Pages

16 July 2018

The growing power and influence of Russia’s military intelligence agency, the GRU

Andrew E. Kramer

MOSCOW — The Russian intelligence officers indicted on Friday by the United States special counsel, Robert S. Mueller III, served in a branch of the Russian military formerly known as the G.R.U., which has been linked in recent years to a number of increasingly bold, even reckless operations abroad. The organization is Russia’s largest military intelligence agency and is one of several groups authorized to spy for the Russian government, alongside successor agencies to the K.G.B. Though the G.R.U. has been the target of sanctions by the United States government numerous times, including in connection with hacking in the 2016 presidential election, the indictments filed by Mr. Mueller’s office are the first criminal charges leveled against Russian government officials for election meddling.


A previous indictment the financier and employees of a nominally private internet troll farm based in St. Petersburg.

Though still commonly referred to as the G.R.U., or Main Intelligence Directorate, the agency in 2010 changed its name to the Main Directorate, or G.U. As before, it is subordinate to the Russian military command.

From the shooting down of a civilian airliner over Ukraine to operations in Syria and the United States electoral hacking, the organization’s recent history has been entangled with some of Russia’s most contentious actions, analysts and security researchers say.

The indictment unsealed on Friday singled out two signals intelligence -units focused on computer espionage — one based near Gorky Park in central Moscow and the other in an outlying district near a shopping mall.

“These units conducted large-scale cyber operations to interfere with the 2016 U.S. presidential election,” according to the indictment.

One officer identified in the indictment, Viktor B. Netyksho, the leader of a unit that hacked the Democratic National Committee, has the same name as an individual who for years studied computer science and published an academic thesis and at least one scientific paper.

The 2003 thesis was presented to an academy affiliated with the F.S.B., Russia’s domestic intelligence agency, that studies cryptography. It related to a field of mathematics known as nonlinear, or Boolean, equations.

United States intelligence agencies had already concluded “with high confidence” that the G.R.U. created an online persona called Guccifer 2.0 and a website, DCLeaks.com, to release emails stolen from the Democratic National Committee and the chairman of the Clinton campaign, John D. Podesta, before the 2016 presidential election.

The G.R.U. chief, Igor V. Korobov, and three of his deputies were the first Russian officials to face sanctions by the Obama administration in December 2016, for interfering in the elections. In March, the Treasury Department announced new sanctions against the G.R.U. and Mr. Korobov.

The initial sanctions under the Obama administration also targeted a deputy commander of the G.R.U., Sergei A. Gizunov. Not mentioned at the time was Mr. Gizunov’s ties to a group within the G.R.U., Unit 26165, that the Friday indictment described as pivotal in the hacking of the Democratic National Committee.

Mr. Gizunov was a former commander of this unit, according to a 2009 report in a government newspaper, Rossiyskaya Gazeta, that announced Mr. Gizunov had won a state prize in science.

On Friday, Michael McFaul, a former United States ambassador to Russia, wrote on Twitter: “I’m very impressed that Mueller was able to name the 12 GRU officers in the new indictment. Demonstrates the incredible capabilities of our intelligence community.”

The United States Congress has also had its sights on Russian military intelligence. In August 2017, it expanded the Obama administration sanctions to target two additional military intelligence officers in a sanctions bill.

The agency, according to a Treasury Department statement, has been “directly involved in interfering in the 2016 U.S. election through cyber-enabled activities,” as well as a 2017 NotPetya cyber attack, which caused billions of dollars in losses across Europe, Asia and the United States, disrupted global shipping and trade, and knocked several major hospitals offline.

Inside Russia, one of the two units cited in Friday’s indictment, Unit 26165, had a reputation as an elite group. In 2016, Vzglyad, an online news portal, described members of the unit as being “able to decipher any code within three minutes and re-encrypt it without breaking away from writing a doctoral dissertation on quantum physics.”

The European Union sanctioned a key Russian identified as a G.R.U. officer in relation to Russia’s military incursion in eastern Ukraine under the guise of patriotic volunteers. Igor V. Girkin, under the nickname Igor Strelkov, or Igor the Shooter, led the seizure of the Ukrainian town of Slovyansk in 2014.

Bellingcat, a group conducting open source research on the Ukrainian conflict, has identified the Russian military officer who shot down Malaysia Airline flight 17 in 2014 as a member of the G.R.U.

Earlier this year, the United States imposed sanctions against the G.R.U. for violating the Iran, North Korea, and Syria Nonproliferation Act, which prohibits entities from providing equipment or technology that can be used in manufacturing weapons of mass destruction or ballistic missile systems. This is likely for operations in Syria, where G.R.U. commandos, or Spetsnaz, have been instrumental in the fight against the Islamic State and played a critical role in regaining cities like Aleppo and Palmyra for the Assad government.

Like the Spetsnaz, the military’s signals intelligence units have a storied history stretching deep into the Cold War.

A Russian history book, “Security Systems of the U.S.S.R.,” published in 2013, identified the origins of Unit 26165 in the Cold War, when it was established as a signals decrypting office for the Soviet military. The unit, according to this history, was based in the same building identified in the indictments released on Friday as its base today, in central Moscow.

Mr. Gizunov’s name also surfaced as a central figure in a recent dispute between military intelligence and the main successor agency to the K.G.B., the F.S.B. It is an old rivalry that re-appeared during the electoral hack, Crowd Strike, the cyber security company hired by the Democratic Party, has suggested. Crowd Strike reported that both military intelligence and the F.S.B. hacked the DNC servers, possibly without knowledge of the others’ actions.

A year later, in 2017, Mr. Gizunov, the former director of Unit 26165, used military intelligence agents to unravel a F.S.B. cyber operation that had focused on Ukraine and domestic issues, Russian media have reported. The military agents reportedly disclosed links between a cybercrime ring known as Shaltai-Boltai, or Humpty Dumpty, and the F.S.B.’s cyber unit, the Center for Information Security.

No comments:

Post a Comment