If I was running an operation like that I think I'd load all that kit into a car and park it somewhere in the expectation that it would be found - and I'd run a second operation a lot more carefully in another location. It's worked for me in the past - everyone stops looking when they have "found" the intruder.
Dutch cheesed off with Russians, expel four suspects over chemical weapons Wi-Fi spying
Four alleged Russian agents have been expelled from the Netherlands after they attempted to hack the chemical weapons watchdog probing the Novichok poisonings in Salisbury, England, and the chemical attack case in Douma, Syria. According to the Dutch Ministry of Defence on Thursday, the four Russians arrived at Schiphol …
COMMENTS
-
-
Thursday 4th October 2018 22:59 GMT Mark 85
False Sense of Security Scenario?
That would seem reasonable to me. The catch is, is/was there another team that went through customs? Or just drive in from a neighboring country? Going through customs would be the perfect way to get the Trojan Horses in place as they would be "official" visitors. A drive in type... somewhat stealthy.
OTOH, this could just all be political maneuvering where the team was expected to be caught and there isn't any second team... yet.
-
Friday 5th October 2018 13:02 GMT TheVogon
"I think I'd load all that kit into a car and park it somewhere in the expectation that it would be found - and I'd run a second operation a lot more carefully in another location."
But probably not staying by it until caught. And probably not leaving embarrassing details of previous such attacks on the hardware in question.
It's been like something out of a Pink Panther cartoon. Incredible ineptitude.
-
Monday 8th October 2018 18:38 GMT MonkeyCee
Well done.
Congratulations bandit1, here is the bandit2 password.
You might have a cute and comical view of the Netherlands being a bit of a laugh about lawn order, since getting caught with a spliff by a cop isn't likely to involve a beating, but they are serious about high level crime.
It's not by chance that the international court is there.
You might also have noticed that the dark web sites that are infiltrated are often done by the Dutch cyber crimes team. Same for catching Russian hackers.
So I strongly suspect that if you or I, clever as we are, tried to play one of their investigtors at chess, we'd lose.
We'd only be thinking 6-10 moves ahead.
They're thinking several games ahead.
"and I'd run a second operation a lot more carefully in another location. "
What about this announcement implies that said operations are also not busted?
It's not like either side needs to announce what is going on.
-
-
Friday 5th October 2018 17:07 GMT Anonymous Coward
Guerin? Thought that was Dr. Seuss.
That is such an arrogant comment, I had to look her up. According to wikipedia, she drove a man to suicide and might of been committing insest with her brother. Also describes her as a control freak and someone who would only affiliate with the rich and powerful. All that in her very, very small entry.
Honestly, I'm not surprised at all a person like that would say such a thing. Although, I'm not sure I'd try to spin a quote of hers as a utility of realization.
-
-
-
-
Saturday 6th October 2018 20:37 GMT Alan Brown
Re: Does Russia think anyone believes them?
"Russians do through carefully selected and crafted information pushed to them"
Maybe some Russians do.
The Russians I know have put it like this: "You know he's a mafia thug, WE know he's a mafia thug and we ALL know that what's in the Russian media is bullshit propaganda, so we just roll our eyes and carry on. The problem is that the system is so corrupt that voting him out isn't actually an option - and nor is a revolution, because what would replace him is just as bad (or worse) as what's already there."
-
Friday 5th October 2018 07:20 GMT wolfetone
Re: Does Russia think anyone believes them?
Well, there is that. But to paraphrase what my wife said the other day - in regards to the woman who died from the poisoning - "Who picks up a bottle they find on the floor in a park and sprays it on themselves?".
For every bit of the Salisbury thing that makes some sense, there are things like this that leave you feeling bewildered.
-
Friday 5th October 2018 14:43 GMT Korev
Re: Does Russia think anyone believes them?
Well, there is that. But to paraphrase what my wife said the other day - in regards to the woman who died from the poisoning - "Who picks up a bottle they find on the floor in a park and sprays it on themselves?".
What has been reported (at least) says that a "vulnerable" guy found it, assumed it was perfume and gave it to his other half as a present.
-
-
-
Friday 5th October 2018 02:14 GMT Anonymous Coward
Russian Intelligence agency codenamed Sandworm
"The deported men were apparently working for the Russian military intelligence agency GRU, more specifically a group codenamed Sandworm, which attempted to remotely hack the OPCW and the UK government's top-secret research laboratory Porton Down after having a pop at the Brits' Foreign Office computer network in March. UK authorities assisted in the Dutch cops' investigation."
a. You mean 'UK authorities' fed them this crock?
b. What moron at Porton Down connects their internal network to the Internet?
c. How did your sources come by the codename of this hacking group?
-
Friday 5th October 2018 06:35 GMT Anonymous Coward
Re: Russian Intelligence agency codenamed Sandworm
a. I think the Dutch are perfectly capable of looking at diplomatic passports and hacking kit found in the possession of 4 Russians near the OPCW and reaching their own conclusions.
b. I don't think you know anything of what their IT arrangements are
c. Perhaps they're just as careless online as they appear to be in real life...
-
Friday 5th October 2018 07:34 GMT Allan George Dyer
Re: Russian Intelligence agency codenamed Sandworm
@Walter Bishop - "c. How did your sources come by the codename of this hacking group?"
I assume the investigators gave the group the codename, it's a lot easier than referring to them as, "the group we detected at... and...". Surely the GRU would use a Russian codename, google tells me that песчаный червь is Russian for sandworm.
-
-
Friday 5th October 2018 06:15 GMT Potemkine!
Congrats to the Dutch Intelligence
and to the other services who tipped them.
There's no doubt Russia is hostile. What is new is that since Trumpy the Klown won the US election with a minority of votes, Russia feels free to attack Western countries without the usual precautions. Now that the US and the US-NATO relation are weak, Putin take advantage of the situation.
It's time to slap his hand and show him he went too far.
-
Friday 5th October 2018 12:06 GMT Anonymous Coward
Re: Congrats to the Dutch Intelligence
It's time to slap his hand and show him he went too far.
That's what they're doing. Against a nation that has no qualms about shooting down (or helping shoot down) civilian airliners, using its agents for overseas assassinations, killing or imprisoning domestic opponents, or using military force*, we can't do too much physically, and sanctions will be difficult to impose going into winter when the EU depend on Russian gas, and will in any event not be supported by China and the non-aligned countries. What can be done is to puncture your opponent's pomposity, sense of invincibility, and global reputation, so that's why there's shitloads of coverage in the Western press. Whether the press of the non-Western world notices is another matter, although I'd imagine all security services are having a good snigger at the Russians being caught red handed.
In terms of what's being reported, it's clearly spin, and "placed". Look at any mass market UK new source and the claims about uncovering 300 odd GRU agents identities from this. On the one hand it makes for a fabulous embarrassment for the GRU in the press, but the reported logic trail doesn't actually follow. To believe the Dutch incident led Western security agencies to details of vehicles registered to GRU addresses and then to agents would need to mean this rather obvious step hadn't occurred to them before, and/or they didn't know where the GRU operates from. Also, the security services never let on to what they actually know, so spaffing this to the press is clear indication that there's nothing in this that is new, and that the Russians themselves were not aware of.
* Yes, I know the West can be accused under most of these headings
-
-
Friday 5th October 2018 07:41 GMT blondie101
Why go public?
I get this:
- Russian diplomats gathering information. And for being diplomat (or more correct in the possession of a diplomatic passport) there is no risk, besides to be trown out of the country.
- the Dutch who throw them out
- the "denial" of the Russians (because they always deny)
But why all the media attention? What do the Dutch try to accomplish? What is the spin? Anyone?
-
Friday 5th October 2018 08:02 GMT Anonymous Coward
Re: Why go public?
It's part of a united western declaration that Russia is doing naughty things.
The Dutch saying this alone... nobody cares. The Dutch, Brits, Americans, Australians, et cetera all saying similar things together will present a united front and people might listen.
Kinda like the #MeToo movement.
-
-
Friday 5th October 2018 10:40 GMT Avatar of They
Re: Why go public?
I imagine the target is the public. Because in the back ground and in hidden meetings NATO will be ramping up counter measures, dusting off old plans and drawing lines in sand - again. And at the end of this will come the big questions about nations budgets and defence spending.
That needs people to see the threats that are there, which thanks to twenty years of Russia not being dicks has meant money can be spent on other useful things and happy times.
But there is a time coming soon that we may need to turn away from roads and schools etc. And once against recruit soldiers, build ships etc. For that the public need to be on board.
Difference is in the twenty years of peace the EU has become a very different beast of cross working and helping eachother. So NATO by default will benefit by closer working EU nations, compared to 20 years ago. (Just don't mention the orange trump clown, 'Hunt' doing his best to alienate our allies and the May / Boris / Farage Brexit disaster)
-
Friday 5th October 2018 12:06 GMT Anonymous Coward
Re: Why go public?
And who is the intended receiver?
1. The Western public, because the story can be spun as evidence that "Russia is a threat to us all", and plays to the narrative that our governments are here to protect us, and have our best interests at heart.
2. The non-aligned world because (if they hear this, believe it, and care) it damages Russia and Putin's credibility and trustworthiness. In international relations, those two are vitally important. I'm not sure most of Russia's trading partners will care, and I suspect the relevance of the story to (say) the Chinese, Arabic or Indonesian citizens is small.
3. Putin. The hope is that he'll be embarrassed and be a big bit more cautious next time, to the extent of desisting from the unwanted behaviours. This would seem to be optimistic, since Putin will now be thinking that he needs to re-establish his strong man credentials by some show of force.
-
-
Friday 5th October 2018 18:10 GMT Danny 2
Re: Why go public?
"And for being diplomat (or more correct in the possession of a diplomatic passport) there is no risk, besides to be trown out of the country."
Although the Dutch did just throw them out, they could have arrested them. Merely possessing a diplomatic passport does not confer diplomatic immunity until it is registered with a host nation.
As for the publicity, that is a clear rebuke to Russia and clear support to the UK.
Twenty years ago I worked for a private organisation that had it's own security division and an intranet that listed global security threats. When I searched on the Netherlands it claimed that 800 Russian crime gangs had set up bases there in the previous two years.
I asked my Dutch friends about that and they said that was credible, and to stay away from the plethora of Russian tea rooms ("there is never anyone in there").
Coffeeshops good, tearooms bad.
-
-
Friday 5th October 2018 08:57 GMT DropBear
One kinda wonders how exactly they were caught in the first place - it's not like tossing some kit under a coat in a car will automatically attract any law enforcement within three miles or something. Were the Dutch a) tipped off by someone who knew what was going on, from either side of the fence or b) were they already watching the "diplomats" or c) did the maid in the Marriott notice one too many Yagi antennas in their room or d) was the OPCW already so spooked by the previous hacking attempts that they were actively looking out for this sort of presence around their building or e) was the car parked in a fixed place 24/7 with a bunch of scary-looking blokes just sitting in it or e) did the "diplomats" simply check into the hotel as "Mr. Blonde, Mr. Blue, Mr. Brown, Mr. Orange"...?
-
Friday 5th October 2018 18:13 GMT JohnG
"One kinda wonders how exactly they were caught in the first place"
I suspect the Dutch would routinely keep an eye on new arrivals with diplomatic passports but in this case, they were tipped off by British intelligence agents that the OPCW and/or other bodies might be hacked. Quite how British intelligence agencies knew of this in advance is not known/stated.
-
Friday 5th October 2018 14:41 GMT GnuTzu
"Expelled" Not Held -- What?!?!?
How long were they held. And, now that they're expelled, the Russians are saying they've got it all wrong. They get caught red handed, interfering with a legal investigation, and they were just let go?!?!?
Well, maybe I've just become accustomed to hearing about terrorists being held for years in Guantanamo. Have I been infected with a distorted view of the World or is the World crazy? Maybe it's a little of one and a lot of the other.
-
Saturday 6th October 2018 18:15 GMT Anonymous Coward
Re: "Expelled" Not Held -- What?!?!?
Expelling unwanted elements is just so much easier, cheaper and leads to less political mayhem than having to take care of them /ad infinitum/, meanwhile making sure their /own/ government does not sneak them a Finimal - on top of that it would only lead to raised eyebrows, voices and alert levels.
One does not need imagine the faux fury, ouraged threats and clouds of toxic hot gas the Kremlin would emanate at such a sleight of its preposterously exaggerated integrity - they have a well-documented history of hissy fits that make the average toddler stomping on the floor in Aisle 3 and screaming for Suckapops look like a completely reasonable human being in complete control of their emotions.
So. We merrily carry on with the Grand Plan to NOT poke the bear unneccesarily. The bear has gone rather hungry from growling at its neighbours, but its teeth are falling out and it has no more young to eat. Best to quietly let it starve in its cave.
I think it was Aesop who wrote about this, or perhaps was it the good Doctor who rhymed so appropriately that life with a bear is unbearable, however the case may be, it is not really as du jour for nations to provoke one anoteher as before the Great War, at least not on this side of the Blinis.
So, off our lawn with this lot, shoe and best not let us catch you again.