Analysis

Amateur Russian Spies Were Busted Hacking the Chemical Arms Watchdog. Here's Why Putin Won't Stop

The joint decision by the Netherlands and Britain to put Moscow in its place by deporting four Russian 'diplomats' and publicly revealing the botched operation to hack the OPCW was an attempt at drawing clearer lines. But it was barely a start

Parts of Russian diplomatic passports of alleged Russian agents expelled from Holland in April, released on October 4, 2018
AFP

The big advantage of cyberwarfare, at least from the offensive perspective, is the undefined nature of attack operations through computer networks. International law evolves slowly and is still trying to catch up.

What are the responsibilities of a state for its citizens’ hacking? Do databases and information clouds and networks confirm to sovereign borders? Hacking a government computer, or that of a political party, may constitute an attack on the state, but what about multinational corporations and international organizations? And can a cyberattack even be ascribed to a state, when in many cases they are carried out by seemingly independent hacker collectives or electronic organized crime?

The joint decision by the governments of the Netherlands and Britain Thursday to put Russia in its place, deport four Russian “diplomats” and publicly reveal their findings over the apparently botched operation to hack in to the computers of the Organization for Prohibition of Chemical Weapons, was an attempt at drawing clearer lines.

But it was barely a start. The Russians in this case gave them a lot of help in what looks like shocking operational security on behalf of the GRU military intelligence agency. The GRU agents were sent to the Netherlands without cover stories, caught with surveillance equipment in their car and carrying passports, receipts and mobile phones that were easily traced back to headquarters in Moscow. All it took was a google search to discover that one of the arrested agents had posted a document online identifying himself as a former student of a cyber department at a Russian military academy.

The incredible amateurishness of what was once regarded as a world leader of espionage points to another weak spot of cyberwarfare. It seems to be much easier to teach youngsters how to hack computers (if they haven’t already taught themselves) than to observe the most rudimentary tradecraft while operating in target countries against hostile security agencies. Israel’s spy services learned the same lesson the hard way, a number of times in the past – swiftly expanding operations and recruiting large numbers of operatives comes at a price in unprofessionalism and embarrassing disclosures.

Part of the Russians’ problem seems linked also to the rivalries in the circle around President Vladimir Putin. Competing intelligence agencies, hangers-on and freelancers all want to prove their worth. Not all the Russian cyber operations are coordinated. Sometimes they even succeed beyond expectations, as happened with the various operations that took place during the U.S. presidential election. The Russians just wanted to mess things up a bit for Hillary Clinton and disrupt the democratic process. They probably never imagined that they could actually contribute to Donald Trump’s unimaginable victory.

But Trump is now president and his obvious reluctance to blame Russia for its cyber campaign against the West (he prefers to focus attention on China’s impressive cyber operations, which, according to a Bloomberg report Thursday, included the planting of a surveillance microchip in motherboards installed in American computers), is forcing other governments to work on their own.

The public expulsion of the Russian agents from the Netherlands (it’s unclear whether they all had diplomatic immunity and why they were not charged), is an escalation, but not yet a fully coordinated counter-campaign.

Without serious backing from the White House, the U.S. intelligence and law enforcement agencies have to make do with individual indictments against Russian operatives, as the U.S. Department of Justice did Thursday against seven GRU agents who are accused of hacking, among other targets, the computers of anti-doping agencies.

This will have been another operation for Putin, who was personally offended by the banning of hundreds of Russian athletes from international competitions after they took part in the wholesale use of performance-enhancing drugs, under the auspices of his protégé, deputy prime minister and former sports minister Vitaly Mutko.

The seven suspects are accused of also hacking a nuclear research facility and the computers of investigators of the downing of a Malaysian airliner by a Russian missile, over Ukraine in 2014. Three of the seven have already been separately indicted for hacking the Democrats during the election.

But the indictments of agents living safely, who are unlikely ever to stand before a court, will do little to deter future attacks and cannot replace more serious Western action. The Russians and the Chinese have so many convenient targets – even if training hackers capable of covering their footsteps takes longer than expected.