WeeklyWorker

11.10.2018
Four alleged GRU agents - plus Russian diplomat - picture released by Dutch secret services

A form of warfare

Eddie Ford thinks we should take hacking threats seriously - especially from GCHQ

Those pesky Russians are back in the news again. The British-based open-source website, Bellingcat, has claimed that the second suspect in the Skripal poisoning case is called Alexander Mishkin - a doctor working for the Russian military intelligence, the GRU. Last month, the same website named the other suspect as Anatoliy Chepiga - a claim naturally rejected by Russia, but British officials have not disputed or questioned Bellingcat’s identification of the men.

Quite impressively, Bellingcat managed to identify them - assuming for now that its claims are correct - using information that is publicly available if you know where and how to look. The website said it tracked down Mishkin’s real identity after obtaining a scanned copy of his actual passport, then asked facial recognition experts to examine two photos taken 15 years apart by using simulated age progression software to establish the match - afterwards confirming the details with people who actually knew him back in his home village. Mishkin’s professional expertise as a medical specialist makes sense, when you consider that Novichok is one of the most dangerous nerve agents ever to have been manufactured. Those who still insist, in violation of ‘Occam’s razor’, that MI5 or MI6 were responsible for the Salisbury attack look increasingly eccentric - though the revelations about Mishkin will doubtlessly be used to further stoke up anti-Russian tensions and a spy-mania that strays at times into the paranoiac.

But, of course, as well as Russian spies, we also have Russian hackers - whose turn it was to dominate the headlines last week. Thus, on October 4, “the west launched a transatlantic offensive” (Financial Times) against Russian espionage activities, accusing the GRU of a litany of attacks. The most scandalous attack - if you go by the acres of coverage in the press, at least - was on the computer networks of the Organisation for the Prohibition of Chemical Weapons, based in The Hague. Having 193 member-states, the OPCW - as you would expect - was heavily involved in the investigation into the Skripal poisonings, and disputed chemical attacks in Syria, making it a natural target. Four Russian operatives, believed to have been part of a GRU ‘clean-up’ unit, allegedly travelled to The Hague on diplomatic passports in April - eventually staying in a hotel next door to the OPCW HQ. This, so the story goes, after unsuccessfully launching a home-based attack.

The attempt, we read, was thwarted with the help of British intelligence officials - after the Sandworm cybercrime unit of the GRU had attempted unsuccessfully to hack the UK foreign office in March and the Porton Down chemical weapons facility in April. Oddly enough for members of what is supposed to be a secret service, they seemed to have made little attempt to hide their presence in the Netherlands - arriving all together at Schiphol airport, where they were immediately captured on CCTV being met by a high-level Russian embassy official. Then, once through customs and immigration controls, they hired a car and headed straight for The Hague. Not exactly hiding their tracks.

British security officials said the GRU agents were caught “in flagrante” by Dutch intelligence three days after arriving in the country, as they sat in their hired car parked close to the OPCW building. They tried, and hopelessly failed, to destroy their equipment. In the back of the vehicle, investigators found a laptop connected to a 4G mobile and a Wi-Fi panel antenna, partially hidden under a coat, as well as other ‘specialist’ hacking equipment. They also recovered €20,000 and $20,000 in cash, as well as taxi receipts from a GRU facility in Moscow and reconnaissance maps - their seized laptops allegedly showing that the men were involved in cyber operations in Switzerland, Malaysia and Brazil. One of the suspects, it is believed, was found collecting information on the investigation into MH17, the Malaysian Airlines flight shot down over Ukraine in 2014.

Needless to say, the four operatives were immediately bundled onto a plane back to Moscow. You can only conclude from this episode that spies ain’t what they used to be - standards are slipping. No wonder it is widely reported that Vladimir Putin, who knows a thing or two about the spying trade, is very unhappy with the GRU’s performance and that a purge could be on the way.

Only hours after the Dutch revelations, US prosecutors unveiled charges against several Russians thought to be GRU agents, including the four involved in the OPCW operation. Washington accused them of targeting a range of sports agencies, as well as being part of the ‘Fancy Bears’ group - most notably the World Anti-Doping Agency’s office in Switzerland. Apparently they were eager to get hold of the medical records of some 250 athletes, especially Sir Bradley Wiggins and Sir Mo Farah, at a time when Russia was facing allegations of state-sponsored cheating at the Olympics and other sporting events.

At the same time, in an unprecedented statement foreign secretary Jeremy Hunt said the National Cyber Security Centre had found that a number of hackers have been conducting attacks around the world - undertaken with the explicit agreement of the Kremlin. So far, the foreign office has attributed six specific attacks to GRU-backed hackers and identified 12 hacking group code names as fronts for the GRU - but watch this space.

As an almost comical coda to these events, we have also discovered that the GRU in 2015 took complete control of the UK-based Islam Channel for an entire month - it being estimated that 59% of British Muslims watched the station, which features former leader of the Socialist Workers Party, John Rees, as a presenter. The channel’s senior executives were totally unaware of the attack until they were helpfully contacted by the home office, who put them in touch with another unnamed agency that reportedly informed them that the attack had been carried out at the “state level” (ie, by Russia). Afterwards, it took “a good few months” to tackle the takeover - evidently it was hardly a priority for Britain’s spooks, who probably sent in their B-team.

Quite why the GRU, or anybody else, would want to hack into the Islam Channel remains a mystery - particularly as none of its content or broadcasts were changed in any way whatsoever. So what was the point - just to prove that you can? You would really think that the GRU have better things to do with their time, like drastically improving their recruitment process.

Significant

Nevertheless, the publication of such an extraordinary amount of information is significant in and of itself - it is not the sort of thing that the secret services normally do, preferring to keep things … well, secret.

For example, when MI5 officer Michael Bettaney (Malkin) - later a CPGB supporter and writer for this publication - was on trial for being a KGB double-agent, the whole thing was conducted in camera, enabling the secret services to put out a load of nonsense about him being a hopelessly incompetent drunk, Hitler-lover and so on.1 Most of these things are kept very close to their chests - what with Defence and Security Media Advice notices and all the rest. Therefore the very fact that they are revealing these stories tells you something straightaway. If you listen to the various statements by the US, British and Dutch governments, what they are saying is not only that they will continue to reveal the skulduggery of the Russian state, but that they will respond.

There is no doubt that technically, GCHQ could hack into the Russian electronic communications system and, for example, close down Moscow’s electricity supply - something that it has more or less openly admitted.2 We need to remember that the UK is part of the US-hegemonic Five Eyes intelligence alliance - the other partners being Canada, Australia, New Zealand and, of course, the US. The agreement, whose origins can be traced back to the immediate post-World War II period, means that they are all meant to share their intelligence on an equal footing: what you know, we know - even if it might not always work out exactly like that. Germany, by contrast, has been extensively spied upon by the US. But if you are part of the Five Eyes, then you are not allowed to spy on each other, at least according to the formal agreement.

Given that GCHQ is effectively an adjunct of the US state, when it says it can close down Moscow’s electricity supply, that threat should be taken seriously. The obvious problem, however, is that a fairly large number of people would die if GCHQ pulled the plug on Moscow - which would be very bad politics indeed, especially if you want to present yourself as the good guy. Hence we would not expect an attack of that nature, though you cannot entirely rule it out. But at some stage relatively soon, we should expect something to happen that goes beyond sanctions and tit-for-tat expulsions of diplomats.

At the end of the day, GCHQ hacking is a form of warfare - the equivalent of the medieval practice of bunging a big rock over the city walls. Something will inevitably get crushed. After all, GCHQ exists purely to spy and hack. The idea that only ‘rogue’ states like Iran, North Korea - and now Russia - engage in cyber-warfare is risible.

eddie.ford@weeklyworker.co.uk

Notes

1. See ‘A man of contradictionsWeekly Worker September 6.

2. www.thesun.co.uk/news/5796060/russia-cyber-attack-gchq-putin-uk-supermarkets-banks-netflix.