At one-minute past midnight on 4thOctober 2018 a statement came out from the British Government saying that the National Cyber Security Centre (NCSC) had “identified that a number of cyber actors widely known to have been conducting cyber-attacks around the world are, in fact, the GRU.”
The GRU is the Russian Military Intelligence organisation also known as the Main Intelligence Directorate who have been accused of being responsible for the assassination attempt on Sergei Skripal in Salisbury in March this year.
Since then, the British Prime Minister Teresa May has openly accused the GRU of their involvement in the attack, saying the two attackers, Alexander Petrov and Ruslan Boshirov had flown into Gatwick on 02 March and out of Heathrow on 04 March and these names were almost certainly pseudonyms.
The investigative journalism website Bellingcat went on to expose the real identity of the man who travelled under the name Ruslan Boshirov as Colonel Anatoliy Chepiga, a highly decorated GRU Officer who had received the Hero of the Russian Federation award in 2014.
In what Philip Ingram MBE a former British Colonel in British Military Intelligence believes is a swipe at the GRU the head of the Russian Foreign Intelligence Service, Sergey Naryshkin, when he said the Salisbury attack was “unprofessionally done.”
Almost sensing the GRU is ‘on the ropes’, openly outed for the Skripal attack, embarrassed by the ease with which investigative journalists with Bellingcat managed to expose serious flaws in the administration of their secret agents and expose the real identity of one of their highly decorated agents, linking him to Salisbury, for the first time, the UK authorities have come out fighting.
What is the GRU accused of this time?
The NCSC has attributed a number of recent attacks to the GRU. The October 2017, BadRabbit ransomware attack encrypted hard drives and rendered IT inoperable. This caused disruption including to the Kyiv metro, Odessa airport, but was almost an own goal as it also caused disruption at Russia’s central bank and two Russian media outlets. NCSC assess with high confidence that the GRU was almost certainly responsible.
In August 2017, confidential medical files relating to a number of international athletes, including the cyclist Sir Bradley Wiggins were released. WADA stated publicly that this data came from a hack of its Anti-Doping Administration and Management system. NCSC assess with high confidence that the GRU was almost certainly responsible.
In 2016, the Democratic National Committee (DNC) was hacked and documents were subsequently published online. NCSC assess with high confidence that the GRU was almost certainly responsible.
Of interest in July 2018 the team of special investigator Robert Mueller named 12 apparent GRU officers over the alleged hacking and leaking of Democratic party emails.
Between July and August 2015, multiple email accounts belonging to a small UK-based TV station were accessed and content stolen. NCSC assess with high confidence that the GRU was almost certainly responsible.
This is not the first time the GRU has been accused.
In June 2017 a destructive cyber attack targeted the Ukrainian financial, energy and government sectors but spread further affecting other European and Russian businesses. The UK Government attributed this attack to the GRU in February 2018. NCSC assess with high confidence that the GRU was almost certainly responsible.
In October 2017, VPNFILTER malware infected thousands of home and small business routers and network devices worldwide. The infection potentially allowed attackers to control infected devices, render them inoperable and intercept or block network traffic
In April 2018, the NCSC, FBI and Department for Homeland Security issued a joint Technical Alert about this activity by Russian state-sponsored actors.
The Foreign Secretary, Jeremy Hunt said:
“These cyber attacks serve no legitimate national security interest, instead impacting the ability of people around the world to go about their daily lives free from interference, and even their ability to enjoy sport.
“The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens. This pattern of behaviour demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences.
“Our message is clear: together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.”
The UK is not alone with accusing the GRU and last night the Australians came out to support the UK statement. Of note, the Australians are part of the 5 eyes community. This is an intelligence-sharing community of the US, UK, Canadians, Australians and New Zealand.
Timing is of interest as it is almost certainly a swipe at President Putin, waning him off interfering with the US midterm elections due on 6thNovember 2018.
The UK Prime Minister said in Parliament on 5 September 2018, the UK will work with our allies to shine a light on the activities of the GRU and expose their methods. Her dancing queen speech in Birmingham is turning into her Rocky Balboa attack on the GRU, for the first time she is taking the fight to the Russians.
The announcement this morning by the Major General Onno Eichelsheim from the Dutch MIVD intelligence service regarding the expulsion of 4 GRU agents who were targeting the OPCW in the Netherlands is significant in it shows the international community joining Teresa May in ‘the ring’ helping with the fight against the Russians in an unprecedented way. Of significance, what is being exposed are some very bad ‘drills’ by the GRU operatives and this reinforces Sergey Naryshkin comments that the Skripal attack was ‘unprofessionally done.’
Note: This blog is written by Philip Ingram MBE, a former Colonel in British Military Intelligence, who was based near Salisbury and has assessed Russian activity for many years. If you would like any further comment from Philip, please contact him by clicking HERE
It is not every day that a quiet little English city is caught in the grips of a story that would be a page-turner in any spy novel, where the readers would be sceptical that what was being written about could actually happen. Well, it did, with the tragic death of Dawn Sturgess and the hospitalisation of Charlie Rowley, Nick Bailey, Yulia Skripal and her father, the intended target of a nerve agent attack, former Russian GRU Colonel, Sergei Skripal.
I am someone who has commanded an intelligence unit with a capability to covertly monitor Russian national intelligence operations, has studied organic chemistry and nuclear science related to defence against chemical, biological, radiological and nuclear weapons, at both degree and master’s degree level. Having been a military intelligence officer and also a Colonel, I have the experience and knowledge of all aspects of the decision-making process leading up to the attack on Sergei Skripal, how it would be planned, executed and the actions the Russian government has taken since then. It is classic spy story stuff and I am pretty certain my assessments of what happened, why it happened, and more, are accurate.
Having been asked for my opinion on Salisbury by press outlets ranging from Japanese newspapers, to European, Canadian and Australian TV and radio, as well as the usual CNN, BBC, mainstream UK newspapers and bizarrely by several Russian broadcasters, I thought I would put the key points into one blog, bringing together the threads of my previous blogs. Please feel free to scroll back and read them.
Why Sergei Skripal?
The most important point to start with is the reason for the attack on Sergei Skripal. It was not done first and foremost to kill him. If that was the motivation then he would have been shot, stabbed or had a car accident. Sergei Skripal was a vehicle used to send a message to any Putin dissenters across the globe that he could get them anywhere, any time and in a horrible way. Prime Minister May hinted to this in an answer to a question after her statement in the House of Commons on 5thSep 2018.
The second reason was to stir a nationalistic fervour into his Presidential campaign domestically by having a reason to say the west was attacking poor Russia. Remember the attack happened exactly 14 days before the Russian Presidential election and opposition parties and oligarchs were becoming more threatening to Mr Putin’s position and his desire for an increased majority.
Sergei Skripal was chosen because Salisbury in next to DSTL Porton Down, the UK’s chemical defence laboratory and this allowed an element of plausible deniability where President Putin could claim that this was set up to undermine him in the eyes of the international community.
Of note, this is exactly the messaging that came out in the immediate aftermath of the attack. The Russians have a doctrine called маскировка (maskirovka) which is all about ‘masking’ or deception and is central to all they do. The Russian people have an unhealthy belief in conspiracy theories and that the west is out to get them no matter what and this played into President Putin’s domestic messaging.
How did Petrov and Boshirov do what they did?
Alexander Petrov and Ruslan Boshirov (almost certainly not their real names) are alleged to have carried out a nerve agent attack in Salisbury in March, which poisoned Sergei and Yulia Skripal and have been charged by the Crown Prosecution Service, resulting in an INTERPOL Red notice being issued alongside a European Arrest Warrant.
Assistant Commissioner Neil Basu from the MET police counter-terrorism unit, said the suspects were in the UK only briefly, flying in from Moscow on Friday 2ndMarch, staying for two nights at the City Stay Hotel on Bow Road in East London, and flew back to Moscow on Sunday 4thMarch, the day they carried out the attack on Sergei Skripal’s house.
The men took a train to Salisbury on Saturday 3rdMarch “for reconnaissance of the Salisbury area.” They then returned the next day to carry out the poisoning. The police said closed-circuit television recordings showed the men near Sergei Skripal’s house and have found minute traces of Novichok in their Bow Road hotel room. It is worth noting that big chunks of their time have not been accounted for.
Prime Minister May firmly stated that the two suspects belonged to the Russian military intelligence organisation, the GRU (or Main Intelligence Directorate). Her choice of words, clearly stating that they were GRU agents, after stating that their names were probably false, strongly suggests that the UK Intelligence agencies know their real identities and therefore links to the GRU.
How would this operation have been planned and executed?
Under a 2006 Russian Federation law, extrajudicial assassinations by agents of the Kremlin need be approved only by the Russian head of state, without reference to others and the GRU will keep an up to date list of those they believe should be targeted including Western spies, political dissenters and others.
Colonel General Igor Valentinovich Korobov, head of the GRU will be no stranger to President Putin, appointed in 2016 by him and made a Hero of the Russian Federation in 2017 he will be a regular advising President Putin on difficult and delicate matters such as Eastern Ukraine, Crimea, Syria and will almost certainly be someone President Putin will use for advice and options in dealing with concerns.
President Putin will have been concerned that his dealing with Alexei Navalny, the Russian opposition leader, ensuring his criminal conviction meant he couldn’t run against him, had stirred up further dissent but this time in more powerful and wealthy oligarchs who until then had remained silent. Putin will have asked Korobov to look at options to send dissenters a clear message.
Messaging is a clear tactic used by Russia and the Alexander Litvinenko case will have shown the GRU the wider messaging impact of using novel assassination methods. GRU scientists will have been trialling many different methods of assassination in their labs that resemble those of Q in the James Bond movies, including the use of nerve agents. The use of a Nerve Agent as an assassination method was demonstrated by 2 alleged North Korean women in Kuala Lumpur Airport in 2016 when Kim Jong Nam, half-brother to the North Korean leader Kim Jong Un, was assassinated with an agent identified as VX and the assassins remained safe. This methodology could have been Russian inspired as a ‘field trial’ as there are some unexplained links between Russia and North Korea!
Novichok, a more potent, safer to handle, less detectable and more persistent agent than VX, works in the same way. It poisons the nervous systems ‘off’ switch and is absorbed slowly through the skin. Immediate treatment is using Atropine and similar drugs widely available in any hospital A&E. Its slow action and dramatic effect was the perfect choice to send a message that this was from the Russians but with plausible deniability using маскировка (maskirovka) by choosing a target near to a Western chemical defence establishment. Hence why Sergei Skripal came to the fore.
Once he had been identified as the vehicle to be used to send the message, his electronic life will have been hacked as well as that of his daughter Yulia so they could be constantly watched and a pattern of life study carried out. The Foreign Intelligence Service (SVR) station in the Russian embassy in London will have been tasked to carry out a reconnaissance of Sergei Skripal to update national records and monitor his movements over at least a week-long period at the end of February. That report will have been passed to the GRU and formed the basis of Alexander Petrov and Ruslan Boshirov’s trip to Salisbury on 3rdMarch for them to confirm the detail prior to the assassination attempt trip on 4thMarch.
Prior to flying to the UK, Alexander Petrov and Ruslan Boshirov will have been practising the application of Novichok to a door handle and the removal of protective gloves with the live agent, they will have been learning how to administer the anti-nerve agent drug, Atropine, to themselves should they become accidentally contaminated. They will have been rehearsing their assassination attempt. They will likely have brought the Novichok, already sealed in the modified fake Nina Ricci ‘Premier Jour’ perfume bottle in a Russian chemical warfare laboratory, into the country in their hand luggage.
Their trip to Salisbury on 3rdMarch will have been to check aspects of the SVR pattern of life study and possibly get briefed by the SVR team themselves. So that they could return alone on 4thMarch and apply the deadly Novichok to Sergei Skripals front door.
After they applied the Novichok they will have removed their protective gloves but accidentally dropped the fake Nina Ricci ‘Premier Jour’ perfume bottle with a specially made poison applicator, as they put it back into its cover. Knowing just how deadly the substance was they left, hoping no one would find it. This act was simply a cock up. Their gloves and other contaminated items will have been put into a bin in Salisbury, taken to landfill by unwitting council workers the next day. It was that accidentally dropped bottle that Charlie Rowley found and took home to his girlfriend Dawn.
Putin and the GRU will have been surprised at the tenacity of the UK’s counter-terror police and Security Services investigation and the level of detail they have managed to ascertain. The public exposure of Alexander Petrov and Ruslan Boshirov and the strong indications that the UK Government knows their real identities has forced the Russians into what was an embarrassing interview with the Russian state-funded RT network.
The reason for the interview is not to appease the international community or provide a credible story but it is a standard tactic as part of the маскировка (maskirovka) campaign, this time aimed at the Russian domestic audience who are becoming wary of Putin’s performance. The Russians have a word, враньё(vranyo), which means to tell a lie without expecting to be believed. the lie is told purely to save face knowing they won’t be challenged. This tactic unsurprisingly was common practice in the Soviet era.
What are we missing?
However, there are subtilty’s in the investigation and what has been released and what hasn’t been released that allows what I will caveat as speculation, but argue it is informed speculation.
There has been just enough information, including CCTV stills shown to the general public to back the Crown Prosecution Service charges and the statement by the Prime Minister in the House of Commons. It is almost certain there is a lot more information not yet released.
There will be a lot more CCTV from both the Saturday 3rdMarch and Sun 4thMarch trips that will give a greater insight to Petrov and Boshirov’s movements around Salisbury that hasn’t been released. The police will have made an assessment as to what happened to the protective clothing, as a minimum, pairs of gloves Petrov and Boshirov would have worn to carry out the attack. These will be contaminated.
There is no statement as to where the fake Nina Ricci ‘Premier Jour’ perfume bottle was found by Charlie Rowley and how it remained unaccounted for, for so long. There is no statement to Petrov and Boshirov’s movements in London and how the Bow hotel was identified, or why traces of Novichok from a sealed container would have been found there? There has been no assessment as to the hours unaccounted for on both 3rdand 4thMarch as Petrov and Boshirov walked around Salisbury.
Why is this being kept from us? The basic answer is, we don’t need to know. I would speculate that the SVR team who carried out the pattern of life study on Sergei Skripal have possibly been identified by the UK intelligence agencies and there is a distinct possibility at least one of them lives in the Salisbury area. If that is the case, they will be running an operation to target individuals and turn them to become double agents for the UK. This I know sounds very James Bond like, but is the day to day role of counterintelligence officers in MI5 and Intelligence officers in MI6. I have seen these types of operation.
Who are the GRU?
They are Russia’s military intelligence service and one of three of Russia’s intelligence agencies whose activities often overlap – the others are the Federal Security Services (FSB) and the Foreign Intelligence Services (SVR). The FSB has a broader remit, including counter-terrorism, border control and domestic surveillance, but all the agencies are in competition for resources and funding.
The GRU came back in favour with Russia’s annexation of Crimea in 2014, activities in Eastern Ukraine and in Syria as they own a special forces element called the Spetsnaz. They also have historically been responsible for assassinations, espionage and cyber warfare around the world.
The GRU also have a direct-action special forces capability in their ranks called Spetsnaz GRU. It is individuals from these unite we have almost certainly seen in Crimea, Eastern Ukraine and in Syria.
What is Novichok?
Novichok (новичок meaning “newcomer” or “newbie”) are a series of organophosphate-based nerve agents. They were designed by the Russians in the 1970’s and 80’s as they sought to produce a binary chemical warfare agent whose constituent parts would fall out with the chemicals that were to be banned in the International Probation of Chemical Weapons Convention, that was in its diplomatic infancy at the time.
A binary device consists of two ‘safe’ compounds that when mixed together form the nerve agent but on their own are little or no danger. An organophosphate nerve agent is one that works on attacking the chemical switch inside every nerve cell in your body that turns the nerve cell off after being stimulated. That chemical switch is an enzyme called acetylcholinesterase and nerve agents to destroy the body’s ability to synthesise that enzyme.
Nerve agents fall into 3 persistence categories, non-persistent, eg Sarin (used by Assad in Syria), which has the consistency of petrol and evaporates relatively quickly; persistent agents eg Vx (used to assassinate Kim Jong Nam (Kim Jong Un’s half-brother) in Kuala Lumpur airport last year and has the consistency of engine oil; and very persistent such as Novichok that can be in a solid, powder or treacle level of consistency.
Aside from Sarin, the primary method of absorption for nerve agents into the body is through the skin, so it is unlikely that you would know that you have been contaminated with this the colourless, odourless substance until you start to exhibit symptoms.
The symptoms can build slowly for low exposure or come on rapidly for high dose exposure and include: Runny nose and eyes, small pupils or blurry vision, coughing, chest tightness, wheezing, or shortness of breath, nausea and vomiting, abdominal pain or diarrhoea, fatigue, headache, or sweating, muscle twitching or a seizure, leading to collapse, respiratory failure and death.
Nerve agents are designed to cause casualties first and foremost to overwhelm evacuation and medical facilities on the battlefield and to deny ground through a sort of chemical minefield.
What will happen next?
In reality very little – the sabre rattling will continue, if there is sufficient international support then the only way Putin can be hurt is by freezing the assets of his oligarch supporters and aiding Russian opposition parties; play them at their own game but do it within the international rule of law.
Will it happen? Unlikely, as the Russian influence into western governments is much greater than we realise. The Mueller enquiry in the US will expose some but closer to home the Nord Stream 2 gas pipeline providing Russian Gas to Germany shows the economic interdependence that politicians won’t want to destabilise.
President Putin is currently sitting behind his grand desk in Moscow, with a very large glass of the best vodka on ice, stroking a white cat on his knee, knowing he has won yet again.
Note: This blog is written by Philip Ingram MBE, a former British Army Intelligence Officer and Colonel, who was based near Salisbury in the past. If you would like any further comment from Philip, please contact him by clicking HERE
Recent Comments