October 11, 2018


Ironically, the GRU Gets Bitten by the Internet (Scott Stewart, 10/09/18,  Stratfor)

Last week was a rough one for Russia's military intelligence service. On Oct. 4, the U.S. Department of Justice announced the indictment of seven officers of the Main Intelligence Directorate (known as the GRU by its Russian acronym) in connection with hacking operations. At the same time, Dutch intelligence services released a report on the April arrest of four of the men that included their passport information and photos of their hacking equipment. Then independent investigators, using the internet and social media, dug up additional information on the GRU's cyberwarfare unit, confirming the identity of one of the suspects in a nerve agent poisoning in the United Kingdom and identifying the second suspect for the first time.

These developments emphasize how social media and open-source information on the internet -- though inherently neutral -- can be used for either good or ill. It is highly ironic that the GRU, which has been quite successful in using social media to stir up discord inside the United States and Europe, also has been embarrassed by open-source reporting. These recent developments also show how technological innovation is changing the spying game, and intelligence services are moving -- sometimes not so quickly -- to adapt. [...]

Sadly for Morenets, the receipt was not the end of his woes. A student in an intelligence seminar reportedly found an online dating profile for him, which happened to contain a selfie profile picture that showed the GRU building in the background. The student sleuth was associated with Bellingcat, an organization that uses open sources and social media to conduct online investigations. Working with the citizen journalism organization The Insider Russia, Bellingcat was able to confirm that Morenets was his real name, and not a pseudonym. They also discovered that his vehicle was registered to Komsomolsky Prospekt 20 in Moscow; that address is associated with Unit 26165 of the GRU, which U.S. and Dutch law enforcement say is its cyberwarfare department. Bellingcat reported that a search for other vehicles registered at that address turned up 305 names, potentially providing an extensive list of GRU cyberwarfare personnel -- an embarrassing breach of operational security for the intelligence agency.

Posted by at October 11, 2018 10:04 AM