Columnist

Ignatius: West catching and exposing Russia’s GRU hackers

The GRU is known for its panache and daring, but now it’s also known as sloppy — and now compromised.

By David Ignatius

One of the most satisfying moments in any spy thriller is when the bad guy — the black-hat operative who has been killing and tormenting his adversaries — does something dumb and gets caught. That’s essentially what’s been happening recently with Russian President Vladimir Putin’s pet spy agency, the GRU.

What’s fascinating about the GRU revelations is that they seem to reflect an aggressive pushback after several years in which Putin (chiefly through the GRU) launched recklessly aggressive covert actions against the West. The West is retaliating (at least in part) with public information that blows GRU covers and operating methods and, frankly, makes them look clumsy and incompetent.

These disclosures are the latest in a string of disasters for the GRU, a military spy service known for its panache and daring. Now, we should add sloppiness to that list of operational trademarks. The GRU’s spycraft occasionally looks closer to TV’s Maxwell Smart than John le Carre’s vaunted fictional spymaster, Karla.

The latest expose of the GRU’s not-so-secret tradecraft came Tuesday, when a British investigative group shredded a layer of the lies surrounding Russia’s attempt to poison former agent Sergei Skripal in March. It was the equivalent of the tough guy in the trench coat getting caught with his undershorts around his ankles.

Bellingcat, as the group calls itself, presented photographic evidence showing that a suspect in the Skripal attack, who the Russians had claimed was a tourist named Petrov who worked in the sports nutrition business, is really a GRU doctor named Alexander Mishkin. Last month, Bellingcat had exposed another suspect, whose cover identity was “Ruslan Boshirov,” as GRU Col. Anatoliy Chepiga.

The most detailed exposures of GRU tradecraft came in a Justice Department indictment that was unsealed Oct. 4, in tandem with supporting statements from Britain and the Netherlands. The indictment, which named seven GRU officers, included details about Russian spy operations that could only have been collected by the CIA and National Security Agency and its foreign partners. (Three of the Russians had also been named in July’s indictment of 12 GRU officers for meddling in the 2016 U.S. presidential election.)

Last week’s indictment is a treasure trove for spy mavens. One GRU hacking operation sought to sabotage the World Anti-Doping Agency’s effort to punish Russia for systematically drugging its Olympic athletes; a second, chilling GRU hack stole information from Westinghouse about advanced U.S. nuclear-reactor technology. A third targeted two investigations of the Novichok nerve agent used in the Skripal hit, one by an international chemical weapons group in The Hague and another by a chemical laboratory in Switzerland. These were brazen operations; but they were also messy.

The dry pages of the indictment reveal tradecraft secrets that could animate a half-dozen spy novels. The GRU operatives used spoof websites to “spearphish” victims into revealing login information (creating a “westinqhousenuclear.com” site, with the misspelled “q,” for example). They made payments in Bitcoin and other cryptocurrencies. (Weren’t those supposed to be untraceable?) They used malware tools with names like “Gamefish,” “Chopstick” and “X-tunnel.” They dumped their hacked information by sending direct messages on Twitter to 116 reporters and exchanging emails with 70 journalists.

For the last few years, the CIA, NSA and FBI have watched as hackers and whistleblowers (perhaps with a helping hand from Moscow) revealed the agencies’ hacking techniques. For U.S. intelligence officials, revenge is a dish best eaten cold.

The most astonishing disclosure came from the Dutch, who caught four GRU officers red-handed in The Hague as they were hacking the headquarters of the Organization for the Prohibition of Chemical Weapons. As Dutch intelligence officers intervened, “the conspirators abandoned their equipment,” including a backpack and other gear that revealed techniques and a string of other operations, according to the indictment. The Dutch even found a taxi receipt showing that a member of the team had left the rear entrance of the GRU headquarters in Moscow and headed to the airport.

The implicit message in all of this: If you hit us, one of the ways we will retaliate is by exposing your operatives, sources and methods. There are other reprisals underway, but these public disclosures undermine the GRU’s operational capabilities. And they must make the Russian spy service wonder: What else do the Americans and their allies know? If agent A is blown, then what about his colleagues B, C, and D.

The CIA and its foreign allies don’t normally like to reveal secrets like these, because they reveal how much they know about their adversary. The revelations are a public warning to Putin: Knock it off, you’re more vulnerable than you think.

David Ignatius’ email address is davidignatius@washpost.com.

Talk to us

> Give us your news tips.

> Send us a letter to the editor.

> More Herald contact information.

More in Opinion

Canceled flights on a flight boards at Chicago O’Hare International Airport in Chicago, on Friday, Nov. 7, 2025. Major airports appeared to be working largely as normal on Friday morning as a wave of flight cancellations hit the U.S. (Jamie Kelter Davis/The New York Times)
Editorial: With deal or trust, Congress must restart government

With the shutdown’s pain growing with each day, both parties must find a path to reopen government.

toon
Editorial cartoons for Tuesday, Nov. 11, Veterans Day

A sketchy look at the news of the day.… Continue reading

Klein: Democrats had the upper hand. Why did they give in now?

Trump has a higher tolerance for others’ pain than Democrats do. And they made their point with voters.

Recalling the bravery of nation’s first veterans

In the year 1768 there were a lot of Americans involved with… Continue reading

Praise for both candidates in County Council race

Sam Low earned my vote for Snohomish County Council Position 5 because… Continue reading

So much ‘winning’ in Trump’s first eight months

So. Eight months into the second Trump administration, the government has been… Continue reading

Kristof: Trump’s cuts to aid killing more Christians than Jihadis do

At Trump’s insistence, the U.S. has plans to invade Nigeria. A restoration of aid would save far more lives.

Warner Bros. "The Lord of the Rings"
Editorial: Gerrymandering presents seductive temptation

Like J.R.R. Tolkein’s ‘One Ring,’ partisan redistricting offers a corrupting, destabilizing power.

A Flock camera captures a vehicle's make, model and license plate that police officers can view on computers. The city of Stanwood has paused use of Flock cameras while lawsuits over public records issues are sorted out. (Flock provided photo)
Editorial: Law enforcement tool needs review, better controls

Data from some Flock cameras, in use by police agencies, were gained by federal immigration agencies.

Fresh produce is put in bags at the Mukilteo Food Bank on Monday, Nov. 25, 2024 in Mukilteo, Washington. (Olivia Vanni / The Herald)
Editorial: County’s food banks need your help to aid neighbors

The suspension of SNAP food aid has increased demand at food banks. Their efforts need your donations.

toon
Editorial cartoons for Monday, Nov. 10

A sketchy look at the news of the day.… Continue reading

Comment: If justices limit Trump’s power, it starts with tariffs

Depending on reasoning, three of the Supreme Court’s conservatives seem ready to side with its liberals.

Support local journalism

If you value local news, make a gift now to support the trusted journalism you get in The Daily Herald. Donations processed in this system are not tax deductible.