Canada and several of its key Western allies on Thursday accused Russia’s military intelligence service of a litany of ‘malicious cyber-operations’ including the hacking of the Canadian-based world anti-doping body and an attempt to hack into the chemical weapons watchdog in the Netherlands.
In a coordinated move, the U.S. Justice Department also charged seven Russian military intelligence officers in relation with the 2016 hacking of the World Anti-Doping Agency (WADA) based in Montreal in a bid to delegitimize the anti-doping body.
Russian operatives also targeted a Pennsylvania-based nuclear energy company, according to the U.S. officials.
Three of the seven Russian military intelligence officials accused in the hacking were previously charged by special counsel Robert Mueller, Justice Department officials said during a morning press conference attended by Royal Canadian Mounted Police (RCMP) Cybercrime Director Mark Flynn.
4 Russian spies expelled
(listen to U.S. Assistant Attorney General for the National Security Division John Demers announce the reasons for indictments of Russian officers)Listen
Four of the officers, allegedly working for Russia’s Chief Intelligence Directorate better known under its Russian acronym, GRU, were also charged for cyber-targeting the Organisation for the Prohibition of Chemical Weapons’ (OPCW) network in April.
The OPCW was investigating the nerve agent poisoning of a former GRU officer and his daughter in Salisbury, U.K.
Incidentally, the two suspects in the poisoning of Sergei Skripal, who had betrayed several Russian agents to the British intelligence, and his daughter Yulia were also identified as GRU officers by British authorities.
The GRU’s alleged hacking attempts on the chemical weapons watchdog in April were disrupted by authorities, Dutch Defence Minister Ank Bijleveld said Thursday. Four Russian intelligence officers carrying diplomatic passports were immediately expelled from the Netherlands, said a press release by the Netherlands Defence Intelligence and Security Service (DISS).
In 2014, Dutch authorities also blocked attempts by Russian hackers to gain access to the investigation into the downing of a Malaysian Airlines flight over eastern Ukraine that killed all 298 people on board, Bijleveld said.
The British ambassador to the Netherlands said that the men caught with spy gear outside the OPCW building were from the very same GRU section (Unit 26165) accused by American investigators of having broken into the Democratic National Committee’s email and sowing havoc during the 2016 U.S. presidential election.
The alleged Russian spies deported from The Hague also planned to travel on to the OPCW designated laboratory in Spiez, Switzerland, said Ambassador Peter Wilson. But this wouldn’t have been the first time they’d travelled to Switzerland.
Intelligence collected from a laptop that belonged to one of the GRU officers caught in The Hague showed that it had connected to WiFi at the Alpha Palmiers Hotel in Lausanne in September 2016 – where a WADA conference was taking place, Wilson said.
That conference was attended by officials from the International Olympic Committee and the Canadian Centre for Ethics in Sport who were targeted by a cyber attack, he said.
One of the Canadian officials had their laptop compromised by malware, probably deployed by someone connected to the same hotel WiFi network, British officials said. Immediately after this laptop was compromised, the Centre’s computer systems were infected more broadly by the malware.
Subsequently, alleged Russian hackers also compromised the IP addresses of the International Olympic Committee, British officials said.
Canada joins allies in condemning Russia
“Today, Canada joins its allies in identifying and exposing a series of malicious cyber-operations by the Russian military,” said a statement by Global Affairs Canada.
“These acts form part of a broader pattern of activities by the Russian government that lie well outside the bounds of appropriate behaviour, demonstrate a disregard for international law and undermine the rules-based international order.”
The statement went on to say that the Canadian government “assesses with high confidence” that the GRU was responsible for the release of confidential athlete data from WADA computers obtained by a hacking group calling itself Fancy Bear/APT28.
The GRU was also responsible for the 2016 malware attack against the Canadian Centre for Ethics in Sport, the statement alleged.
Britain’s National Cyber Security Centre (NCSC) said it has identified that a number of cyber actors widely known to have been conducting cyber attacks around the world are, in fact, the GRU.
“These attacks have been conducted in flagrant violation of international law, have affected citizens in a large number of countries, including Russia, and have cost national economies millions of pounds,” said the statement by the NCSC.
Russian embassy denies ‘fake news’ allegations
Russian authorities dismissed the allegations as “nothing more than cheap spy fiction and fake news” and an “anti-Russian witch hunt by U.S./UK and their willing allies, including Canada.”
“The major goals of this brazen propaganda war are to brainwash and scare domestic and international audience with non-existent Russian threat, as well as distract attention from NATO counties’ [sic] expanding their offensive cyber war capabilities,” said a statement by the Russian embassy in Ottawa.
Speaking to reporters in Moscow, Russian Foreign Affairs Ministry spokesperson Maria Zakharova said the allegations were the product of “rich imagination” of British officials.
“Without any discernment, they’ve mixed up everything in one Nina Ricci perfume bottle: the GRU, the cyberspies, the Kremlin hackers and WADA,” said Zakharova, referring to the perfume bottle that allegedly contained the deadly nerve agent that poisoned the Skripals.
“It’s some kind of a hellish perfume brew. The rich imagination of our British colleagues truly has no boundaries!”
With files from The Associated Press and Reuters