GRU: Attack dog of Russian intelligence

The storyline's straight out of a spy thriller: two men allegedly dispatched from Moscow to eliminate a defe...

Posted: Sep 9, 2018 12:33 PM
Updated: Sep 9, 2018 12:33 PM

The storyline's straight out of a spy thriller: two men allegedly dispatched from Moscow to eliminate a defector in a quiet English city -- but leaving traces of their movements everywhere to be painstakingly recreated by the intrepid British police.

British Prime Minister Theresa May went into great detail about the movements of the two middle-aged men on their brief visit to England in March. They entered the country using aliases, as Alexander Petrov and Ruslan Boshirov. They twice visited Salisbury, and, she says, on the second trip they applied the deadly nerve agent Novichok to the front door of Sergei Skripal's home, before carelessly discarding a perfume bottle adapted to carry the poison.

2018 Russian spy poisoning

Continents and regions

Digital crime

Digital security

Eastern Europe

England

Europe

Government and public administration

Government bodies and offices

Government departments and authorities

Intelligence services

International relations

International relations and national security

London

Misc people

Moscow

North America

Northern Europe

Political Figures - Intl

Russia

Sergei Skripal

Technology

The Americas

Theresa May

United Kingdom

United States

Animals and society

Crime, law enforcement and corrections

Criminal offenses

Diseases and disorders

Elections (by type)

Elections and campaigns

Health and medical

National security

Politics

Society

2016 Presidential election

Political candidates

US Presidential elections

Biological and chemical weapons

Military weapons

Weapons and arms

Weapons of mass destruction

That same evening, according to May, the duo left London's Heathrow airport on a return flight to Moscow.

May said the UK intelligence services had established that both were officers of Russian military intelligence (the GRU).

"Were these two suspects within our jurisdiction there would be a clear basis in law for their arrest for murder," May added, following the death of Dawn Sturgess when she came into contact with the disposed Novichok.

Inevitably, Kremlin spokesman Dmitry Peskov dismissed May's account, saying that "neither top Russian authorities nor the lower-ranking authorities or any other officials had anything to do with the Salisbury events."

In a rare interview earlier this year with a Russian Defense Ministry newspaper, a former head of the GRU, Fyodor Ladygin, said: "The Russian intelligence agency where I had the honor to work for many years... never resorted to such heinous acts as the ones that Britain is trying to implicate it in."

But May's account assembled evidence that brought strong support from the UK's allies in the UN Security Council. So the question is: were these alleged agents incompetent -- or just indifferent to being discovered? Did Russia want the world to know, yes, we did it? Are its operatives careless or is deniability deemed unnecessary?

The Main Directorate

While still commonly referred to as the GRU (Glavnoe Razvedyvatelnoe Upravlenie) or Main Intelligence Directorate, the agency actually changed its name to the Main Directorate (GU) in 2010. It very much sits within the military sphere; its head -- currently Igor Korobov -- reports to the Chief of the General Staff and Defense Minister.

In her statement on Wednesday, May described the GRU as as a "highly disciplined organization." But it's an agency where tradecraft is sometimes optional or sparingly applied. Digitally or otherwise, it leaves fingerprints. And it may not care.

Mark Galeotti of the Institute of International Relations in Prague and a seasoned watcher of the Russian security services, says the GRU is not like Russia's other intelligence services because it's essentially a "war-fighting instrument which is mission-oriented."

In the eyes of the GRU, says Galeotti, "the biggest sin is not to take advantage of an opportunity." It takes risks and is aggressive.

"By contrast, the foreign intelligence service or SVR is more like MI6, a white-collar organization with diplomatic cover that is risk-averse," Galeotti says.

The Skripal case

"Petrov" and "Boshirov" didn't take steps to camouflage their travel. They flew direct from Moscow on Russian passports, Britain's Crown Prosecution Service said. They used public transport in England, where there are almost as many surveillance cameras as there are passengers.

Critically they stayed in a budget hotel where, according to British authorities, minute traces of Novichok were later found. They appear to have gone everywhere together, making them much easier to pick out for the detectives wading through more than 11,000 hours of surveillance video.

Britain's Security Minister Ben Wallace said the duo had failed in their mission (if it was to kill Skripal.) "They couldn't run a bath in the GRU," Wallace told British media Thursday. Conservative MP Johnny Mercer tweeted after May's disclosures: "I hope this toilet tradecraft will help reduce perception that Russia is some intelligence/military behemoth to be cowered from."

But such scorn may miss the point.

The attack was meant to send a broader message to the UK government, says Galeotti. The Russians believed Sergei Skripal, a former GRU officer who arrived in the UK with a pardon as a result of a spy swap in 2010, was active again -- with the connivance or encouragement of the UK intelligence services. And that -- to Moscow -- was out of order.

Whether the GRU proposed the operation or was directed to carry it out by the Kremlin will probably never be known, adds Galeotti. But he has no doubt that such an attack would have required a green light at a very high level.

Had such an audacious operation not been approved from above, there would have been consequences in the form of "unexpected retirements" at the GRU, Galeotti concludes. His sources suggest the agency remains "one of the favorite sons" of President Vladimir Putin.

Guccifer 2.0

The GRU has certainly been throwing its weight around in recent years and is an active participant in what the Chief of the General Staff, Valery Gerasimov, described in 2013 as a new form of warfare through "political, economic, informational, humanitarian, and other non-military measures."

That has included an enthusiastic embrace of cyber-warfare. Thomas Rid, currently a Professor of Strategic Studies at Johns Hopkins University, told a US Senate panel last year that "by early 2015, GRU was targeting military and diplomatic entities at high tempo, especially defense attachés world-wide. Among the targets are numerous senior US military officers and defense civilians."

At the beginning of 2017, the US intelligence community released a report firmly tying the GRU to the hacking of Democratic Party email accounts in the previous year's US election campaign.

That report concluded: "We assess with high confidence that Russian military intelligence (General Staff Main Intelligence Directorate or GRU) used the Guccifer 2.0 persona and DCLeaks.com" to distribute hacked material.

The operation had begun by March 2016, according to the declassified version of the report.

Subsequently, the US Special Prosecutor's office, in a detailed indictment, identified 12 GRU officers as being involved in the hacking, saying that the "GRU had multiple units, including Units 26165 and 74455, engaged in cyber operations." Several of the officers used a GRU malware called X-Agent.

The indictment included the addresses in Moscow where these units worked, and the online aliases used by some of the officers. Prosecutors say they were also able to trace the hackers' lease of a server in Arizona and their inability on one occasion to connect to X-Agent.

Among other examples of careless tradecraft, according to the indictment, the GRU officers "operated the @dcleaks_ Twitter account from the same computer used for other efforts to interfere with the 2016 US presidential election."

Rid notes that the sort of hacking infrastructure repeatedly used by the GRU "allowed investigators to link the DNC breach to other breaches with high confidence, particularly to the German Bundestag hack" in 2015.

Again, it seems that results -- sowing disruption -- were more important than perfect tradecraft.

The Dutch intrusion

It's not only the GRU whose work has left fingerprints. Part of the US intelligence assessment early in 2017 appears to have been based on an extraordinary intrusion into the work of the Russian intelligence services by the Dutch agency AIVD.

While the agency itself won't comment on its works, Dutch and other media say the AIVD's Joint Sigint Cyber Unit penetrated the computer network at a university building next to Red Square in Moscow.

Later, according to a source familiar with Dutch operation, AIVD discovered the network was run by a Russian hacker group known as "Cozy Bear," which has been involved in multiple hacking attacks on governments and companies for more than a decade.

The Dutch analysts deduced that Cozy Bear was a creature of the Russian Foreign Intelligence Service, the SVR. It was their work that tipped off the US about Russia's foray into the 2016 election.

'Big boots'

The degree of cooperation and competition among Russian intelligence agencies ebbs and flows. Galeotti says the SVR and the domestic security service, the FSB, may share disdain for the "big boots" of the GRU, but it is unlikely any agency would actively impede the work of another.

The GRU has been an important player in eastern Ukraine, supporting the separatists with weapons procurement and training. Galeotti told CNN the GRU is ideally suited to acting in the region because it includes many former members of the Russian special forces, or Spetsnaz. The conflict in Ukraine was the perfect environment for an agency comfortable in lawless foreign regions and war zones. A number of former GRU officers have been sanctioned by the US Treasury for their activities in Ukraine and Crimea.

The agency was also linked to a failed attempt to overthrow Montenegro's government on the eve of parliamentary elections in October 2016. Montenegro's chief special prosecutors says Russia was involved in that plot and also one to kill the country's then prime minister. Kremlin spokesman Dmitry Peskov called the allegations "absurd."

Galeotti believes the GRU was tasked with the effort in an attempt to prevent Montenegro from joining NATO. Within the last week, Estonia has arrested two men for supplying classified information and state secrets to the GRU over a period of five years, receiving undisclosed payments in return. One of them is a former artillery officer in the Estonian Defense Forces.

Whether the GRU has been effective with its "big boots" is open to question. The shooting down of MH17 rallied western governments behind a hard line on sanctions against Russia over its intervention in Ukraine. The Skripal affair united many governments in expelling Russian diplomats. Montenegro went ahead and joined NATO -- just what Russia didn't want.

Shortly before his death in 1952, Soviet leader Joseph Stalin convened a meeting to reorganize the country's intelligence services. According to historical accounts of that meeting, Stalin said: "In intelligence, one should never work by launching an attack up front. Intelligence should be active in a roundabout way. Otherwise there will be failures and serious failures."

The GRU seems to have adopted a different philosophy.

Minnesota Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 90017

Reported Deaths: 2017
CountyConfirmedDeaths
Hennepin25857922
Ramsey10492318
Dakota7125125
Anoka5753132
Stearns377023
Washington357355
Scott242633
Olmsted228727
Nobles193116
Blue Earth15986
Wright15337
St. Louis135234
Carver13517
Rice13018
Mower12864
Clay126140
Sherburne109314
Kandiyohi9312
Winona85018
Lyon6464
Waseca5328
Steele5212
Freeborn5163
Benton5113
Watonwan5054
Nicollet49916
Todd4792
McLeod4462
Chisago4441
Le Sueur4444
Crow Wing43318
Otter Tail3924
Beltrami3764
Goodhue3309
Martin3199
Pine2810
Itasca27713
Polk2734
Isanti2580
Douglas2491
Becker2442
Carlton2391
Cottonwood2190
Pipestone2129
Unassigned20952
Morrison2031
Dodge1990
Chippewa1921
Sibley1793
Meeker1772
Wabasha1740
Brown1732
Yellow Medicine1582
Murray1542
Rock1520
Mille Lacs1453
Redwood1400
Jackson1331
Faribault1320
Renville1286
Cass1253
Roseau1160
Swift1141
Pennington1121
Houston1100
Fillmore1080
Kanabec1058
Koochiching1053
Lincoln1020
Stevens931
Pope880
Hubbard820
Aitkin711
Big Stone680
Wadena650
Grant584
Wilkin553
Lake530
Norman510
Marshall491
Lac qui Parle460
Mahnomen451
Red Lake390
Traverse300
Clearwater260
Lake of the Woods201
Kittson120
Cook60

Iowa Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 80106

Reported Deaths: 1256
CountyConfirmedDeaths
Polk15318256
Johnson499527
Woodbury498961
Black Hawk434986
Linn3783106
Story328617
Dubuque279840
Scott279727
Dallas269038
Pottawattamie200037
Buena Vista194712
Marshall176134
Sioux13503
Wapello126757
Webster119314
Clinton107018
Muscatine106452
Plymouth105220
Crawford10014
Cerro Gordo99621
Warren9286
Jasper76632
Des Moines7417
Marion7154
Tama69031
Carroll6345
Henry6074
Lee5967
Wright5621
Dickinson4856
Boone4677
Bremer4627
Washington43111
Louisa42515
Mahaska34019
Franklin33617
Delaware3353
Hamilton3143
Jackson3003
Floyd2983
Winneshiek2985
Clay2923
Benton2861
Hardin2761
Winnebago27111
Butler2592
Clarke2553
Emmet25210
Poweshiek2498
Lyon2483
Allamakee2455
Jones2443
Buchanan2421
Shelby2421
Clayton2323
Guthrie2235
Cedar2211
Chickasaw2210
Kossuth2190
Sac2140
Grundy2052
Madison2052
Cherokee1942
Fayette1911
Iowa1851
Mitchell1830
Howard1825
Harrison1782
Humboldt1733
Hancock1722
Calhoun1702
Mills1681
Palo Alto1600
Pocahontas1522
Monroe14810
Lucas1426
Page1420
Monona1381
Jefferson1341
Cass1332
Osceola1260
Appanoose1233
Taylor1231
Union1223
Davis1144
Van Buren1101
Worth1020
Ida970
Keokuk911
Fremont870
Greene870
Montgomery865
Wayne822
Adair661
Audubon641
Decatur590
Ringgold412
Adams280
Unassigned160
Rochester
Few Clouds
62° wxIcon
Hi: 80° Lo: 56°
Feels Like: 62°
Mason City
Clear
58° wxIcon
Hi: 82° Lo: 54°
Feels Like: 58°
Albert Lea
Clear
63° wxIcon
Hi: 81° Lo: 56°
Feels Like: 63°
Austin
Clear
61° wxIcon
Hi: 81° Lo: 55°
Feels Like: 61°
Charles City
Broken Clouds
55° wxIcon
Hi: 81° Lo: 53°
Feels Like: 55°
Warmer Weather Ahead
KIMT Radar
KIMT Eye in the sky

Community Events