Russian spies caught red-handed trying to hack Salisbury attack investigation
They were supposed to slip into the country, carry out their secret mission and then quietly disappear.
For the Russian military intelligence officers sent to target the world chemical weapons watchdog, however, it turned out to be – in the words of one UK official – a “pretty bad day”.
The four-strong team GRU were caught “in flagrante”, according to officials, as they attempted to hack into the computer system of the Organisation for the Prohibition of Chemical Weapons (OPCW) in The Hague.
They were then sent packing to Moscow by Dutch security services, leaving behind them a treasure trove of intelligence about the GRU’s covert activities around the world.
The operation followed the attempted assassination of former Russian spy Sergei Skripal and his daughter, Yulia, in Salisbury in March by two other suspected GRU officers.
In the days and weeks that followed, British officials said GRU teams in Russia attempted to hack the computers of the Foreign Office and Defence Science Laboratory at Porton Down, which was investigating the deadly nerve agent used in the attack.
They also sent spear phishing emails to the headquarters of the OPCW, which was helping the UK authorities to identify the substance involved.
When this failed it was decided to send a close access team to the Netherlands to see if they could have more luck.
Right from the start, however, they appear to have made little attempt to hide their presence in the country, arriving together with Russian diplomatic passports at Schiphol Airport, where they were captured on CCTV being met by a Russian embassy official.
They were named by the Dutch as Aleksei Morenets and Evgenii Serebriakov – described as cyber operators – and Oleg Sotnikov and Alexey Minin, who were said to be providing Humint (human intelligence support).
Once through customs and immigration controls, they hired a car and headed for The Hague.
Three days later, on April 13, the vehicle parked up close to the OPCW building.
It was there the Dutch security service – operating with the assistance of British intelligence – pounced.
The GRU men were said to have tried to destroy their equipment but were prevented from doing so.
In the back of the car, investigators found – partially hidden under a coat – a computer connected to a 4G mobile and a Wi-Fi panel antenna, as well as other specialist hacking equipment.
They also recovered 20,000 euros and 20,000 dollars in cash, as well as evidence the group was planning to travel on to Switzerland with the intent of targeting the OPCW’s laboratory in Spiez.
“It is hard to know the full extent of the operation as it failed,” one UK official said.
“Judging from past form elsewhere, discrediting the investigation could well have been the motivation.”
While the GRU team was being escorted back to Schiphol for return to Moscow, investigators began going through Serebriakov’s laptop.
They found he had made a series of Google searches relating to the OPCW building and its surrounds.
Minin’s camera also contained reconnaissance photos of the area.
Remarkably, the investigators also found evidence on Serebriakov’s computer of his involvement in other GRU close access operations, including in Malaysia, where he is said to have targeted the investigation into the shooting down of flight MH17 over Ukraine in 2014 when almost 300 people died.
There was also evidence of his involvement in the hacking of in the World Anti-Doping Agency (Wada) in Switzerland, which was investigating widespread doping by Russian athletes, and even a photograph of him posing with a young woman at the 2016 Olympics.
“For GRU officers, to get caught in this way would be considered a pretty bad day,” a British security official said.
