Accessibility links

Breaking News

How a Blunder Unmasked 305 Russian GRU Agents


Diplomatic passports of some of the suspected Russian operatives who allegedly attempted to breach computer networks in the Netherlands are seen in an illustration photo. (Source - Netherlands Defense Ministry via U.S. Department of Justice)
Diplomatic passports of some of the suspected Russian operatives who allegedly attempted to breach computer networks in the Netherlands are seen in an illustration photo. (Source - Netherlands Defense Ministry via U.S. Department of Justice)

The public identification this week of more than 300 suspected agents of Russia’s military intelligence service, the GRU, is being dubbed by security analysts the largest intelligence blunder in Russian post-Cold War history.

And the cause for the bungling comes down, they say, to the simple “human factor” of wanting to avoid traffic fines, including for drunken driving.

Prompted by the midweek disclosure by Dutch and British authorities of the identities of four Russian GRU operators accused of trying to hack the headquarters of the world's chemical weapons watchdog, the investigative journalism consortium Bellingcat subsequently trawled through a publicly available Russian traffic-records database to unearth the names and details of 305 other individuals thought to be working for the Russian intelligence agency.

Passport numbers and, in many cases, mobile telephone numbers were included in the vehicle registrations.

Bellingcat scrutinized the traffic database after one of the four GRU operatives named Thursday by the British and Dutch was found to have registered his Lada car in 2011 using the Moscow address of the GRU barracks housing his cyberespionage unit 26165.

The unit has been accused by Western authorities, including the U.S., of being responsible for a series of cyberattacks and the hacking of computer networks of international anti-doping agencies as well as organizations investigating Russia's use of chemical agents, including the alleged nerve-agent poisoning in the English town of Salisbury earlier this year of former Russian spy Sergei Skripal and his daughter Yulia.

By searching for other vehicles registered to the same address Bellingcat came up with a list of 305 other individuals ranging in age from 27 to 53-years-old.

Alleged Russians operatives who later were found attempting to hack into computer networks in the Netherlands arrive at Amsterdam's Schipol Airport. (Source - Netherlands Defense Ministry via U.S. Department of Justice)
Alleged Russians operatives who later were found attempting to hack into computer networks in the Netherlands arrive at Amsterdam's Schipol Airport. (Source - Netherlands Defense Ministry via U.S. Department of Justice)

‘Special list'

The GRU agents likely exposed their personal information on the database in order to gain immunity from traffic stops and to avoid punishment for violations, according to Alexander Gabuev of the Carnegie Moscow Center, a think tank.

He says the “root cause” for the data leak is “a combination of a wrecked values system,” “notorious incompetence” and “banal corruption.” Using the GRU address meant the agents “are put on a special list so the traffic police can’t stop you, the fines for drunk driving etc. never apply to you, and you don’t need to pay car tax,” he tweeted.

The disclosure of the list of 305 GRU operatives has added to a growing debate among analysts and Western intelligence officials about the professionalism — or lack of it — of the GRU when it comes to standard tradecraft.

Initially, Dutch and British authorities thought the names of the four Russian GRU operators accused of trying to hack the computers of the Organization for the Prohibition of Chemical Weapons were aliases. But it now appears the GRU operatives, Aleksei Morenets, Evgenii Serebriakov, Oleg Sotnikov and Aleksey Minin used their real names and traveled on genuine passports.

That is an extraordinary security lapse, say current and former members of Western intelligence services, making it easier for the men’s missions, which took them not only to the Netherlands but Switzerland and Rio de Janeiro, too, to be laid at the door of the GRU.

Russia's Foreign Ministry has described the allegations about GRU operatives mounting so-called active measures in Europe and elsewhere as “fantasies.” But Moscow’s denials have not been helped by the trail to the GRU the four men left and the surprising story of failed spycraft revealed by Dutch authorities Thursday, which is undermining Russia’s fearsome reputation in the field of espionage, say analysts.

Equipment purportedly found on Russian operatives who allegedly attempted to breach computer networks in the Netherlands are seen in an illustration photo. (Source - Netherlands Defense Ministry via U.S. Department of Justice)
Equipment purportedly found on Russian operatives who allegedly attempted to breach computer networks in the Netherlands are seen in an illustration photo. (Source - Netherlands Defense Ministry via U.S. Department of Justice)

‘Amateurish bunch’

Dutch authorities say the four men, like the alleged GRU would-be assassins of Skripal and his daughter, didn't do much to cover their tracks. Britain’s security minister Ben Wallace has described the recent GRU operations as “more Johnny English than James Bond.” The four GRU would-be hackers in the Netherlands failed to recognize they were being monitored by the Dutch intelligence service. When they were detained in April before being expelled by the Dutch they were found to have with them laptop computers linking them to other Russian espionage operations around the world. One of them had a taxi receipt showing he'd traveled from the GRU barracks in the Russian capital to Moscow Sheremetyevo airport.

The botched tradecraft of both the Skripal poisoning and the GRU’s alleged “close-access” hacking has prompted ridicule from some Western politicians and officials. British Conservative lawmaker Tom Tugendhat, the chairman of the British parliament’s foreign affairs committee, mocked the GRU in a tweet as “an amateurish bunch of jokers.”

Another British lawmaker, Bob Seely, said recent GRU blunders reveal how hapless the organization is and “shows that subversion is probably beyond their professional capability; they can't even cover their tracks in the most basic of ways. It is very sloppy and makes President Putin look foolish.”

Arrogant defiance?

But some analysts and Western intelligence officials are querying whether the Salisbury attack and GRU hacking operations were just a matter of clumsy spy tradecraft or a display of arrogant defiance by the GRU.

Security analyst Mark Galeotti of the Institute of International Relations in Prague, the author of a new book on Russian organized crime and Russian security forces, maintains the GRU shouldn't be dismissed as incompetent. Writing in Foreign Policy magazine, he says the “emerging narrative about its supposed clumsiness, is dangerous.”

He adds the GRU prides itself “on having a military culture in which a mission must be accomplished, whatever the cost. The GRU’s ethos of completing the mission no matter what means that innocent lives lost or even the revelation of agents’ names are not blunders so much as irrelevancies.”

XS
SM
MD
LG