Painting a portrait of Russian cybercrimes spanning the globe, the Justice Department on Thursday charged seven Russian intelligence officers with targeting an international chemical weapons watchdog agency, a nuclear energy company in Pennsylvania and the keepers of Olympic athletes’ drug-testing data.
Moscow scoffed at the charges, which came hours after British, Dutch and Australian officials alleged a similarly wide-ranging pattern of “brazen” conduct by Russia’s GRU military spy agency. They cited dozens of cyber intrusions, including hacking and online propaganda intended to sway the 2016 U.S. presidential election.
Other alleged acts included Russian hacking or attempted hacking of the investigation of the downing of a Malaysia Airlines passenger jet in eastern Ukraine in 2014 and of inquiries into the attempted assassination in March of a turncoat Russian spy in Britain with a nerve agent.
The seven charged in the U.S. indictment are all Russian citizens. Four are GRU agents who were previously expelled from the Netherlands. It’s unlikely they will ever face a U.S. courtroom.
Still, the volume of accusations — backed by digital fingerprints and on-the-ground surveillance of alleged Russian spy teams — represents a concerted Western effort to confront Moscow over its systemic hacking and other suspected clandestine aggression.
The evidence is awkward for President Trump, who has sought to downplay Russian involvement in the U.S. election. He has repeatedly said “others” could be responsible as well, and his administration has repeatedly alleged that China was attempting to interfere in the 2018 midterm election.
U.S. officials said the indictment shows that the Kremlin thought — wrongly — that it could easily cover its digital tracks.
The defendants “believed that they could use their perceived anonymity to act with impunity, in their own countries and on territories of other sovereign nations, to undermine international institutions to distract from their government’s own malfeasance,” said John Demers, assistant attorney general for national security.
Russia’s Foreign Ministry, which commonly responds to accusations of wrongdoing outside its borders with derision or claims of an anti-Russian conspiracy, mocked the West’s “spy mania.”
“The abuse of this topic has reached such proportions and has acquired such scope that the very bringing of these charges makes their validity doubtful,” Deputy Foreign Minister Sergei Ryabkov told reporters in Moscow.
Britain and Moscow had sparred for months over the poisoning of Sergei Skripal, a former Russian intelligence operative who has lived in Britain since he was handed over in a spy swap. British authorities recently unveiled surveillance video of two men they said had poisoned Skripal and his daughter in the English cathedral town of Salisbury.
The pair, said to be GRU officers, were swiftly identified. They later appeared on Russian TV and denied the charges.
U.S. Defense Secretary James N. Mattis, who was meeting NATO allies in Brussels as the allegations were unspooling in Western capitals, said Russia would “have to be held to account.”
“Basically, the Russians got caught with their equipment, people who were doing it, and they have got to pay the piper,” Mattis said. He did not say what retaliatory steps or countermeasures might be taken.
“The investigation leading to the indictments announced today is the FBI at its best,” FBI Director Christopher A. Wray said in a statement. The defendants’ “actions extended beyond borders, but so did the FBI’s investigation.”
The indictment describes a striking array of cyber-spycraft methods used by the Russian agents — fictitious personas, proxy servers, spear-phishing emails and malware command-and-control servers.
When remote hacking didn’t work, “teams of GRU technical intelligence officers … traveled to locations around the world where targets were physically located,” the indictment said. These “close-access” teams then used tactics such as logging onto WiFi networks being used by their targets.
Some of the charges focus on events that rocked the sports world, and showed how far the Kremlin would go to avenge what it considered international humiliation of its athletes.
More than 100 Russian athletes were banned from the 2016 Summer Olympics in Rio de Janeiro after the World Anti-Doping Agency, or WADA, issued a report filled with damning detail on Russia’s state-sponsored campaign to circumvent drug-testing procedures surrounding the 2014 Winter Games in Sochi, Russia.
Russian agents then hacked WADA files and leaked confidential data on U.S. athletic stars, the indictment said, including the tennis-playing Williams sisters, Serena and Venus, and Simone Biles, the gold-medal-winning gymnast.
Some of the most comprehensive details came from the Netherlands, where officials provided photos and a precise timeline of Russian agents’ efforts to target the Organization for the Prohibition of Chemical Weapons in The Hague.
The organization was studying the nerve agent Novichok, used against Skripal and his daughter, and was also investigating the alleged use of chemical warfare agents in Syria by forces loyal to President Bashar Assad, whom Russia supports.
Dutch officials also said Russian spies tried to hack investigators looking into the 2014 downing of a Malaysia Airlines flight over eastern Ukraine, which killed nearly 300 people, many of them Dutch. Investigators say the ground-to-air missile that brought down the jet was supplied by a Russian military unit.
The defendants included four members of an elite Russian military hacking center known as Unit 26165. They were identified as Aleksei Sergeyevich Morenets, 41; Evgenii Mikhaylovich Serebriakov, 37; Ivan Sergeyevich Yermakov, 32; Artem Andreyevich Malyshev, 30; and Dmitriy Sergeyevich Badin, 27. Alleged GRU officers Oleg Mikhaylovich Sotnikov, 46, and Alexey Valerevich Minin, 46, were also indicted.
Each of the seven was charged with conspiracy to commit computer fraud and abuse, conspiracy to commit wire fraud, and conspiracy to commit money laundering. Five of the seven were also charged with aggravated identity theft.