Britain, Holland and US spearhead fightback against Putin's cyber war as they reveal how Moscow's web of hackers hit high-profile targets across the globe - including chemical weapons watchdog probing Salisbury attack

  • US charges 7 Russian spies with crimes including hacking, identity theft and fraud using crypto-currencies 
  • British cyber security group accuses Russia's GRU of at least four hacking attacks around the world
  • Dutch authorities lift lid on operation to hack chemical weapons HQ in Netherlands in April 
  • Men were picked up with a cache of computer equipment, linking them to other incidents, and sent home 
  • US has released wanted poster featuring four Hague hackers and three others linked to anti-doping hacks
  • GRU operatives - working under what US identified as Unit 26165 - created fake 'hacktivist' Fancy Bears group
  • Russia faces storm of hacking allegations, but denies claims, calling latest evidence 'big fantasies'

Advertisement

Russian hackers waged a four-year disinformation campaign against the west in which they obtained sensitive information from weapons watchdogs and anti-doping sports bodies, it emerged today.

Seven Kremlin agents working for the GRU are accused of hacking the records of 250 athletes from 30 countries as they travelled across the globe using the intelligence obtained to spread fake news designed to bolster President Vladimir Putin's position on the world stage.

The targets included FIFA, the World Anti-Doping Agency and the 2016 US presidential race that resulted in the election of Donald Trump.

Spies also attempted to hack computers at the UK Foreign Office and the Porton Down military research facility days after assassins tried to murder the Skripals in Salisbury. The unit - nicknamed 'Sandworm' - tried and failed to infiltrate UK IT systems as part of a series of attacks across Europe this year. 

American intelligence identified the spies as working for the GRU's Unit 26165, which it has emerged created the fake 'hacktivist' group Fancy Bears to disseminate the material along with misleading statements designed to exonerate Russia of doping allegations and instead level them at the US. 

And when Dutch authorities caught four of the suspects in The Hague trying to hack the Organisation for the Prevention of Chemical Weapons (OPCW) as it investigated the Salisbury novichok attack, they had to send them back to Russia on account of their diplomatic passports. The OPCW was also due to conduct analysis of the chemical weapons attack in Douma on April 7. 

But despite their 'sophisticated' operation from 2014-2018, the bungling spies were today revealed to have left a trail including  a taxi receipt for a journey from GRU headquarters to Moscow's Sheremetyevo airport the very day that four agents arrived in Amsterdam. One of the group even kept selfies from previous operations including one taken at the 2016 Olympics in Brazil where Russian athletes' doping samples were tampered with and US athletes' medical records leaked.

The US today charged seven Russian military intelligence officers over hacking attacks around the world. The group are accused of a range of attacks on institutions and individuals around the world. The attacks are linked to Russia attempts to spy on investigations into doping in sport, politics in the Ukraine, and the poisoning of Sergei Skripal in the UK

The US today charged seven Russian military intelligence officers over hacking attacks around the world. The group are accused of a range of attacks on institutions and individuals around the world. The attacks are linked to Russian attempts to spy on investigations into doping in sport, politics in the Ukraine and the US, and the poisoning of Sergei Skripal in the UK

Dutch authorities released images of four Russian agents who tried to hack into the global chemical weapons watchdog a month after the Salisbury novichok attack. CCTV shows them when they arrived in the Netherlands

Dutch authorities released images of four Russian agents who tried to hack into the global chemical weapons watchdog a month after the Salisbury novichok attack. CCTV shows them when they arrived in the Netherlands

CCTV images show Alexey Minin, who was today unmasked as members of the GRU's hacking squad
Oleg Sotnikov is pictured on a photo recovered from a phone. He was today unmasked as members of the GRU's hacking squad

CCTV images show Alexey Minin (left), while Oleg Sotnikov (right) is pictured on a photo recovered from a phone. They are both alleged to be members of the GRU's hacking squad, who were unmasked today

US authorities released images of Artem Malyshev, who it named as a GRU hacker
US authorities released images of Ivan Yermakov, who it named as a GRU hacker
US authorities released images of Dmitriy Badin, who it named as a GRU hacker

After the Dutch named four men it caught hacking The Hague, US authorities released images of Artem Malyshev, 30, Ivan Yermakov, 32, and Dmitriy Badin, 27 (pictured, left to right), who it named as GRU hackers

Russian president Vladimir Putin waves to spectators prior to boarding a car after his arrival in New Delhi as the GRU's campaign of cyber warfare against the west was exposed on a deeply embarrassing day for the Kremlin 

Russian president Vladimir Putin waves to spectators prior to boarding a car after his arrival in New Delhi as the GRU's campaign of cyber warfare against the west was today exposed 

This image, made available by the Dutch Ministry of Defence today, is said to show the hacking equipment that four Russian intelligence officers used for a cyber attack on the OPCW
This image, made available by the Dutch Ministry of Defence today, is said to show the hacking equipment that four Russian intelligence officers used for a cyber attack on the OPCW

These images, made available by the Dutch Ministry of Defence today, are said to show the hacking equipment that four Russian intelligence officers used for a cyber attack on the OPCW

'Hardly James Bond' 

Russian spies arrested as they walked out of a hotel lift in The Hague without force and with 'no James Bond involved', the manager said Thursday.

Dutch security forces said they seized the men as they tried to carry out a cyber attack on the world chemical weapons watchdog while parked at the Marriott Hotel next door.

But there were 'no guns, no handcuffs or force', as police arrived at the hotel in the city's upmarket Statenkwartier district in broad daylight, said general manager Vincent Pahlplatz.

'The police went to the front desk and said we would like to talk to a few of your guests,' Pahlplatz said.

'At that very same time, the four men came out of the elevator into the lobby, coincidentally.'

There was no showdown.

'The police officers simply told the men: "Will you please follow me" - and they did,' said Pahlplatz, who was in the lobby at the time with the Dutch security agents.

'They followed the police outside and never returned. Some people were checking in and they didn't even notice what was going on.'

The hotel is next door to the Organisation for the Prohibition of Chemical Weapons (OPCW), and is across the road from Dutch Prime Minister Mark Rutte's official Catshuis residence.

Police then came with an official warrant to search the room where the Russians were staying 'and we gave them access', the manager said.

'Of course, we had a million questions, but police said because of their investigation they could not share them - until today.'

'It sounds like James Bond but there was no James Bond involved,' said Pahlplatz.

'No Aston Martins, no revolving number plates, nobody sky diving from the rooftop. It's a very dull James Bond story,' he laughed.

Dutch officials said on Thursday that the men had been trying to hack into the OPCW's computer system. They were expelled immediately after their arrest.  

Advertisement

Today the UK accused Russia's GRU intelligence agency of being behind hacks on the World Anti-Doping Agency (Wada), transport systems in Ukraine and democratic elections, such as the 2016 US presidential race. Britain has warned Russia it could face new sanctions, with foreign secretary Jeremy Hunt saying the disclosures were 'hard evidence' of the activities of the 'unacceptable' of Russian intelligence.

Then, Dutch authorities revealed they had caught a team of Kremlin agents rigging up computers, phones and an antenna in the boot of a car to try and hack into the global chemical weapons watchdog in The Hague.

The spies were apprehended after setting up at the Marriott Hotel next door, with general manager Vincent Pahlplatz saying the spies were 'no James Bond'.

This afternoon, the US Justice Department announced it has charged seven Russian military intelligence officers with hacking anti-doping agencies and other organizations. 

The Kremlin was left trying to hold back a growing flood of evidence of its hacking activities around the world, spread over four years.

The US indictment lists Russian nationals: Aleksei Morenets, 41, Evgenii Serebriakov, 37, Ivan Yermakov, 32, Artem Malyshev, 30, and Dmitriy Badin, 27, from the GRU's Unit 26165, and Oleg Sotnikov, 46, and Alexey Minin, 46, who were also GRU officers.

The FBI indictment lists a series of allegations against the seven wanted men. It says: 

  • As early as November 2014, Yermakov performed reconnaissance of Westinghouse Electric Company's (WEC) in Pennsylvania, a company involved in the supply of power to the Ukraine.
  • In July 2016, Yermakov and Malyshev used 'spoofed domains' to unleash 'spearphishing' attacks on WADA and United States Anti-Doping Agency (USADA) employees.
  • Also in 2016, Morenets and Serebriakov, with the support of Yermakov, went to Rio to target wifi networks used by anti-doping officials at the Olympic Games. 
  • In mid-September 2016, Morenets and Serebriakov compromised the wifi network of a hotel hosting a WADA anti-doping conference in Lausanne, Switzerland.
  • In December 2016 and January 2017, the group successfully compromised the networks of International Association of Athletics Federations (IAAF) and football's governing body FIFA, targeting computers used by each organization's top anti-doping official.  Among the data stolen from officials were anti-doping policies, lab results, and medical reports.
  • In April 2018, Morenets, Serebriakov, Sotnikov, and Minin travelled to The Hague to try and hack into the headquarters of the Organisation for the Prohibition of Chemical Weapons (OPCW) during the investigation in the Salisbury novichok attack. The case against these four was also set out by the Dutch Defence ministry today.

It came after the British National Cyber Security Centre (NCSC) said the GRU were behind at least four hacking attacks around the world:  

  • A hacking strike on Wada in August 2017.
  • A 'BadRabbit' attack in October 2017 that caused disruption to the Kiev metro and Odessa airport in the Ukraine.
  • The NCSC also stated that the GRU was 'almost certainly' to blame for hacking the Democratic National Committee during the US presidential election in 2016.
  • The agency pointed the finger at the GRU for accessing email accounts at a small UK-based TV station in 2015. 
As Russia's hacking activities around the world were exposed, Dutch authorities detailed how they caught four GRU agents in The Hague, trying to hack into the chemical weapons watchdog's computers at a time the body was investigate the Sergei Skripal novichok poisoning in Salisbury

As Russia's hacking activities around the world were exposed, Dutch authorities detailed how they caught four GRU agents in The Hague, trying to hack into the chemical weapons watchdog's computers at a time the body was investigate the Sergei Skripal novichok poisoning in Salisbury

Surveillance footage shows the moment Dutch intelligence officers descended on the scene and caught the four men outside the chemical weapons agency

Surveillance footage shows the moment Dutch intelligence officers descended on the scene and caught the four men outside the chemical weapons agency

A briefing in The Hague was shown pictures of each of the men's passports. Alexey Minin, from Perm, to the north west of Moscow, was named as one of the men

One of the men was named as Evgeny Serebriakov and his passport of photo was released

Another of the men was named as Oleg Sotnikov, said to have been born in Oeljanovsk

The passport numbers of the men were released, including Aleksei Morenets, from Murmansk

The FBI later released this copy of the passport of Dimitry Badin who is accused of hacking related to the 2016 US elections

The FBI later released this copy of the passport of Dimitry Badin who is accused of hacking related to the 2016 US elections

Laptop belonging to Russian spies was also used to hack MH17 investigation in Malaysia

The Russian intelligence officers expelled from the Netherlands after the Dutch government thwarted a major cyber attack had targeted the investigation into the downing of Malaysia Airlines flight MH17.

A laptop belonging to one of the four Russian spies caught trying to hack into the global chemical weapons watchdog OPCW in the wake of the Salisbury Novichok attack could also be placed in Brazil, Switzerland and Malaysia.

Data found on the laptop of the GRU intelligence agency officer put it as having been in use in Kuala Lumpur, and linked it to the MH17 investigation. 

It had been used to specifically target Malaysian police and the country's attorney general, Dutch authorities announced at a press conference in the Hague today.

Malaysia Airlines flight MH17 was shot down over Ukraine in July 2014, killing 298 people, with an four-year investigation finding Russia responsible earlier this year.  

British ambassador to the Netherlands Peter Wilson said there was proof of 'malign activity' in Malaysia, stating: 'This GRU operation was trying to collect information about the MH17 investigation.

'And targeted Malaysian government institutions, including the attorney general's office and the Royal Malaysian Police.'

Advertisement

The three governments' public expose of the operation will reignite hostilities between Putin's regime and the West, following tit-for-tat diplomatic expulsions in the wake of the Salisbury attack.

Russian Foreign Ministry spokeswoman Maria Zakharova dismissed the new hacking accusations from the Netherlands and UK as 'big fantasies'. 

The Dutch Defence Ministry said the team of GRU officers - travelling on official Russian passports - entered the Netherlands on April 10, just a month after the Salisbury nerve agent attack.

Three days later, they parked a car carrying specialist hacking equipment outside the headquarters of the OPCW in the The Hague, where the novichok attack was being investigated.

However, before they could initiate the hacking attack, Dutch counter-intelligence officers descended on the vehicle and seized the men, who were then kicked out of the country.

The hacking attempt - described as a 'close access'  attack due to the attempt by the group to get close to the building - followed a longer-range earlier 'spearphishing attack' on the OPCW headquarters. 

A laptop belonging to one of the four Hague hackers was linked to Brazil, Switzerland and Malaysia, with the activities in Malaysia related to the investigation into the 2014 shooting down of flight MH17 over Ukraine, Dutch Defence Minister Ank Bijleveld told a news conference. 

At a joint press conference in The Hague, British ambassador to the Netherlands Peter Wilson said: 'This disruption happened in April. Around that time the OPCW was working to independently verify the United Kingdom's analysis of the chemical weapons used in the poisoning of the Skripals in Salisbury.' 

In a joint statement Theresa May and Dutch prime minister Mark Rutte said: 'We have, with the operations exposed today, further shone a light on the unacceptable cyber activities of the Russian military intelligence service, the GRU.

'This attempt to access the secure systems of an international organisation working to rid the world of chemical weapons, demonstrates the GRU's disregard for the global values and rules that keep us safe.

'Our action today reinforces the clear message from the international community: we will uphold the rules-based international system and defend international institutions from those that seek to do them harm.' 

Meanwhile NATO Secretary General Jens Stoltenberg warned Russia to halt its 'reckless' behavior amid a series of global cyberattacks blamed on Moscow. 

Surveillance pictures show the men at the scene on the day of the thwarted hacking attack
Surveillance pictures show the men at the scene on the day of the thwarted hacking attack

Surveillance pictures show the men at the scene on the day of the thwarted hacking attack

A map released by the Dutch authorities shows how close the group managed to park their rental car to the OPCW headquarters, where chemical weapons are investigated

A map released by the Dutch authorities shows how close the group managed to park their rental car to the OPCW headquarters, where chemical weapons are investigated

Pictures show the cache of equipment seized from the men. They attempted to smash up some of the phones (inset) when they realised authorities were on to them

Pictures show the cache of equipment seized from the men. They attempted to smash up some of the phones (inset) when they realised authorities were on to them

GRU's links to the 'Fancy Bears' hackers group revealed

GRU hackers operate under a dozen different names, with the most well-known being 'Fancy Bears' group, according to allegations announced over the last 24 hours.

A Fancy Bear hack obtained confidential medical records for international athletes from the World Anti-Doping Agency (WADA) in August last year.

British cyclists Bradley Wiggins and Chris Froome were among those who had records released on their use of banned substances for a legitimate medical reasons.

Another attack, outlined by UK authorities this morning, was made on the US Democrat party, which was targeted by Fancy Bear in 2016 when documents from the Democratic National Committee (DNC) were published online.

Advertisement

In a statement issued during a meeting of NATO defense ministers today, Mr Stoltenberg said: 'NATO allies stand in solidarity with the decision by the Dutch and British governments to call out Russia on its blatant attempts to undermine international law and institutions.'

He said that 'Russia must stop its reckless pattern of behavior, including the use of force against its neighbors, attempted interference in election processes, and widespread disinformation campaigns.' 

The 29 NATO allies are discussing cybersecurity at talks in Brussels, with the US, Britain, Denmark and the Netherlands due to announce that they will provide offensive cyber-capabilities for use by NATO.

The revelations will further strain relations with Russia after Britain blamed Moscow for the nerve agent attack in Salisbury last March which left one person dead.  

Foreign Secretary Jeremy Hunt said Russia could face further sanctions in the wake of the latest 'hard evidence'.

Mr Hunt said: 'The first thing we are doing is to expose it and the words matter because there are countries all over the world that are hearing both sides of the story - they're hearing what the Russians say as well.

'This is the evidence that what we are getting from Russia is fake news, and here is the hard evidence of Russian military activity.

'But of course it will go beyond that, and that is why we will be discussing with our allies what further sanctions should be imposed.

'We will also be discussing how we need, working with our friends and allies, to counter this pattern of cyber attacks, which is the new type of attack that the whole world is having to deal with.' 

When the men were arrested, they were caught with €20,000 (£17,000) and $20,000 (£15,000) in cash

Dutch authorities released images of the huge amount the cash found on the men. Sotnikov had 20,000 euros and 20,000 dollars on him

The men took their own rubbish - including several beer cans - out of their hotel room, presumably because they were concerned about an investigation

The men took their own rubbish - including several beer cans - out of their hotel room, presumably because they were concerned about an investigation

Incredibly, a taxi receipt found on the one of the men named the street in Moscow where the GRU has its headquarters

Incredibly, a taxi receipt found on the one of the men named the street in Moscow where the GRU has its headquarters

How did Russians' hacking operation in The Hague unfold?

  • On April 10, the Russians took a taxi from a GRU base in Moscow to the city's Sheremetyevo airport. Some of their mobile phones were activated near the GRU's HQ.
  • The men travelled to Amsterdam's Schiphol Airport on Russian diplomatic passports.
  • On April 11, they hired a Citroen C3 and scouted the area around the OPCW - all the time being watched by Dutch intelligence. 
  • They set up in the Marriott Hotel next door to the OPCW and took photos, while parking the car at the hotel with the boot facing the OPCW. In the boot was electronic equipment to intercept the OPCW's Wifi and log in codes.
  • Dutch spies intervened and sent them back to Russia.
Advertisement

UK Defence Secretary Gavin Williamson, attending a Nato summit in Brussels, said Moscow was targeting organisations with no military value.

He told Sky News: 'What we are seeing is that Russia is quite willing to use such weapons such as cyber attacks against these organisations, and here at Nato we stand shoulder to shoulder with our allies in unity against such actions.

'What we have made clear is that we are not going to be backward leaning. We are going to actually make it clear where Russia acts that we are going to be exposing that action.

'And we believe that by doing so this will act as a disincentive for acting in such a way in the future.'

Details were revealed on Thursday after the UK Government accused the GRU of a wave of other cyber attacks across the globe. 

He added: 'The Russian government needs to know that if they flout international law in this way, there will be consequences, they will be exposed, and people will see the Russian government for what they are; which is an organisation that is trying to foster instability throughout the world and that is totally unacceptable.'

The NCSC associated four new attacks with the GRU, on top of previous strikes believed to have been conducted by Russian intelligence. 

Dutch Minister of Defence Ank Bijleveld, director of Netherlands Defence Intelligence Onno Eichelsheim and British Ambassador to the Netherlands Peter Wilson revealed details of the thwarted hacking attempt at a briefing in The Hague today

Russia's GRU intelligence agency targeted the global chemical weapons watchdog, the OPCW, whose headquarters are in The Hague, Dutch authorities revealed today

Russia's GRU intelligence agency targeted the global chemical weapons watchdog, the OPCW, whose headquarters are in The Hague, Dutch authorities revealed today

Security expert Hamish de Bretton-Gordon said the cyber attacks in The Hague and at Porton Down showed Putin was bent on disrupting the investigation into the novichok attack in Salisbury. 

Mr de Bretton-Gordon said: 'It shows how the Russians did everything they could to undermine and disrupt the novichok investigation and try to make it fall apart. It is completely cynical and they didn't care at all'.

He added: 'Britain asked the OPCW to help and then soon afterwards Russian agents target them in The Hague and in Switzerland. It is no coincidence'.

The intervention by Britain, The Netherlands and the US today will put pressure on Putin to curb his cyber warfare.

But his spies' failure to kill Sergei Skripal and being caught trying to hack the OPCW 'will hurt him more', Mr de Bretton-Gordon said.

He added: 'The British secret services may have considered the GRU as equals but the past few months have shown they are amateurish and the West is now one step ahead of them. Putin will not like that and there will be a lot of anger in Moscow about some of these recent bungled missions'. 

 

Russian spies launched cyber attack from boot of rented Citroen using 'basic' hacking method... but left trail of clues including taxi receipts and cans of Heineken in an Aldi bag

The GRU used a laptop, Wi-Fi dongle and a rudimentary battery pack stored in the boot of a rented Citroen C3 in its botched cyber attack on the global chemical weapons watchdog, it was revealed today.

Using a technique from the early days of Wi-Fi, they attempted to break into the Organisation for the Prohibition of Chemical Weapons's network in The Hague by tricking staff into logging into their fake router.

They parked the car at a local hotel and disguised the Wi-Fi antenna hidden inside the router, so staff would login. The laptop then stole their username and password, allowing the agents to get into the OPCW's network.

The boot of a car filled with hacking equipment in the Citroen rental car which was being used by the four Russian officers

The boot of a car filled with hacking equipment in the Citroen rental car which was being used by the four Russian officers

Authorities released a picture of the car which was rigged up with hacking equipment

Hackers' visit to Rio Olympics exposed by a selfie with female friend

One of the team of hackers unmasked today unwittingly bolstered the evidence against him when he took a selfie at the Rio Olympic Games.

Evgenii Serebriakov was pictured clutching a female friend dressed in a Russia athletes T-shirt in the crowd at the Olympics.

Investigators have since exposed his cyber attacks on doping officials at the games. 

The FBI say Serebriakov hacked into wifi networks used by anti-doping officials and helped access a medical database.

Evgenii Serebriakov was among four Russians trying to hack chemical weapons inspectors and his laptop contained this selfie  at the 2016 Olympics in Brazil - revealing one of more than a dozen GRU missions across the globe

Evgenii Serebriakov was among four Russians trying to hack chemical weapons inspectors and his laptop contained this selfie  at the 2016 Olympics in Brazil - revealing one of more than a dozen GRU missions across the globe

Advertisement

Through the network they could spy on operations within the building, including investigations into the Salisbury Novichok attack.

It also emerged today that Russia's bungling GRU agents left a trail of clues that helped authorities link them to the string of cyber attacks.

Among the items revealed at an extraordinary briefing in The Hague today was a mobile phone one of the men was caught with having been activated near the Russian military intelligence's headquarters in Moscow.

Also discovered on one of the spies was a taxi receipt showing a journey from a street next to the GRU base to Moscow Airport on April 10, the day that the four agents later arrived at Amsterdam Schiphol Airport.

The team of four GRU officers travelling on official Russian passports entered the Netherlands on April 10 – but it turned out that two of them were carrying documents with consecutive passport numbers.

On April 11, they hired a Citroen C3 and scouted the area around the OPCW - all the time being watched by Dutch intelligence.

The agents, who stayed at a Marriott Hotel next to the Organisation for the Prohibition of Chemical Weapons in The Hague, were also found to have used public WiFi hotspots to conduct their operations in the Netherlands.

And they were photographed performed reconnaissance of the OPCW headquarters, where the nerve agent sample was being independently verified.

One of the many phones belonging to four Russian GRU officers is seen after they tried to destroy it when they were arrested

One of the many phones belonging to four Russian GRU officers is seen after they tried to destroy it when they were arrested

What the Russians had in the back of the rental car 

WiFi panel antenna - This would have projected a fake network, known as an 'evil access point', into the building.

The chemical weapons analysts would have tried to connect to this access point thinking they were connecting to their own WiFi network.

When staff logged into the fake router the laptop stole their username and password, allowing agents to break into the OPCW's computer network.

Using the network they could spy on operations within the building, including staff investigations into the March 2018 Salisbury Novichok attack.

The directional antenna were pointing specifically at the OPCW offices which means the fake network would have had a stronger signal than the real signal.

This would have lured the devices away from the real network. 

Smartphone (4G) - The hackers may have created a hotspot using their mobile.

This was then projected into the building using the antenna.

Computer - Using the computer they would have been able to siphon off staff login details.

A laptop belonging to one of the four was linked to Brazil, Switzerland and Malaysia, with the activities in Malaysia related to the investigation into the 2014 shooting down of flight MH17 over Ukraine.

Bag with battery - The battery would have been for powering the computer because when these attacks are mounted the device is left running for a long time.

'That was just to power the computer, and ancillary equipment', Professor Woodward told MailOnline.

'When you mount these attacks you often leave the device in situ running for a long time so it needs a hefty battery and most of those need to have their voltage converted to run, say, laptops.'

Transformer - The battery voltage would need to be converted in order to run the computers and phones.

Advertisement

When leaving The Hague, the men took all the rubbish from their room - including empty cans of Heineken beer and what appeared to be an empty cold meat packet in an Aldi bag - in a further bid to cover their tracks.

On April 13, the GRU officers were said to have parked a rental car with specialist hacking equipment outside the OPCW's headquarters to breach its systems – but British and Dutch intelligence thwarted the operation.

And when the men were arrested, they were caught with €20,000 (£17,000 or $23,025) and $20,000 (£15,000) in cash. The group also tried - and failed - to destroy a mobile phone, and they were caught with incriminating laptops.

A researcher has revealed that the rudimentary technique they used to hack into the OPCW is common - though it has never been used in such a high-profile case.

Professor Alan Woodward, a computer scientist at the University of Surrey, said the Russians likely used an ordinary laptop attached to a directional antenna, which was pointed at the OPCW building.

He said unlike more common remote hacking techniques, the GRU agents needed to park close to the site in order for the WiFi signal to be strong enough.

Looking at the equipment in the boot of the car it appears they were attempting to intercept login credentials as people tried to connect to the WiFi network at OPCW, Professor Woodward said.

'A classic way of doing this is to set yourself up as what is known as an 'evil access point', he told MailOnline. 'You pretend to be the network they are attempting to connect to and steal their login details as their computer or phone tries to connect.'

The cyber security expert said it was unusual for high level intelligence officials to use such a rudimentary form of attack. '[The technique] has been around as long as WiFi has,' he told MailOnline.

'Attacks have evolved as security in WiFi has evolved. But it's so basic that most enterprise style organisations are well protected. Hence the high profile cases tend to be from some more remote source.' 

 

Foreign Office and computers at Porton Down research facility were hacked by Russian spies from GRU cyber unit 'Sandworm' in wake of Salisbury novichok attack

Russian spies attempted to hack computers at the Foreign Office and the Porton Down military research facility days after assassins tried to murder the Skripals in Salisbury.

Moscow's feared GRU cyber unit nicknamed 'Sandworm' tried and failed to infiltrate UK IT systems as part of a series of attacks across Europe this year.

They carried out an unsuccessful 'spearfishing' attack on the Foreign Office in March as the police, MI5 and MI6 were trying to find out who attacked Sergei and Yulia Skripal with novichok.

At the same time they targeted computers at Porton Down in April, Britain's top military research facility where experts were testing for the nerve agent.

Computers at Porton Down were targeted by Russian spies at a time when British experts inside were testing for novichok

Computers at Porton Down were targeted by Russian spies at a time when British experts inside were testing for novichok

British intelligence helped thwart the operation, which was launched in April, a month after the Salisbury Novichok poisoning.

Details were revealed on Thursday after the UK Government accused the GRU of a wave of other cyber attacks across the globe.

At a press conference in The Hague, British ambassador to the Netherlands Peter Wilson said: 'The disruption of this attempted attack on the OPCW was down to the expertise and the professionalism of the Dutch security services in partnership with the United Kingdom.

'The OPCW is a respected international organisation which is working to rid the world of chemical weapons.

'Hostile action against it demonstrates complete disregard for this vital mission.' 

Conservative MP Tom Tugendhat, chairman of the UK's Commons Foreign Affairs Committee, tweeted: 'The catalogue of evidence shows why the Dutch are excellent partners and that the decades of theft have stripped Russia's intelligence of the skills they once had. Putin's corrupt greed has turned the GRU into an amateurish bunch of jokers.' 

Dutch authorities released a diagram showing how the hacking equipment was set up in the boot of the car
Some of the haul of electronic kit found in the group's possession

Dutch authorities released a diagram showing how the hacking equipment was set up in the boot of the car. Right: Some of the haul of electronic kit found in the group's possession

Russia's GRU intelligence agency targeted the global chemical weapons watchdog, the OPCW, whose headquarters are in The Hague, Dutch authorities revealed today

 

Russia 'interfered in three elections' as it targeted Britain, Macedonia, U.S. and Ukraine in string of 'brazen' cyber attacks aimed at destabilising democracies around the world

Russian spies launched a global cyber war to interfere with three elections, the Olympics, the MH17 investigation and the hunt for the men behind the Skripal attack in Salisbury, it was revealed today.

The Kremlin has been accused of using its agents to 'foster instability' in democracies around the world as their operations over the past three years were laid bare.

Targets included the metro and airports in Ukraine, police in Malaysia investigating claims the Russians shot down MH17 killing 300 passengers and even the emails of a small UK TV station.

Russian president Vladimir Putin appeared untroubled the growing storm over Russian hacking as he met India's Prime Minister Narendra Modi in New Delhi today

Russian president Vladimir Putin appeared untroubled the growing storm over Russian hacking as he met India's Prime Minister Narendra Modi in New Delhi today

Timeline: Putin's cyber army's worldwide missions 

2015: Hacker sent to Kuala Lumpur targets the Malaysian investigation into the shooting down of flight MH17 over Ukraine. He targeted Malaysian government institutions, including the attorney general's office and the Royal Malaysian Police

2015: The GRU accesses email accounts at a small UK-based TV station

2015-2016: Russia hacks the Danish defence ministry and gained access to employees' emails

May 2016: Russia accused of being behind a series of cyber attacks on German state computer systems

June 2016: Hackers accessed the Democratic National Committee during the 2016 US presidential campaign.

August 2016: Agent photographed posing at the Brazil Olympics where confidential US athlete medical data was hacked and leaked

September 2016: GRU officers connected to WiFi at the Alpha Palmiers Hotel in Lausanne, Switzerland, where a WADA conference was taking place

August 2017: Agents try to interfere and influence the Macedonian elections and GRU 'Fancy Bears' again attack WADA in August 2017

October 2017: The GRU behind a 'BadRabbit'attack that caused disruption to the Kiev metro and Odessa airport

March 2018: The GRU attempted to compromise UK Foreign and Commonwealth Office computer systems in London via a spear phishing attack

April 2018: GRU intrusions targeted both the computers Porton Down in Salisbury and the Organisation for the Prohibition of Chemical Weapons in The Hague

May 2018: GRU hackers sent spear phishing emails which impersonated Swiss federal authorities to target OPCW employees in Holland

Advertisement

Their hacking missions were inadvertently revealed by the four bungling spies caught trying to hack into computers used by chemical weapons inspectors investigating Russian attacks in Salisbury and Syria at their Dutch headquarters.

Cyber expert Evgenii Serebriakov's laptop was seized at The Hague and revealed he kept selfies from previous operations including at the 2016 Olympics in Brazil where Russian athletes' doping samples were tampered with and US athletes' medical records leaked.

His laptop also linked the men to cyber attacks in Switzerland, America, Denmark and Germany.

Two of the officers were planning to travel on to Switzerland where the OPCW - which was at the time investigating the Salisbury attack and a suspected chemical weapons attack in Syria - has laboratories.

The National Cyber Security Centre (NCSC) has said a number of hackers known to have launched attacks have been linked to the GRU.

The NCSC associated four new attacks with the GRU, on top of previous strikes believed to have been conducted by Russian intelligence.

Among targets of the GRU attacks were the World Anti-Doping Agency (Wada), transport systems in Ukraine, and democratic elections, such as the 2016 US presidential race, according to the NCSC.

The centre said it was 'almost certainly' the GRU behind a 'BadRabbit' attack in October 2017 that caused disruption to the Kiev metro, Odessa airport and Russia's central bank.

Britain's cyber security chiefs say they have 'high confidence' Russian intelligence was responsible for a strike on Wada in August 2017.

The NCSC also said the GRU was 'almost certainly' to blame for hacking the Democratic National Committee during the US presidential election in 2016.

And the agency pointed the finger at the GRU for accessing email accounts at a small UK-based TV station in 2015.

The hackers were planning to travel on to the Spiez Laboratory, where the OPCW was studying chemical weapons

The hackers were planning to travel on to the Spiez Laboratory, where the OPCW was studying chemical weapons

Theresa May and the Dutch PM blast the Kremlin for 'unacceptable' cyber attacks and warn Russia is showing a total 'disregard for the global values and rules that keep us safe' 

Theresa May today tore into Russia for its 'unacceptable cyber activities' and vowed to hit back to defend the international order against their strikes.

In a joint statement with the Dutch Prime Minister, she said the Kremlin is showing flagrant 'disregard' for the global values which keep the world safe.

And she warned that Britain and its allies will stand up to the Russian aggression to  ensure that Western institutions are protected from the onslaught of attacks ordered by Moscow.

She issued the stern rebuke in a joint statement with the Dutch PM Mark Rutte after the two countries today revealed Russia's GRU intelligence agency tried to hack into the global chemical weapons watchdog a month after the Salisbury attack. 

In a joint statement with the Dutch Prime Minister, Theresa May (pictured at Tory party conference in Birmingham yesterday) said the Kremlin is showing flagrant 'disregard' for the global values which keep the world safe
The Dutch Defence Ministry this morning took the extraordinary step of naming and picturing four Russian agents involved in the attack on the OPCW in April (pictured, Dutch PM Mark Rutte)

Theresa May (pictured left at her party conference in Birmingham yesterday) and Dutch PM Mark Rutte (pictured at the UN Assembly in September today tore into Russia for its 'unacceptable cyber activities' and vowed to hit back to defend the international order against their strikes

The Dutch Defence Ministry this morning took the extraordinary step of naming and picturing four Russian agents involved in the attack on the OPCW in April.

The two leaders said: 'We have, with the operations exposed today, further shone a light on the unacceptable cyber activities of the Russian military intelligence service, the GRU.

'This attempt to access the secure systems of an international organisation working to rid the world of chemical weapons, demonstrates the GRU's disregard for the global values and rules that keep us safe.

'Our action today reinforces the clear message from the international community: we will uphold the rules-based international system and defend international institutions from those that seek to do them harm.'

Advertisement

'A diabolical perfume of lies': Russia makes novichok reference as it blasts claims its GRU agents were behind global cyber attacks

Russia today described British accusations that its spies were behind global cyber attacks as 'a diabolical perfume of lies'.

The Russian Foreign Ministry's phrase referred to the Salisbury poisonings earlier this year which saw the novichok nerve agent disguised in a fake perfume bottle.

Its spokesman Maria Zakharova said the new hacking allegations were unworthy and part of a disinformation campaign designed to damage Russian interests.

But Ms Zakharova said today the accusations were the product of someone with a 'rich imagination', adding: 'It's some kind of a diabolical perfume cocktail.'

Russian Foreign Ministry spokesman Maria Zakharova, pictured with President Vladimir Putin in January 2017, dismissed the new hacking accusations from the UK as 'big fantasies'
Russia's phrase of 'a diabolical perfume of lies' referred to the Salisbury poisonings earlier this year which saw the novichok nerve agent disguised in a fake perfume bottle (above)

Russian Foreign Ministry spokesman Maria Zakharova, pictured with President Vladimir Putin in January 2017, dismissed the new hacking accusations from the UK as 'a diabolical perfume of lies'. The statement is thought to be a reference to the fake perfume bottle used in the novichok attack which killed British mother Dawn Sturgess

Asked about accusations from the Foreign Office of Russia being involved in worldwide cyber attacks, a spokesman for the Russian embassy said: 'This statement is reckless. It has become a tradition for such claims to lack any evidence. It is yet another element of the anti-Russian campaign by the UK Government.

'In December 2017 during the then-foreign secretary Boris Johnson's visit to Moscow, Russia's Foreign Minister Sergei Lavrov proposed to launch expert consultations on cybersecurity in order to address UK's concerns, if any. 

'The offer was turned down. The only reasonable explanation is that the UK has no facts for a substantive discussion.

'Thus, such statements by the Foreign Office are nothing but crude disinformation, aimed at confusing the British and world public opinion. 

'By the way, it is hardly a coincidence that these accusations appear exactly at the time of Nato defence ministers meeting in Brussels and announcements of creating special cyber-attack military units in several western countries.'

Advertisement

 

The comments below have not been moderated.

The views expressed in the contents above are those of our users and do not necessarily reflect the views of MailOnline.

We are no longer accepting comments on this article.