Ignatius: West catching and exposing Russia’s GRU hackers

The GRU is known for its panache and daring, but now it’s also known as sloppy — and now compromised.

By David Ignatius

One of the most satisfying moments in any spy thriller is when the bad guy — the black-hat operative who has been killing and tormenting his adversaries — does something dumb and gets caught. That’s essentially what’s been happening recently with Russian President Vladimir Putin’s pet spy agency, the GRU.

What’s fascinating about the GRU revelations is that they seem to reflect an aggressive pushback after several years in which Putin (chiefly through the GRU) launched recklessly aggressive covert actions against the West. The West is retaliating (at least in part) with public information that blows GRU covers and operating methods and, frankly, makes them look clumsy and incompetent.

These disclosures are the latest in a string of disasters for the GRU, a military spy service known for its panache and daring. Now, we should add sloppiness to that list of operational trademarks. The GRU’s spycraft occasionally looks closer to TV’s Maxwell Smart than John le Carre’s vaunted fictional spymaster, Karla.

The latest expose of the GRU’s not-so-secret tradecraft came Tuesday, when a British investigative group shredded a layer of the lies surrounding Russia’s attempt to poison former agent Sergei Skripal in March. It was the equivalent of the tough guy in the trench coat getting caught with his undershorts around his ankles.

Bellingcat, as the group calls itself, presented photographic evidence showing that a suspect in the Skripal attack, who the Russians had claimed was a tourist named Petrov who worked in the sports nutrition business, is really a GRU doctor named Alexander Mishkin. Last month, Bellingcat had exposed another suspect, whose cover identity was “Ruslan Boshirov,” as GRU Col. Anatoliy Chepiga.

The most detailed exposures of GRU tradecraft came in a Justice Department indictment that was unsealed Oct. 4, in tandem with supporting statements from Britain and the Netherlands. The indictment, which named seven GRU officers, included details about Russian spy operations that could only have been collected by the CIA and National Security Agency and its foreign partners. (Three of the Russians had also been named in July’s indictment of 12 GRU officers for meddling in the 2016 U.S. presidential election.)

Last week’s indictment is a treasure trove for spy mavens. One GRU hacking operation sought to sabotage the World Anti-Doping Agency’s effort to punish Russia for systematically drugging its Olympic athletes; a second, chilling GRU hack stole information from Westinghouse about advanced U.S. nuclear-reactor technology. A third targeted two investigations of the Novichok nerve agent used in the Skripal hit, one by an international chemical weapons group in The Hague and another by a chemical laboratory in Switzerland. These were brazen operations; but they were also messy.

The dry pages of the indictment reveal tradecraft secrets that could animate a half-dozen spy novels. The GRU operatives used spoof websites to “spearphish” victims into revealing login information (creating a “westinqhousenuclear.com” site, with the misspelled “q,” for example). They made payments in Bitcoin and other cryptocurrencies. (Weren’t those supposed to be untraceable?) They used malware tools with names like “Gamefish,” “Chopstick” and “X-tunnel.” They dumped their hacked information by sending direct messages on Twitter to 116 reporters and exchanging emails with 70 journalists.

For the last few years, the CIA, NSA and FBI have watched as hackers and whistleblowers (perhaps with a helping hand from Moscow) revealed the agencies’ hacking techniques. For U.S. intelligence officials, revenge is a dish best eaten cold.

The most astonishing disclosure came from the Dutch, who caught four GRU officers red-handed in The Hague as they were hacking the headquarters of the Organization for the Prohibition of Chemical Weapons. As Dutch intelligence officers intervened, “the conspirators abandoned their equipment,” including a backpack and other gear that revealed techniques and a string of other operations, according to the indictment. The Dutch even found a taxi receipt showing that a member of the team had left the rear entrance of the GRU headquarters in Moscow and headed to the airport.

The implicit message in all of this: If you hit us, one of the ways we will retaliate is by exposing your operatives, sources and methods. There are other reprisals underway, but these public disclosures undermine the GRU’s operational capabilities. And they must make the Russian spy service wonder: What else do the Americans and their allies know? If agent A is blown, then what about his colleagues B, C, and D.

The CIA and its foreign allies don’t normally like to reveal secrets like these, because they reveal how much they know about their adversary. The revelations are a public warning to Putin: Knock it off, you’re more vulnerable than you think.

David Ignatius’ email address is davidignatius@washpost.com.

Talk to us

> Give us your news tips.

> Send us a letter to the editor.

> More Herald contact information.

More in Opinion

toon
Editorial cartoons for Thursday, March 28

A sketchy look at the news of the day.… Continue reading

Initiative promoter Tim Eyman takes a selfie photo before the start of a session of Thurston County Superior Court, Wednesday, Feb. 10, 2021, in Olympia, Wash. Eyman, who ran initiative campaigns across Washington for decades, will no longer be allowed to have any financial control over political committees, under a ruling from Superior Court Judge James Dixon Wednesday that blasted Eyman for using donor's contributions to line his own pocket. Eyman was also told to pay more than $2.5 million in penalties. (AP Photo/Ted S. Warren)
Editorial: Initiative fee increase protects process, taxpayers

Bumped up to $156 from $5, the increase may discourage attempts to game the initiative process.

Protecting forests and prevent another landslide like Oso

Thank you for the powerful and heartbreaking article about the Oso landslide… Continue reading

Boeing’s downfall started when engineers demoted

Boeing used to be run by engineers who made money to build… Continue reading

Learn swimming safety to protect kids at beach, pool

Don’t forget to dive into water safety before hitting the pool or… Continue reading

Comment: Why shootings have decreased but gun deaths haven’t

High-capacity magazines and ‘Glock switches’ that allow automatic fire have increased lethality.

Washington state senators and representatives along with Governor Inslee and FTA Administrator Nuria Fernandez break ground at the Swift Orange Line on Tuesday, April 19, 2022 in Lynnwood, Washington. (Olivia Vanni / The Herald)
Editorial: Community Transit making most of Link’s arrival

The Lynnwood light rail station will allow the transit agency to improve routes and frequency of buses.

An image of Everett Mayor Cassie Franklin is reflected in a storefront window during the State of the City Address on Thursday, March 21, 2024, at thee Everett Mall in Everett, Washington. (Ryan Berry / The Herald)
Editorial: State of city address makes case for Everett’s future

Mayor Franklin outlines challenges and responses as the city approaches significant decisions.

FILE - The massive mudslide that killed 43 people in the community of Oso, Wash., is viewed from the air on March 24, 2014. (AP Photo/Ted S. Warren, File)
Editorial: Mapping landslide risks honors those lost in Oso

Efforts continue in the state to map areas prone to landslides and prevent losses of life and property.

toon
Editorial cartoons for Wednesday, March 27

A sketchy look at the news of the day.… Continue reading

Burke: ‘Why not write about Biden, for once?’ Don’t mind if I do.

They asked; I’ll oblige. Let’s consider what the president has accomplished since the 2020 election.

Comment: Catherine missed chance to dispel shame of cancer

She wasn’t obligated to do so, but she might have used her diagnosis to educate a sympathetic public.

Support local journalism

If you value local news, make a gift now to support the trusted journalism you get in The Daily Herald. Donations processed in this system are not tax deductible.