The Netherlands has said it foiled a plot by Russian military intelligence to launch a cyber attack against the international chemical weapons watchdog and expelled the four Russian agents involved.
Dutch defence minister Ank Bijleveld said that four men working for Russia's GRU were caught trying to hack into the computer network at the headquarters of the Organisation for the Prohibition of Chemical Weaponsin The Hague from a car parked at a nearby hotel in April.
One British security official said: “They were caught in flagrante. For the GRU to be caught in this way might be considered a bad day.”
Asked why they did it, the official said: "It is hard to know their full intent because their operation failed." He said it was possible that discrediting an OPCW inquiry into the poisoning of former Russian double agent Sergei Skripal and his daughter Yulia might have been the Russian agents' intention.
They four were named by Dutch authorities as Aleksei Morenets, Oleg Sotnikov, Alexey Minin and Evegenii Serebriakov.
Laptops belonging to the men, which were seized by the Dutch security services, allegedly showed they were involved in cyber operations in Switzerland, Malaysia and Brazil. They were each carrying $20,000 when they were arrested, authorities said.
One of the suspected GRU agents expelled from the Netherlands was also allegedly found collecting information about the MH17 case – when a Malaysia Airlines flight from Amsterdam to Kuala Lumpur was shot down over Ukraine in 2014, killing all passengers and crew on board.
The alleged attack on the OPCW in The Hague came as the watchdog was conducting tests to verify the nerve agent used to attack Mr Skripal in Salisbury, England, in March, which the UK says was carried out by two GRU agents. Russia and the two men have denied the claims.
According to the Dutch authorities, the four intelligence officers entered the Netherlands via Schiphol Airport using diplomatic passports. They subsequently hired a car which they positioned in the parking lot of the Marriott Hotel, adjacent to the OPCW offices.
Equipment in the boot of the car was set up to hack into Wi-Fi networks and infiltrate the OPCW’s networks. The authorities said the antenna for the equipment was hidden under a jacket on the rear shelf of the car and that the equipment was operational when Dutch security officers disrupted the GRU agents.
The Dutch authorities released CCTV images of the men arriving at Schiphol Airport as well as copies of their passports, pictures of the hire car and computer equipment and screenshots of data allegedly showing their international cyber hacking operations.
The extraordinary level of information released by the Dutch echoed a similar move last month by the British police, who released CCTV footage of the two GRU agents – named as Ruslan Boshirov and Alexander Petrov – whom the UK has accused of carrying out the attempted assassination of the Skripals.
“Only rarely are the findings of intelligence services brought to the attention of the public,” added Ms Bijleveld, who said the Dutch government had taken the step to expose the GRU and hamper any future international operations.
Swiss authorities said they had taken part in the operations along with the Dutch and British. Swiss reports last month said two men were suspected of targeting a laboratory near Bern that worked on behalf of the OPCW.
The announcement by the Dutch came just hours after the UK’s National Cyber Security Centre attributed six cyber international attacks to the GRU, including the hack of the US’s Democratic National Committee in the run-up to the 2016 presidential election and an attempt to infiltrate the World Anti-Doping Agency’s networks.
It is part of a growing effort by the UK and its western allies to name and shame the GRU and Russia in the wake of the novichok attack in Salisbury.
The Dutch authorities also revealed that the US will on Thursday bring charges against a number of Russian intelligence officers having requested legal assistance from the Dutch Public Prosecutors’ office in August.
UK ambassador to the Netherlands Peter Wilson also disclosed details of further attempts by the GRU's hacking group, known as APT28, to attack the UK Foreign Office's computer networks after the Salisbury attack in March through a spear phishing attack and a later attack on the Ministry of Defence's science and technology laboratory.
The facility at Porton Down, which is close to Salisbury, was instrumental in identifying the Russian-made nerve agent used in the attack on the Skripals.
“We will expose their methods and share their allies,” said Mr Wilson, who added the GRU was an “aggressive, well-funded body of the Russian state.
“It can no longer be allowed to operate ... with apparent impunity,” he added. – Copyright The Financial Times Limited 2018