String of own goals by Russian spies exposes a strange sloppiness

The secretive, daring GRU seems to have lost its way in the age of internet search

It must go down as one of the most embarrassing months ever for Russia’s military intelligence.

In the 30 days since Theresa May revealed the cover identities of the Salisbury poison suspects, the secretive GRU (now GU) has been publicly exposed by rival intelligence agencies and online sleuths, with an assist from Russia’s own president.

Despite attempts to stonewall public inquiry, the GRU’s dissection has been clinical. The agency has always had a reputation for daring, bolstered by its affiliation with special forces commando units and agents who have seen live combat.

But in dispatching agents to the Netherlands who could, just using Google, be easily exposed as graduates of an elite GRU academy, the agency appears reckless and absurdly sloppy.

One of the suspected agents, tipped as a “human intelligence source” by Dutch investigators, had registered five vehicles at a north-western Moscow address better known as the Aquarium, the GRU finishing school for military attaches and elite spies. According to online listings, which are not official but are publicly available to anyone on Google, he drove a Honda Civic, then moved on to an Alfa Romeo. In case the address did not tip investigators off, he also listed the base number of the Military-Diplomatic Academy.

That was the same school where Anatoliy Chepiga, the alleged true identity of the Russian suspect in the Salisbury poisoning, finished his education. Viktor Suvorov, a GRU agent who later defected to the west, described the academy as so secret that Soviet citizens could be jailed just for revealing its existence.

The internet has now made it far harder to hide that evidence. But the GRU apparently thought that would not matter.

Meanwhile, most of the alleged agents could be found online.

One of the men, Aleksei Morenets, an alleged hacker, appeared to have set up a dating profile.

Another played for an amateur Moscow football team “known as the security services team” a current player told the Moscow Times. “Almost everyone works for an intelligence agency.” The team rosters are publicly available.

Russia has claimed that the investigations are fake and that researchers are in league with western intelligence. But most of the evidence to uncover the spies was already out there, and conveniently timestamped on social media.

The saga began after May’s announcement last month, when Vladimir Putin ordered the two Salisbury suspects to appear on television. There, the two men fumbled through an awkward story about visiting Salisbury twice to see the cathedral, while an editor for state television suggested that they were gay. Homosexuality is largely treated as taboo in Russia and the government passed a law banning “gay propaganda” in 2013.

It didn’t help. One of the two men was outed as a likely GRU colonel anyway, after online investigators dug up photographs from his military service and leaked passport records.

Along the way, the researchers from Bellingcat and the Insider also recognised that the men were issued sequentially numbered passports by a special division, making it easier for anyone with access to a leaked database to identify them.

And then came Thursday’s bombshell: four men outed by Dutch investigators for attempting to hack into the Organisation for the Prohibition of Chemical Weapons (as well as Malaysia’s investigation into a downed jetliner).

The alleged spies were caught carrying enough telephones to fill an electronics store. Moreover, like all meticulous Russians on a business trip, they held on to their taxi receipts from GRU headquarters.

Russia will publicly deny the latest reports and revelations about the alleged GRU agents. It has no other alternative. But the exposure of several consecutive European operations should raise questions about whether Russian military intelligence is being intentionally provocative or has simply gone off the rails.


Andrew Roth in Moscow

The GuardianTramp

Related Content

Article image
UK accuses Kremlin of ordering series of 'reckless' cyber-attacks
Foreign Office increases pressure on Russia after Skripal poisoning

Patrick Wintour Diplomatic editor

03, Oct, 2018 @11:01 PM

Article image
How Russian spies bungled cyber-attack on weapons watchdog
The GRU intelligence agency is undoubtedly ambitious but this operation is hardly a triumph

Luke Harding

04, Oct, 2018 @4:13 PM

Article image
The Cambridge Analytica exposé shows the UK needs better data protection | Liam Byrne
From the savagery in Salisbury to ‘dark social ads’, Russia’s hybrid warfare is here and needs a swift response, says the shadow digital minister, Liam Byrne

Liam Byrne

19, Mar, 2018 @9:47 AM

Article image
Visual guide: how Dutch intelligence thwarted a Russian hacking operation
Four agents were caught trying to hack into the international chemical weapons watchdog’s headquarters in The Hague, according to Dutch authorities

Jon Henley

04, Oct, 2018 @2:55 PM

Article image
Russia accused of cyber-attack on chemical weapons watchdog
Netherlands expelled four GRU officers after alleged attacks on OPCW and UK Foreign Office

Pippa Crerar, Jon Henley and Patrick Wintour

04, Oct, 2018 @2:48 PM

Article image
Russian military intelligence head's death causes inevitable speculation | Shaun Walker
Igor Korobov knew a lot about GRU operations, including poisoning of the Skripals

Shaun Walker Central and eastern Europe correspondent

22, Nov, 2018 @3:34 PM

Article image
UK to ask EU leaders to expel Russian spies from own countries
Theresa May to make request at summit, with aim of closing down Kremlin networks in Europe

Jessica Elgot Political correspondent

21, Mar, 2018 @10:30 PM

Article image
Suspected Russian cyber-attack growing in scale, Microsoft warns
Government agencies around world among targets in SolarWinds ‘espionage-based’ hack

Dan Sabbagh Defence and security editor

18, Dec, 2020 @5:07 PM

Article image
Russian hackers suspected of Kremlin ties used Windows bug ‘to spy on west’
Cyber-threat intelligence firm iSight says ‘Sandworm Team’ used unknown bugs from 2009 to steal EU and Nato documents

Alec Luhn in Moscow

14, Oct, 2014 @5:41 PM

Article image
Google warns of surge in activity by state-backed hackers
More than 50,000 alerts sent so far this year, including of an Iranian group that targeted a UK university

Dan Milmo Global technology editor

15, Oct, 2021 @12:00 PM