What could be more embarrassing for a Russian spy: Their info splashed online – or that they drive a Lada?

Privacy blunder blows cover on 300+ suspected Kremlin agents

Spy pointing gun at himself

It has been a busy week for Russian military intelligence – and it's about to get busier. A database search of car registrations appears to have outed more than 300 GRU agents.

Following Thursday's report from Dutch and British authorities of a thwarted hacking attack involving four Russian nationals alleged to be officers in Russia's Main Directorate of the General Staff of the Armed Forces (GRU) cyber warfare unit, investigative news site Bellingcat and The Insider, a Russian crowdfunded news organization, used the names of the alleged perpetrators to identify 305 other potential GRU agents.

In a post on Thursday, Bellingcat said that in the process of confirming the identities of the agents revealed by Dutch and British authorities, it found the name of one of the officers, Aleksei Morenets, in a Russian automobile registration database from 2011.

The address listed, Komsomolsky Prospekt 20, is said to be the address of military unit 26165 of the GRU, which happens to be the team cited in the US Justice Department indictment on Thursday of seven GRU officers for their role in a hacking campaign to discredit anti-doping organizations critical of Russian athletes.

The GRU seven - from the FBI's "wanted" poster

The fur is not gonna fly: Uncle Sam charges seven Russians with Fancy Bear hack sprees

READ MORE

In a related indictment in July, the Justice Department charged a dozen GRU officers with hacking offenses related to efforts to sway the 2016 US presidential election.

After spotting Morenets' info in the car registration database, Bellingcat then searched for other cars registered at the GRU-linked address and identified 305 registrations – including one for a trusty old Lada. If each of the associated individuals is in fact a member of GRU unit 26165, the outing of so many Russian agents represents a massive privacy failure and opsec blunder.

Last week, Bellingcat identified one of the two individuals said to be responsible for the UK poisoning of Sergey and Yulia Skripal and the death of Dawn Sturgess as Colonel Anatoliy Chepiga of the GRU.

Adding insult to Russia's privacy pratfall, the EU is considering the introduction of a sanctions regime similar to the US Magnitsky Act that could be enacted as soon as May 2019. The Magnitsky Act is a law passed in 2012 to punish Russian officials linked to the death of anti-corruption activist Sergei Magnitsky and is a major irritant to the Russian government. ®




Biting the hand that feeds IT © 1998–2018