GRU: Attack dog of Russian intelligence

The storyline's straight out of a spy thriller: two men allegedly dispatched from Moscow to eliminate a defe...

Posted: Sep 9, 2018 12:33 PM
Updated: Sep 9, 2018 12:33 PM

The storyline's straight out of a spy thriller: two men allegedly dispatched from Moscow to eliminate a defector in a quiet English city -- but leaving traces of their movements everywhere to be painstakingly recreated by the intrepid British police.

British Prime Minister Theresa May went into great detail about the movements of the two middle-aged men on their brief visit to England in March. They entered the country using aliases, as Alexander Petrov and Ruslan Boshirov. They twice visited Salisbury, and, she says, on the second trip they applied the deadly nerve agent Novichok to the front door of Sergei Skripal's home, before carelessly discarding a perfume bottle adapted to carry the poison.

2018 Russian spy poisoning

Continents and regions

Digital crime

Digital security

Eastern Europe

England

Europe

Government and public administration

Government bodies and offices

Government departments and authorities

Intelligence services

International relations

International relations and national security

London

Misc people

Moscow

North America

Northern Europe

Political Figures - Intl

Russia

Sergei Skripal

Technology

The Americas

Theresa May

United Kingdom

United States

Animals and society

Crime, law enforcement and corrections

Criminal offenses

Diseases and disorders

Elections (by type)

Elections and campaigns

Health and medical

National security

Politics

Society

2016 Presidential election

Political candidates

US Presidential elections

Biological and chemical weapons

Military weapons

Weapons and arms

Weapons of mass destruction

That same evening, according to May, the duo left London's Heathrow airport on a return flight to Moscow.

May said the UK intelligence services had established that both were officers of Russian military intelligence (the GRU).

"Were these two suspects within our jurisdiction there would be a clear basis in law for their arrest for murder," May added, following the death of Dawn Sturgess when she came into contact with the disposed Novichok.

Inevitably, Kremlin spokesman Dmitry Peskov dismissed May's account, saying that "neither top Russian authorities nor the lower-ranking authorities or any other officials had anything to do with the Salisbury events."

In a rare interview earlier this year with a Russian Defense Ministry newspaper, a former head of the GRU, Fyodor Ladygin, said: "The Russian intelligence agency where I had the honor to work for many years... never resorted to such heinous acts as the ones that Britain is trying to implicate it in."

But May's account assembled evidence that brought strong support from the UK's allies in the UN Security Council. So the question is: were these alleged agents incompetent -- or just indifferent to being discovered? Did Russia want the world to know, yes, we did it? Are its operatives careless or is deniability deemed unnecessary?

The Main Directorate

While still commonly referred to as the GRU (Glavnoe Razvedyvatelnoe Upravlenie) or Main Intelligence Directorate, the agency actually changed its name to the Main Directorate (GU) in 2010. It very much sits within the military sphere; its head -- currently Igor Korobov -- reports to the Chief of the General Staff and Defense Minister.

In her statement on Wednesday, May described the GRU as as a "highly disciplined organization." But it's an agency where tradecraft is sometimes optional or sparingly applied. Digitally or otherwise, it leaves fingerprints. And it may not care.

Mark Galeotti of the Institute of International Relations in Prague and a seasoned watcher of the Russian security services, says the GRU is not like Russia's other intelligence services because it's essentially a "war-fighting instrument which is mission-oriented."

In the eyes of the GRU, says Galeotti, "the biggest sin is not to take advantage of an opportunity." It takes risks and is aggressive.

"By contrast, the foreign intelligence service or SVR is more like MI6, a white-collar organization with diplomatic cover that is risk-averse," Galeotti says.

The Skripal case

"Petrov" and "Boshirov" didn't take steps to camouflage their travel. They flew direct from Moscow on Russian passports, Britain's Crown Prosecution Service said. They used public transport in England, where there are almost as many surveillance cameras as there are passengers.

Critically they stayed in a budget hotel where, according to British authorities, minute traces of Novichok were later found. They appear to have gone everywhere together, making them much easier to pick out for the detectives wading through more than 11,000 hours of surveillance video.

Britain's Security Minister Ben Wallace said the duo had failed in their mission (if it was to kill Skripal.) "They couldn't run a bath in the GRU," Wallace told British media Thursday. Conservative MP Johnny Mercer tweeted after May's disclosures: "I hope this toilet tradecraft will help reduce perception that Russia is some intelligence/military behemoth to be cowered from."

But such scorn may miss the point.

The attack was meant to send a broader message to the UK government, says Galeotti. The Russians believed Sergei Skripal, a former GRU officer who arrived in the UK with a pardon as a result of a spy swap in 2010, was active again -- with the connivance or encouragement of the UK intelligence services. And that -- to Moscow -- was out of order.

Whether the GRU proposed the operation or was directed to carry it out by the Kremlin will probably never be known, adds Galeotti. But he has no doubt that such an attack would have required a green light at a very high level.

Had such an audacious operation not been approved from above, there would have been consequences in the form of "unexpected retirements" at the GRU, Galeotti concludes. His sources suggest the agency remains "one of the favorite sons" of President Vladimir Putin.

Guccifer 2.0

The GRU has certainly been throwing its weight around in recent years and is an active participant in what the Chief of the General Staff, Valery Gerasimov, described in 2013 as a new form of warfare through "political, economic, informational, humanitarian, and other non-military measures."

That has included an enthusiastic embrace of cyber-warfare. Thomas Rid, currently a Professor of Strategic Studies at Johns Hopkins University, told a US Senate panel last year that "by early 2015, GRU was targeting military and diplomatic entities at high tempo, especially defense attachés world-wide. Among the targets are numerous senior US military officers and defense civilians."

At the beginning of 2017, the US intelligence community released a report firmly tying the GRU to the hacking of Democratic Party email accounts in the previous year's US election campaign.

That report concluded: "We assess with high confidence that Russian military intelligence (General Staff Main Intelligence Directorate or GRU) used the Guccifer 2.0 persona and DCLeaks.com" to distribute hacked material.

The operation had begun by March 2016, according to the declassified version of the report.

Subsequently, the US Special Prosecutor's office, in a detailed indictment, identified 12 GRU officers as being involved in the hacking, saying that the "GRU had multiple units, including Units 26165 and 74455, engaged in cyber operations." Several of the officers used a GRU malware called X-Agent.

The indictment included the addresses in Moscow where these units worked, and the online aliases used by some of the officers. Prosecutors say they were also able to trace the hackers' lease of a server in Arizona and their inability on one occasion to connect to X-Agent.

Among other examples of careless tradecraft, according to the indictment, the GRU officers "operated the @dcleaks_ Twitter account from the same computer used for other efforts to interfere with the 2016 US presidential election."

Rid notes that the sort of hacking infrastructure repeatedly used by the GRU "allowed investigators to link the DNC breach to other breaches with high confidence, particularly to the German Bundestag hack" in 2015.

Again, it seems that results -- sowing disruption -- were more important than perfect tradecraft.

The Dutch intrusion

It's not only the GRU whose work has left fingerprints. Part of the US intelligence assessment early in 2017 appears to have been based on an extraordinary intrusion into the work of the Russian intelligence services by the Dutch agency AIVD.

While the agency itself won't comment on its works, Dutch and other media say the AIVD's Joint Sigint Cyber Unit penetrated the computer network at a university building next to Red Square in Moscow.

Later, according to a source familiar with Dutch operation, AIVD discovered the network was run by a Russian hacker group known as "Cozy Bear," which has been involved in multiple hacking attacks on governments and companies for more than a decade.

The Dutch analysts deduced that Cozy Bear was a creature of the Russian Foreign Intelligence Service, the SVR. It was their work that tipped off the US about Russia's foray into the 2016 election.

'Big boots'

The degree of cooperation and competition among Russian intelligence agencies ebbs and flows. Galeotti says the SVR and the domestic security service, the FSB, may share disdain for the "big boots" of the GRU, but it is unlikely any agency would actively impede the work of another.

The GRU has been an important player in eastern Ukraine, supporting the separatists with weapons procurement and training. Galeotti told CNN the GRU is ideally suited to acting in the region because it includes many former members of the Russian special forces, or Spetsnaz. The conflict in Ukraine was the perfect environment for an agency comfortable in lawless foreign regions and war zones. A number of former GRU officers have been sanctioned by the US Treasury for their activities in Ukraine and Crimea.

The agency was also linked to a failed attempt to overthrow Montenegro's government on the eve of parliamentary elections in October 2016. Montenegro's chief special prosecutors says Russia was involved in that plot and also one to kill the country's then prime minister. Kremlin spokesman Dmitry Peskov called the allegations "absurd."

Galeotti believes the GRU was tasked with the effort in an attempt to prevent Montenegro from joining NATO. Within the last week, Estonia has arrested two men for supplying classified information and state secrets to the GRU over a period of five years, receiving undisclosed payments in return. One of them is a former artillery officer in the Estonian Defense Forces.

Whether the GRU has been effective with its "big boots" is open to question. The shooting down of MH17 rallied western governments behind a hard line on sanctions against Russia over its intervention in Ukraine. The Skripal affair united many governments in expelling Russian diplomats. Montenegro went ahead and joined NATO -- just what Russia didn't want.

Shortly before his death in 1952, Soviet leader Joseph Stalin convened a meeting to reorganize the country's intelligence services. According to historical accounts of that meeting, Stalin said: "In intelligence, one should never work by launching an attack up front. Intelligence should be active in a roundabout way. Otherwise there will be failures and serious failures."

The GRU seems to have adopted a different philosophy.

Mississippi Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 93087

Reported Deaths: 2809
CountyConfirmedDeaths
Hinds6956155
DeSoto539355
Harrison372772
Jackson337867
Madison320086
Rankin318875
Lee258567
Jones239978
Forrest238270
Washington217471
Lafayette207239
Lauderdale1994124
Bolivar179065
Oktibbeha174750
Lamar162134
Neshoba1534103
Panola144027
Sunflower141144
Lowndes139857
Warren138050
Leflore136280
Pontotoc122516
Pike120948
Monroe118365
Scott116125
Copiah115933
Coahoma112327
Holmes109158
Marshall107515
Lincoln106253
Grenada105335
Yazoo103629
Simpson101243
Union97824
Tate95137
Leake93937
Adams91736
Wayne87421
Pearl River86250
Marion84133
Prentiss80817
Covington80622
Alcorn76811
Newton75623
Itawamba75221
Tallahatchie74918
George74413
Winston72319
Tishomingo65737
Chickasaw65224
Tippah64216
Attala64125
Walthall59325
Clay57117
Hancock56121
Jasper54915
Noxubee54315
Clarke53539
Smith52114
Calhoun50612
Tunica47913
Montgomery45420
Claiborne45116
Lawrence42512
Yalobusha41614
Perry40617
Humphreys37315
Quitman3735
Stone35011
Greene34317
Webster33113
Jefferson Davis32511
Amite31210
Carroll31212
Wilkinson30217
Kemper28615
Sharkey26312
Jefferson2399
Benton2181
Franklin1893
Choctaw1785
Issaquena1033
Unassigned00

Alabama Coronavirus Cases

Confirmed Cases: 128818

Reported Deaths: 2284
CountyConfirmedDeaths
Jefferson18911337
Mobile13039289
Montgomery8628173
Madison750775
Tuscaloosa7180114
Lee570559
Shelby564550
Baldwin504749
Marshall382143
Etowah333447
Calhoun332039
Morgan318126
Houston269922
Elmore251947
DeKalb234619
St. Clair221335
Walker220780
Talladega205026
Limestone197319
Cullman183017
Franklin174128
Dallas173626
Russell17112
Autauga167324
Lauderdale164133
Colbert159326
Escambia155725
Blount154214
Jackson149411
Chilton147127
Dale132743
Covington130227
Coffee12708
Pike11519
Tallapoosa113183
Chambers112342
Clarke104917
Marion93728
Butler90838
Barbour8307
Marengo69919
Winston69912
Lowndes64527
Pickens63114
Bibb62810
Hale61228
Randolph60712
Bullock58514
Lawrence58220
Monroe5758
Geneva5634
Cherokee55516
Washington54413
Perry5376
Clay5367
Wilcox53011
Conecuh52311
Crenshaw52231
Macon47620
Henry4674
Fayette4189
Sumter41819
Lamar3452
Choctaw34412
Cleburne3206
Greene30015
Coosa1613
Out of AL00
Unassigned00
Tupelo
Scattered Clouds
62° wxIcon
Hi: 81° Lo: 57°
Feels Like: 62°
Columbus
Clear
62° wxIcon
Hi: 82° Lo: 57°
Feels Like: 62°
Oxford
Scattered Clouds
59° wxIcon
Hi: 80° Lo: 56°
Feels Like: 59°
Starkville
Clear
61° wxIcon
Hi: 80° Lo: 55°
Feels Like: 61°
WTVA Radar
WTVA Temperatures
WTVA Severe Weather