Russia Accused Of Cyber-Attack On Chemical Weapons Watchdog

The Netherlands, the UK and the US pile pressure on Russia over ‘reckless’ worldwide hacks allegedly carried out by its GRU intelligence arm

The Netherlands has accused Russia of attempting to hack into the systems of the international chemical weapons watchdog, while the UK unveiled a list of hacks that it said were carried out by Russia’s spy agency, the GRU.

The US said it agreed with the allegations, which were publicised as NATO defence ministers met in Brussels.

The US also indicted seven Russian intelligence officers for conspiring to hack computers in an attempt to delegitimise international anti-doping organisations.

The accusations emerge amidst an increasingly heated political environment, with tensions spilling over into cyberspace.

malware
‘Perfume cocktail’

A security expert said the row reflects the growing presence of government espionage activity on the internet, with the UK recently reported to be planning a massive expansion of its own cyber-offensive capability.

Russia’s Foreign Ministry said the allegations were a “diabolical perfume cocktail” produced by  someone with a “rich imagination”.

Dutch authorities said they frustrated an attempt to hack into the systems of the Hague-based Organization for the Prohibition of Chemical Weapons (OPCW) in April.

The Dutch military intelligence agency said four Russians were caught on April 13 with spying equipment in a hotel located next to the OPCW headquarters. The equipment included gear allegedly intended for hacking into the OPCW’s  Wi-Fi network.

The men, who had planned to travel to a laboratory in Spiez, Switzerland, used by the OPCW, were expelled to Russia, said Dutch Major-General Onno Eichelsheim.

At the time the lab was analysing chemicals used in the poisoning of an ex-Russian spy in the UK and chemical weapons allegedly used by the Syrian regime, which is allied to Russia.

Dutch authorities released copies of the passports of the four men, who are all in their 30s or 40s.

“This is not the actions of a great power, these are the actions of a pariah state,” British defence secretary Gavin Williamson told journalists.

UK accusations

Earlier on Thursday, the UK’s National Cyber Security Centre (NCSC) released a list of cyber-hacks it attributes to Russia’s GRU.

The attacks, including the BadRabbit ransomware attack and the World Anti-Doping Agency hack, both of last year, have previously been attributed to the Russian state, but the NCSC’s report was the first time they had been specifically linked to the GRU.

The list also extended to 2016’s Democratic National Committee (DNC) hack in the US and the theft of emails from a small British television station in 2015.

“The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries,” said British foreign secretary Jeremy Hunt. “Our message is clear – together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.”

Peter Wilson, the UK’s ambassador in the Hague, said Russian intelligence had also tried to compromise Foreign Office systems in March.

Cyber-war

The spate of allegations appears to be intended to pile pressure on Russia, and reflects the growing effects of cyber-espionage on the internet, said Mark Tibbs, intelligence director at law firm Mishcon de Reya.

“Governments spying on governments is not a new phenomenon, but it is now being played out in cyberspace on a regular basis,” he said. “The UK itself has acknowledged its own ‘offensive cyber capability’, which is essentially the country’s own ability to hack potential enemies.

“What is unusual in this case is how open the UK and its allies are willing to be about the activity – possibly to embarrass the Russian authorities and to pressurise Russia into restraining its activities.”

Tibbs said the attacks themselves do not represent an escalated level of threat, but that the increasingly politicised environment could mean trouble for some firms in the private sector.

“Those businesses with a strong national brand with close associations to Russia or the UK are most at risk as they may be considered a proxy for their home country,” Tibbs said.