Russians Caught Red-Handed in Cyber-Spying

Dutch authorities have photographs of four Russian military intelligence (GRU) operatives arriving at the Amsterdam airport last April, escorted by a member of the Russian embassy. They have copies of the men’s passports — two of them with serial numbers one digit apart. Because they caught them, red-handed, inside a car parked beside the Organization for the Prohibition of Chemical Weapons in The Hague — the GRU team was trying to hack into the OPCW’s WiFi system — Dutch authorities also confiscated multiple phones, antennae and laptop computers.

These have produced a trove of additional information. Among other things, the Dutch have proof that some of these men have been to Malaysia, where they were spying on the team investigating the crash of MH17, the passenger plane brought down by a Russian missile in eastern Ukraine in July 2014. They have proof that these same men hacked a computer belonging to the World Anti-Doping Agency (WADA), the organization that revealed drug use by Russian athletes. They found train tickets to Switzerland, where it seems the GRU team was planning to hack the laboratory tasked with identifying Novichok, the chemical nerve agent that their colleagues used to attack an ex-spy in England. They even found a taxi receipt from the cab that the team took from GRU headquarters to the Moscow airport.

Once upon a time, the Dutch authorities might have kept all of these things to themselves. But not now. On Thursday, the Dutch defense minister presented this panoply of documents, scans, photographs and screenshots on large slides at a lengthy news conference. Within seconds, the images spread around the world. Within hours, Bellingcat — the independent research group that pioneered the new science of open-source investigation — had checked the men’s names against several open Russian databases. Among other things, it emerged that, in 2011, one of them was listed as the owner of a Lada (license plate VAZ 21093) registered at 20 Komsomolsky Prospekt — the address of the GRU. While they were at it, Bellingcat unearthed an additional 305 people — names, birth dates, passport numbers — who had registered cars to that very same address. It may be the largest security breach the GRU has ever experienced.

It also represented a new turning point in the West’s fight against the onslaught of Russian disinformation, for this particular GRU team was not engaged in a traditional form of spying. They were not looking for secret information; they were looking for dirt. They wanted embarrassing stories, catty emails or anything at all that would discredit organizations that seek to establish the truth about Russian crimes: OPCW, WADA, the MH17 investigation, the Swiss chemical lab. Had they found anything, they would not have analyzed it in secret; they would have leaked it.

This is a familiar pattern. A similar search for kompromat was one of the motivations for the GRU’s hack of the Democratic National Committee in 2016, as well as of Hillary Clinton’s election campaign. The GRU agents who ran that operation were also looking for material, however banal, that could be leaked and then spun into compromising, distracting stories that would dominate news cycles and discredit Clinton. In any institution — be it a laboratory or a campaign office — there are private conversations that differ, in language and tone, from announcements made in public. The GRU seeks to exploit this distinction in order to create distrust and suspicion. They can’t alter the verdict of the OPCW or the results of the MH17 investigation, but they can persuade people not to take them seriously.

How to fight back? Here is one way: Do what the Dutch did. Conduct a competent and thorough investigation, then flash the contents of the GRU’s laptops on a big screen. Do what Bellingcat did and provide confirmation of the Dutch presentation, plus some extra amusing details. Do what the British tabloids did, and think up angry and amusing headlines (“Novichumps”) to describe the whole thing. And then let a million social media accounts spread the word.

None of these tactics would work on its own. But when state security institutions and an NGO with a reputation for accuracy combine with traditional media, they can undermine the Russian strategy. Russia’s military-intelligence operatives were seeking to create distrust of international institutions. Instead, they have created distrust of Russia itself.