05282020What's Hot:

Russia Accused in Cyberattacks on Investigators Pursuing Doping and Poisoning Cases

WASHINGTON — Russian intelligence officers brazenly launched cyberattacks on investigators pursuing Russian malfeasance around the globe, Western officials said on Thursday, offering a litany of victims including antidoping agencies, inspectors scrutinizing the poisoning of a former spy in Britain and others examining the downing of a passenger jet in 2014.

The Justice Department indicted seven Russian officers on charges of trying to hack into antidrug agencies in the United States, Canada and Europe, an apparent effort to undermine their pursuit of Russian doping.

Hours earlier, officials in Europe accused Russia of cyberattacks on the Organization for the Prohibition of Chemical Weapons. The group was investigating the poisoning in Britain in March of a former Russian intelligence officer, Sergei V. Skripal, and his daughter. British officials have accused Russia of using a nerve agent to try to kill Mr. Skripal, whom President Vladimir V. Putin of Russia called this week “simply a scumbag” and “a traitor to the motherland.”

Officials in London also revealed an attempted hack on the British Foreign and Commonwealth Office by Russian military intelligence officers in the aftermath of the attempted assassination of Mr. Skripal.

The Russian officers also targeted Malaysian investigators examining the downing of a passenger jet over Ukraine in 2014, the officials said. Russia has been blamed in that crash.

Though unlikely to lead to arrests or convictions, the accusations formed the latest round of an international public shaming of the Kremlin by the West. In a similar coordinated diplomatic offensive against Russia in March, European nations, the United States and Canada expelled scores of Russian diplomats in a sign of allegiance with Britain over the poisoning of Mr. Skripal and his daughter.

“The defendants believed that they could use their perceived anonymity to act with impunity, in their own countries and on territories of other sovereign nations, to undermine international institutions and to distract from their government’s own wrongdoing,” John C. Demers, the assistant attorney general for national security, said on Thursday. “They were wrong.”

Three of the seven agents charged in the United States case were also indicted in July by the special counsel, Robert S. Mueller III, for their roles in interfering in the 2016 presidential election, Mr. Demers said, though he added that this case did not come out of Mr. Mueller’s investigation.

“Nevertheless, these two indictments charge overlapping groups of conspirators,” Mr. Demers said. “And they evince the same methods of computer intrusion and the same overarching Russian strategic goal: to pursue its interests through illegal influence and disinformation operations aimed at muddying or altering perceptions of the truth.”

The Kremlin dismissed the accusations, with a spokesman for the Foreign Ministry calling them the result of a “rich imagination” and “some kind of diabolical perfume cocktail,” Russian state media reported.

The charges unsealed by the Justice Department primarily focused on allegations that the Russian officers hacked into several antidoping agencies and sporting federations, including the global soccer organization FIFA, and stole private medical information about roughly 250 athletes from 30 countries. The hackers released the information “selectively, and sometimes misleadingly,” in retaliation for the revelations of a state-sponsored Russian doping program that led to a ban on the Russian team from the 2018 Winter Olympics, prosecutors said.

With far fewer details, the indictment also charged one officer, Ivan Sergeyevich Yermakov, with creating a fake website and sending spear-phishing emails to employees of Westinghouse Electric Company, based near Pittsburgh, who worked on nuclear reactor technology. Westinghouse has supplied Ukraine with nuclear fuel, but Mr. Demers declined to detail the larger aim of the Russian operation.

In the Netherlands, the Kremlin’s attempt to hack the Organization for the Prohibition of Chemical Weapons unfolded over three days in April before it was abruptly thwarted.

Dutch officials identified four Russian military intelligence operatives — two of whom specialize in cyberattacks — soon after they arrived in Amsterdam on April 10 carrying diplomatic passports, Gen. Onno Eichelsheim, director of the Dutch Military Intelligence and Security Service, said in an unusually detailed explanation of a counterespionage operation.

British intelligence officials alerted their Dutch counterparts that the Russian officers intended to conduct reconnaissance for a hacking operation, General Eichelsheim said. The four were also behind an attempt to hack a Swiss laboratory that tested a nerve agent for the chemical weapons organization’s investigation of the Skripal poisoning and had also done testing in 2013 of the agent used in a chemical attack in Syria, Dutch officials said.

A day after their arrival in the Netherlands, the Russian spies rented a Citroën hatchback to travel to and around The Hague. One of them, Alexey Minin, took several pictures around the chemical weapons organization’s headquarters.

On their third day in the country, the Russian officers parked the Citroën in the lot of a neighboring Marriott hotel late in the afternoon, pointing its trunk toward the headquarters of the arms control organization. Inside the car was a sophisticated device for penetrating a Wi-Fi network to gather the login credentials of its users, its antenna hidden under a jacket.

After about 30 minutes, the Dutch authorities moved in on the Citroën, catching the Russians in the act and, General Eichelsheim said, preventing “severe damage” to the chemical weapons organization.

The Dutch seized a mobile phone that one of the Russian agents tried to destroy and discovered that it had been used in Moscow four days earlier at the headquarters of the Russian military intelligence branch known as the G.R.U. The same division is believed to be behind the cyberattacks on the Democratic National Committee in 2016.

The Dutch also recovered a receipt for a taxi ride from the G.R.U. headquarters in Moscow to the airport; a laptop whose internet search history included research into the Swiss facility, said to be the Russians’ next target; and evidence that train tickets were purchased for an April 17 trip from the Netherlands to Bern, Switzerland.

In disrupting the Russian plot against the chemical weapons organization, Dutch officials also found evidence that a Russian officer had been in a hotel in Kuala Lumpur, Malaysia, near where Malaysian government officials were investigating the 2014 crash of a passenger jet over Ukraine that killed nearly 300 people. In May, international investigators said Russia had supplied the missile that downed the plane.

The laptop also had a picture of one of the G.R.U. officers with a Russian athlete during the 2016 Olympic Games in Brazil and evidence that a Russian spy stayed in the same Lausanne, Switzerland, hotel as a Canadian antidoping official during a meeting of the World Antidoping Agency as it investigated allegations of Russian doping.

After the Canadian official logged on to the hotel’s Wi-Fi network, the Russian and some of his colleagues used it to illegally access the Canadian’s laptop, according to the Justice Department indictment. The official later noticed a strange message in his sent mail riddled with typos and a fake signature. Investigators found a malicious link embedded in the email, and Russian intelligence apparently used it along with the Canadian’s login credentials to stealthily access the agency’s network for weeks in the fall of 2016.

In September 2016, the Russian military intelligence agency set up websites, including fancybear.org, and posted stolen information and altered documents naming athletes and listing their various ailments or addictions. The Russians created a fake online persona who communicated with dozens of reporters around the world, advertising the information and making deals for exclusive access to certain information.

“All of this was done to undermine those organizations’ efforts to ensure the integrity of the Olympic and other games,” Mr. Demers said.

British officials said the Russian attempts to hack the British Foreign and Commonwealth Office were carried out by a group of hackers known as Sandworm, and said that the same Russian military intelligence agents were also behind attempted cyber attacks in April on the British Defense and Science Technology Laboratory as well as attacks in April and May on the O.P.C.W. All of those were carried out remotely from Russia, the officials said.

The Dutch defense minister, Ank Bijleveld-Schouten, called on Russia to stop its hacking offensives.

“The Russian intelligence service must stop with these undermining cyber operations,” he said. “By revealing the methods of the G.R.U., we are making it more difficult and at the same time increasing our own resiliency.”

Eileen Sullivan and Charlie Savage reported from Washington, and David D. Kirkpatrick from London. Milan Schreuer contributed reporting from Brussels and Ellen Barry from London.

Source: NYT > World

comments powered by HyperComments

More on the topic