


West targets a web of Russian hackers
U.S. joins others in charging GRU agency after wave of cyberattacks

Russia denied the charges, neither humbled nor embarrassed by the revelations on one of the most high-tension days in East-West relations in years. Moscow lashed back with allegations that the Pentagon runs a clandestine U.S. biological weapons program involving toxic mosquitoes, ticks and more.
The nucleus of Thursday’s drama was Russia’s military intelligence agency known as the GRU, increasingly the embodiment of Russian meddling abroad.
In the last 24 hours: U.S. authorities charged seven officers from the GRU with hacking international agencies; British and Australian authorities accused the GRU of a devastating 2017 cyberattack on Ukraine, the email leaks that rocked the U.S. 2016 election and other damaging hacks; and Dutch officials alleged that four GRU agents tried and failed to hack into the world’s chemical weapons watchdog, the Organization for the Prohibition of Chemical Weapons.
The U.S. Justice Department charged seven GRU officers, including the four caught in The Hague, in an international hacking rampage that targeted more than 250 athletes, a Pennsylvania-based nuclear energy company, a Swiss chemical laboratory and the OPCW.
The indictment said the GRU targets had publicly supported a ban on Russian athletes in international sports competitions and because they had condemned what they called a state-sponsored doping program by Russia.
The attempted break-in at the OPCW — involving hacking equipment in the trunk of a car and a trail of physical and virtual clues — was the most stunning operation revealed Thursday.
“Basically, the Russians got caught with their equipment, people who were doing it, and they have got to pay the piper. They are going to have to be held to account,” U.S. Defense Secretary Jim Mattis said in Brussels, where he was meeting with NATO allies.
Mattis said the West has “a wide variety of responses” available.
Deputy Foreign Minister Sergei Ryabkov of Russia said the U.S. is taking a “dangerous path” by “deliberately inciting tensions in relations between the nuclear powers,” adding that Washington’s European allies should also think about it.
While the accusations expose how much damage Russia can do in foreign lands, through remote hacking and on-site infiltration — they also expose how little Western countries can do to stop it.
Russia is already under EU and U.S. sanctions, and dozens of GRU agents and alleged Russian trolls have been indicted by the U.S but will likely never be handed over to face American justice.
Still, to the Western public, Thursday may have been a pivotal day, with accusations so extensive, and the chorus of condemnation so loud, that it left little doubt of massive Russian wrongdoing. A wealth of surveillance footage released by Western intelligence agencies was confirmed by independent reporting.
The litany of accusations of GRU malfeasance began overnight, when British and Australian authorities accused the Russian agency of being behind the catastrophic 2017 cyberattack in Ukraine. The malicious software outbreak knocked out ATMs, gas stations, pharmacies and hospitals and, according to a secret White House assessment recently cited by Wired, caused $10 billion in damage worldwide.
The British and Australians also linked the GRU to other hacks, including the Democratic Party email leaks and online cyber propaganda that sowed havoc before Americans voted in the 2016 presidential election.
Later Thursday, Dutch defense officials released photos and a timeline of GRU agents’ botched attempt to break into the chemical weapons watchdog using Wi-Fi hacking equipment hidden in a car parked outside a nearby Marriott Hotel. The OPCW was investigating a nerve agent attack on a former GRU spy, Sergei Skripal, and his daughter in Salisbury, England, that Britain has blamed on the Russian government. Moscow denies involvement.
Photographs released by the Dutch Ministry of Defense showed a trunk loaded with a computer, battery, a bulky white transformer and a hidden antenna; officials said the equipment was operational when Dutch counterintelligence interrupted the operation.
What Dutch authorities found seemed to be the work of an amateur. A taxi receipt in the pocket of one of the agents showed he had hired a cab to take him from a street next to GRU headquarters to Moscow’s Sheremetyevo Airport. A laptop found with the team appeared to tie them to other alleged GRU hacks.
The men were expelled instead of arrested, because they were traveling on diplomatic passports.
The Dutch also accused the GRU of trying to hack investigators examining the 2014 downing of a Malaysian Airlines jetliner over eastern Ukraine that killed all 298 people on board. A Dutch-led team says it has evidence the missile that brought the plane down came from a Russia-based military unit. Russia has denied the charge.