Netherlands Defence Intelligence and Security Service Disrupts Russian Cyber Operation Targeting OPCW
(Source: Dutch Ministry of Defence; issued Oct. 04, 2018)
The four agents of Russia’s military intelligence service, GRU, arrive at Amsterdam’s Schipol airport to hack the Organisation for the Prohibition of Chemical Weapons (OPCW) in The Hague. They were later arrested and deported. (Dutch MoD photo)
On 13 April 2018, with support from the Netherlands General Intelligence and Security Service and UK counterparts, the Netherlands Defence Intelligence and Security Service (DISS) disrupted a cyber operation being carried out by a Russian military intelligence (GRU) team. The Russian operation had targeted the Organisation for the Prohibition of Chemical Weapons (OPCW) in The Hague.

To conduct their operation, 4 Russian intelligence officers had set up specialised equipment in the vicinity of the OPCW offices and were preparing to hack into OPCW networks.

As host country, the Netherlands bears responsibility for ensuring the organisation’s security. In order to protect the security of the OPCW it therefore pre-empted the GRU operation and escorted the Russian intelligence officers out of the country.

“The cyber operation targeting the OPCW is unacceptable. Our exposure of this Russian operation is intended as an unambiguous message that the Russian Federation must refrain from such actions,” said Defence Minister Ank Bijleveld in her response. “The OPCW is a respected international institution representing 193 nations around the globe and was established to rid the world of chemical weapons. The Netherlands is responsible for protecting international organisations within its borders, and that is what we have done.”

Equipment

The 4 Russian intelligence officers entered the Netherlands via Schiphol Airport, travelling on diplomatic passports. They subsequently hired a car which they positioned in the parking lot of the Marriot Hotel in The Hague, which is adjacent to the OPCW offices.

Equipment was set up in the boot of the car with which the officers intended to hack into wifi networks and which was installed for the purpose of infiltrating the OPCW’s network. The antenna for this equipment lay hidden under a jacket on the rear shelf and the equipment was operational when DISS interrupted the operation.

“Digital manipulation and sabotage pose a serious threat. Today, we have shown that the ongoing threat posed by the GRU extends into the Netherlands to affect international organisations that have their offices here,” said the director of DISS, Major General Onno Eichelsheim. “It is therefore vitally important that we deflect this threat – which we did. I am proud of our intelligence personnel,” he concluded.

Further investigation revealed that one of the Russian intelligence officers operating in the Netherlands had also been active in Malaysia, targeting the investigation of the crash of Malaysia Airlines flight MH17.

Bijleveld adds, “We had previously informed the Dutch House of Representatives of the Russian Federation’s interest in the MH17 investigation. As we stated earlier, manipulation and influencing are among the potential threats to the MH17 investigation. All of the organisations involved in the criminal investigation into the MH17 crash are aware of the digital threats that they face and have taken appropriate measures to address these threats.”

Only rarely are the findings of intelligence services brought to the attention of the public. The Cabinet has, in this case, taken the deliberate step of exposing this operation and, by extension, the Russian intelligence officers involved in it, since this will hamper any further attempts by them to operate internationally.

Undermined

“Any incident in which the integrity of international organisations is undermined is unacceptable,” stresses Bijleveld. “We have therefore summoned the Russian ambassador to remind him of this.” The Netherlands shares the concerns of other international partners regarding the damaging and undermining the GRU’s actions. It supports the conclusion, presented today by the UK, that GRU cyber operations such as this one undermine the international rule of law.

Today, the US publicly brings charges against a number of Russian intelligence officers. On 6 August 2018 the US Department of Justice submitted a request for legal assistance to the Dutch Public Prosecutor’s office in connection with a criminal investigation into unauthorised Russian cyber operations.

In response to this request, the Public Prosecutor supplied information based on an official report by DISS as well as launching its own investigation.


Click here for a presentation (35 PDF pages) of the operation used during an Oct. 04 press conference by the Dutch Ministry of Defence.


Click here for remarks by the Dutch Minister of Defence during an October 4 press conference in The Hague on the disruption of the Russian cyber operation (6 PCF pages)

(ends)



Joint Statement by Prime Minister May and Prime Minister Rutte on Cyber Activities of the Russian Military Intelligence Service, the GRU
(Source: Netherlands Government; issued Oct 04, 2018)
We have, with the operations exposed today, further shone a light on the unacceptable cyber activities of the Russian military intelligence service, the GRU. It has targeted institutions across the world, including the Organisation for Prohibition of Chemical Weapons (OPCW) in The Hague.

This attempt, to access the secure systems of an international organisation working to rid the world of chemical weapons, demonstrates again the GRU's disregard for the global values and rules that keep us all safe.

The GRU's reckless operations stretch from destructive cyber activity to the use of illegal nerve agents, as we saw in Salisbury. That attack left four people fighting for their lives and one woman dead.

Our action today reinforces the clear message from the international community; We will uphold the rules-based international system, and defend international institutions from those that seek to do them harm.

(ends)
Statement by NATO Secretary General Jens Stoltenberg on Russian Cyber Attacks
(Source: North Atlantic Treaty Organization; issued Oct 04, 2018)
The Netherlands briefed NATO Defence Ministers today on the targeting of the offices of the Organisation for the Prohibition of Chemical Weapons (OPCW) in The Hague by a hostile cyber operation.

The operation was carried out by the GRU, the Russian military intelligence service, but was disrupted by Dutch intelligence services in partnership with the UK. Moreover, the UK has identified the GRU as being behind a number of other cyber-attacks around the world. These have affected citizens in many countries, including Russia, and caused enormous economic costs.

NATO Allies stand in solidarity with the decision by the Dutch and British governments to call out Russia on its blatant attempts to undermine international law and institutions. Russia must stop its reckless pattern of behaviour, including the use of force against its neighbours, attempted interference in election processes, and widespread disinformation campaigns.

In response, NATO will continue to strengthen its defence and deterrence to deal with hybrid threats, including in the cyber domain. Today, Defence Ministers discussed the progress we are making in setting up a new Cyber Operations Centre, integrating national cyber capabilities into our missions and operations, and bolstering our cyber resilience.

-ends-




prev next

Official reports See all