Ignatius: West catching and exposing Russia’s GRU hackers

The GRU is known for its panache and daring, but now it’s also known as sloppy — and now compromised.

By David Ignatius

One of the most satisfying moments in any spy thriller is when the bad guy — the black-hat operative who has been killing and tormenting his adversaries — does something dumb and gets caught. That’s essentially what’s been happening recently with Russian President Vladimir Putin’s pet spy agency, the GRU.

What’s fascinating about the GRU revelations is that they seem to reflect an aggressive pushback after several years in which Putin (chiefly through the GRU) launched recklessly aggressive covert actions against the West. The West is retaliating (at least in part) with public information that blows GRU covers and operating methods and, frankly, makes them look clumsy and incompetent.

These disclosures are the latest in a string of disasters for the GRU, a military spy service known for its panache and daring. Now, we should add sloppiness to that list of operational trademarks. The GRU’s spycraft occasionally looks closer to TV’s Maxwell Smart than John le Carre’s vaunted fictional spymaster, Karla.

The latest expose of the GRU’s not-so-secret tradecraft came Tuesday, when a British investigative group shredded a layer of the lies surrounding Russia’s attempt to poison former agent Sergei Skripal in March. It was the equivalent of the tough guy in the trench coat getting caught with his undershorts around his ankles.

Bellingcat, as the group calls itself, presented photographic evidence showing that a suspect in the Skripal attack, who the Russians had claimed was a tourist named Petrov who worked in the sports nutrition business, is really a GRU doctor named Alexander Mishkin. Last month, Bellingcat had exposed another suspect, whose cover identity was “Ruslan Boshirov,” as GRU Col. Anatoliy Chepiga.

The most detailed exposures of GRU tradecraft came in a Justice Department indictment that was unsealed Oct. 4, in tandem with supporting statements from Britain and the Netherlands. The indictment, which named seven GRU officers, included details about Russian spy operations that could only have been collected by the CIA and National Security Agency and its foreign partners. (Three of the Russians had also been named in July’s indictment of 12 GRU officers for meddling in the 2016 U.S. presidential election.)

Last week’s indictment is a treasure trove for spy mavens. One GRU hacking operation sought to sabotage the World Anti-Doping Agency’s effort to punish Russia for systematically drugging its Olympic athletes; a second, chilling GRU hack stole information from Westinghouse about advanced U.S. nuclear-reactor technology. A third targeted two investigations of the Novichok nerve agent used in the Skripal hit, one by an international chemical weapons group in The Hague and another by a chemical laboratory in Switzerland. These were brazen operations; but they were also messy.

The dry pages of the indictment reveal tradecraft secrets that could animate a half-dozen spy novels. The GRU operatives used spoof websites to “spearphish” victims into revealing login information (creating a “westinqhousenuclear.com” site, with the misspelled “q,” for example). They made payments in Bitcoin and other cryptocurrencies. (Weren’t those supposed to be untraceable?) They used malware tools with names like “Gamefish,” “Chopstick” and “X-tunnel.” They dumped their hacked information by sending direct messages on Twitter to 116 reporters and exchanging emails with 70 journalists.

For the last few years, the CIA, NSA and FBI have watched as hackers and whistleblowers (perhaps with a helping hand from Moscow) revealed the agencies’ hacking techniques. For U.S. intelligence officials, revenge is a dish best eaten cold.

The most astonishing disclosure came from the Dutch, who caught four GRU officers red-handed in The Hague as they were hacking the headquarters of the Organization for the Prohibition of Chemical Weapons. As Dutch intelligence officers intervened, “the conspirators abandoned their equipment,” including a backpack and other gear that revealed techniques and a string of other operations, according to the indictment. The Dutch even found a taxi receipt showing that a member of the team had left the rear entrance of the GRU headquarters in Moscow and headed to the airport.

The implicit message in all of this: If you hit us, one of the ways we will retaliate is by exposing your operatives, sources and methods. There are other reprisals underway, but these public disclosures undermine the GRU’s operational capabilities. And they must make the Russian spy service wonder: What else do the Americans and their allies know? If agent A is blown, then what about his colleagues B, C, and D.

The CIA and its foreign allies don’t normally like to reveal secrets like these, because they reveal how much they know about their adversary. The revelations are a public warning to Putin: Knock it off, you’re more vulnerable than you think.

David Ignatius’ email address is davidignatius@washpost.com.

Talk to us

More in Opinion

Editorial cartoons for Saturday, Dec. 4

A sketchy look at the news of the day.… Continue reading

Robert J. Sutherland (Washington State House Republicans)
Editorial: State House covid rules won’t exclude GOP lawmakers

A requirement for vaccination only means those unvaccinated will have to attend sessions remotely.

Cory Armstrong-Hoss
Cory Armstrong-Hoss: Postcards from out-of-town Thanksgiving

A holiday with parents and siblings means plenty of food, family, games and, of course, gratitude.

A ‘Christmas Carol’ for our times

A “Carol for Another Christmas” is worth viewing this holiday season. Scripted… Continue reading

Comment: Supreme Court nomination may have saved Roe in 1992

David Souter, who would prove to be the swing vote in a case, nearly withrdrew his nomination in 1990.

Comment: Threat to global democracy isn’t China or Russia

Democracies struggling with their own autocratic challenges need to work at small, regional goals.

Jack Ohman, Sacramento Bee
Editorial cartoons for Friday, Dec. 3

A sketchy look at the news of the day.… Continue reading

An artist's rendering shows features planned for the first floor of an expansion of the Imagine Children's Museum. The area will include a representation of the old bicycle tree in Snohomish and an outdoorsy Camp Imagine. (Imagine Children's Museum)
Editorial: GivingTuesday offers chance to build better future

Organizations, such as Imagine Children’s Museum, need our support as we look past the pandemic.

School-age lead Emilee Swenson pulls kids around in a wagon at Tomorrow’s Hope child care center on Tuesday, Sept. 7, 2021 in Everett, Washington. A shortage of child care workers prompted HopeWorks, a nonprofit, to expand its job training programs. Typically, the programs help people with little or no work experience find a job. The new job training program is for people interested in becoming child care workers. (Andy Bronson / The Herald)
Editorial: Everett must make most of pandemic windfall

Using federal funds, the mayor’s office has outlined $20.7M in projects to address covid’s impacts.

Most Read