the organisation, with the antenna hidden in the back of the car facing the OPCW.
Dutch agents then swooped on the men.
“They were trying to commit a close access hack operation,” he said. “We intercepted it and expelled the four men from the country. It was a successful operation.”
Inside the car the Dutch found the laptop, the men’s mobiles and rubbish that they had taken from their room, including the Moscow taxi receipt.
“They were clearly not here on holiday,” said Eichelsheim.
aDutch Defence Minister Ank Bijleveld told the news conference that “normally we don’t reveal this type of counter-intelligence operation”, but they had made an exception because of the seriousness of the incident.
“The Dutch government finds the involvement of these intelligence operatives extremely worrisome,” Bijleveld told a news conference.
The laptop revealed that the agents had also made searches for the OPCW Spiez laboratory in Switzerland — which the Swiss last month said had been targeted.
The dramatic developments came hours after Britain’s National Cyber Security Centre (NCSC) and the Australian government pointed the blame directly at alleged GRU front operations such as Fancy Bear and APT 28 for a string of worldwide attacks.
But British government sources said the NCSC has assessed with “high confidence” that the GRU was “almost certainly” behind the DNC hack that some Hillary Clinton supporters claimed helped tip the US election in Donald Trump’s favour.
Batches of DNC emails were later published by WikiLeaks. US Special Counsel Robert Mueller in July indicted 12 Russian GRU officers in connection with the DNC attack.
British sources said the GRU was also behind BadRabbit ransomware that caused disruptions on the Kiev metro.
British sources said a third strike, on the World Anti-Doping Agency (WADA), resulted in the release of the medical files of global sports stars in August 2017, including tennis’s Serena and Venus Williams and Britain’s Tour de France winning cyclists Chris Froome and Bradley Wiggins.