Britain has carried a series of covert attacks on Russia‘s leaders and their allies, the former cabinet secretary has disclosed.
Lord Sedwill said the UK Government had launched cyber attacks to punish President Vladimir Putin and his senior allies.
He said the aim of such actions had been to ‘impose a price greater than one they might have expected’ in response to aggressive Russian behaviour.
The UK had sought to exploit Moscow’s ‘vulnerabilities’, Lord Sedwill added, including through the deployment of its recently-declared offensive cyber-capability.
Speaking to Times Radio, he said: ‘Russia is operating in what the aficionados call grey space, that gap between normal state relations and armed conflict, with cyber attacks, information warfare and disruption campaigns.
‘It is important that we are capable of manoeuvring in the grey space and doing so effectively. We can’t leave the initiative to our adversaries.’
His disclosure comes after a highly critical report in July by the parliamentary Intelligence and Security Committee said the Government had ‘badly underestimated’ the threat from Russia.
Lord Sedwill said the UK Government had launched cyber attacks to punish President Vladimir Putin and his senior allies
The UK had sought to exploit Moscow’s ‘vulnerabilities’, Lord Sedwill added, including through the deployment of its recently-declared offensive cyber-capability
Lord Sedwill said the occasions when the Government took such covert action included the 2018 Salisbury poisoning of former Russian intelligence officer, Sergei Skripal, and his daughter, Yulia, using a Russian-developed Novichok nerve agent
The committee said ministers were ‘playing catch-up’ and needed to take ‘immediate action’ to counter Russian actions.
Lord Sedwill, also Boris Johnson’s national security adviser until last month, said the measures included actions against ‘illicit’ money flowing out of Russia.
Britain’s charge sheet against Russia’s military hackers
The UK Government claims GRU unit GTsST were responsible for:
Winter Olympics, February 2018
GTsST actors launched a significant campaign against the Winter Olympic games, which included the use of Olympic Destroyer malware. This malware targeted the Winter Olympic and Paralympic Games;
BlackEnergy, December 2015
Shut off part of Ukraine’s electricity grid, with 230,000 people losing power for up to six hours;
Industroyer, December 2016
Shut off part of Ukraine’s electricity grid, also known as CrashOverride. It resulted in a fifth of Kyiv losing power for an hour;
NotPetya, June 2017
Destructive cyber attack targeting the Ukrainian financial, energy and government sectors and affecting other European and Russian businesses;
BadRabbit, October 2017
Ransomware encrypted hard drives and rendered IT inoperable. This caused disruption including to the Kyiv metro, Odessa airport, Russia’s central bank and two Russian media outlets;
VPNfilter, October 2017
VPNFILTER malware infected thousands of home and small business routers and network devices worldwide. The infection potentially allowed attackers to control infected devices, render them inoperable and intercept or block network traffic;
DSTL, April 2018
The GRU attempted to use its cyber capabilities to gain access to the UK’s Defence and Science Technology Laboratory computer systems;
FCO, March 2018
The GRU attempted to compromise the UK Foreign and Commonwealth Office (FCO) computer systems via a spearphishing attack;
Georgia, October 2019
The GRU carried out large scale disruptive cyber-attacks against Georgian web hosting providers that resulted in widespread defacement of websites, including sites belonging to the Georgian Government, courts, NGOs, media and businesses, and also interrupted the service of several national broadcasters
He said the occasions when the Government took such covert action included the 2018 Salisbury poisoning of former Russian intelligence officer, Sergei Skripal, and his daughter, Yulia, using a Russian-developed Novichok nerve agent.
‘We seek to impose a price greater than one they might have expected when we believe it is right and necessary,’ he said. ‘It does break through from time to time.
‘After the Salisbury attack, the first use of chemical weapons against a country in Europe in a century, we retaliated in visible ways.
‘We expelled the entire Russian intelligence network in the UK.
‘But we also took a series of other discreet measures, including measures tackling some of the illicit money that flows out of Russia, and covert measures, which obviously I can’t talk about as well.’
It comes as British officials revealed that Russian military intelligence officers planned to hack the 2020 Tokyo Olympics while posing as North Korean and Chinese cybercriminals.
They declined to give specific details about the attacks or whether they were successful, but said they had targeted Games organisers, logistics suppliers and sponsors.
The plot to disrupt the Games, postponed due to the coronavirus pandemic, was thwarted by British cybersecurity teams, the UK Foreign Office claimed.
Dominic Raab, the foreign secretary, said: ‘The GRU’s actions against the Olympic and Paralympic Games are cynical and reckless. We condemn them in the strongest possible terms.
‘The UK will continue to work with our allies to call out and counter future malicious cyber attacks.’
The disclosure is designed to cause further embarrassment to President Putin in a strategy to ‘call out’ illegal Russian hacking.
Meanwhile, six Russian military officers have been charged in the US with carrying out ‘cynical and reckless’ global cyber attacks, including attempts to disrupt next year’s Olympic and Paralympic Games in Tokyo.
The US Justice Department said six members of Russia’s GRU military intelligence agency played key roles in attacks on targets including the 2018 Winter Olympics in South Korea and the 2017 French elections.
They were also accused of staging a malware attack called ‘NotPetya’ that infected computers of businesses worldwide causing nearly $1billion in losses.
In addition, they allegedly targeted investigations into the nerve agent poisoning of Russian former double agent Sergei Skripal and his daughter and carried out cyberattacks on media outlets and the parliament in Georgia.
The US Justice Department’s top national security official said the six GRU officers were responsible for ‘the most disruptive and destructive series of computer attacks ever attributed to a single group’.
Assistant Attorney General John Demers claimed members of the same GRU unit have been charged previously with seeking to disrupt the 2016 US elections but there were ‘no election interference allegations’ in this indictment.
FBI Pittsburgh Special Agent in Charge Michael Christman said: ‘These criminals underestimated the power of shared intelligence, resources and expertise through law enforcement, private sector and international partnerships.’
FBI Deputy Director David Bowdich (left) said indictment shows ‘how destructive Russia’s cyber activities truly are’. British Foreign Secretary Dominic Raab (right) condemned Russia’s ‘cynical and reckless’ cyber attacks on the 2020 Tokyo Olympics and 2017 French election
A poster showing six wanted Russian military intelligent officers is displayed before a news conference at the Department of Justice
Russia was banned from the world’s top sporting events for four years in December over widespread doping offences, including the Tokyo Games which were originally scheduled for this year but postponed due to the coronavirus outbreak.
FBI’s ‘most wanted’: The six Russian military officers charged with connection to global cyber attacks
Yuriy Sergeyevich Andrienko
Accused of developing components of the NotPetya and Olympic Destroyer malware;
Sergey Vladimirovich Detistov
Accused of developing components of the NotPetya malware, and preparing spearphishing campaigns targeting the 2018 PyeongChang Winter Olympic Games;
Pavel Valeryevich Frolov
Accused of developing components of the KillDisk and NotPetya malware;
Anatoliy Sergeyevich Kovalev
Accused of developing spearphishing techniques and messages used to target En Marche! officials, employees of the DSTL, members of the IOC and Olympic athletes, and employees of a Georgian media entity;
Artem Valeryevich Ochichenko
Accused of participating in spearphishing campaigns targeting 2018 PyeongChang Winter Olympic Games partners, and conducting technical reconnaissance of the Parliament of Georgia official domain and attempted to gain unauthorised access to its network;
Petr Nikolayevich Pliskin
Accused of developing components of the NotPetya and Olympic Destroyer malware
The attacks on the 2020 Games are the latest in a string of hacking attempts against international sporting organisations that Western officials say have been orchestrated by Russia since its doping scandal erupted five years ago. Moscow has repeatedly denied the allegations.
Britain and the US said those attacks included a hack of the 2018 Winter Olympics opening ceremony in South Korea, which compromised hundreds of computers, took down Internet access and disrupted broadcast feeds.
The attack in South Korea had previously been linked to Russia by cybersecurity researchers but was made to look like the work of Chinese or North Korean hackers, Britain’s foreign ministry said in a statement.
‘The attacks on the 2020 Summer Games are the latest in a campaign of Russian malicious activity against the Olympic and Paralympic Games,’ it said.
‘The UK is confirming for the first time today the extent of GRU targeting of the 2018 Winter Olympic and Paralympic Games in Pyeongchang, Republic of Korea.’
The indictment accuses the defendants, all current and former officers in the GRU, in destructive attacks on Ukraine’s power grid.
It also accuses the officers of involvement in a hack-and-leak effort directed at the political party of French President Emmanuel Macron in the days leading up to the 2017 election.
The controversy known as the ‘Macron Leaks’ was the leak of over 20,000 emails linked to Macron’s campaign in the 2017 election in the days before his victory.
The involvement of bots raised questions about the possible involvement of Vladimir Putin and the Russian Government.
The leaks, which gained huge media attention in France, were shared by WikiLeaks and several Alt-right activists on Twitter, Facebook and others.
The indictment alleges they impeded an investigation into the suspected novichok poisoning of Sergei Skripal and his daughter Yulia in Skripal in 2018.