all repos — site @ 40f93d1be10c58d89c99bb65420ac932669fd099

source for my site, found at icyphox.sh

pages/txt/ru-vs-gb (view raw)

  1This entire sequence of events begins with the attempted poisoning of
  2Sergei Skripal[^1], an ex-GRU officer who was a double-agent for the
  3UK's intelligence services. This hit attempt happened on the 4th of
  4March, 2018. 8 days later, then-Prime Minister Theresa May formally
  5accused Russia for the attack.
  6
  7The toxin used in the poisoning was a nerve agent called *Novichok*. In
  8addition to the British military-research facility at Porton Down, a
  9small number of labs around the world were tasked with confirming Porton
 10Down's conclusions on the toxin that was used, by the OPCW (Organisation
 11for the Prohibition of Chemical Weapons).
 12
 13With the background on the matter out of the way, here are the different
 14instances of well timed disinformation pushed out by Moscow.
 15
 16The Russian offense
 17-------------------
 18
 19### April 14, 2018
 20
 21-   RT published an article claiming that Spiez had identified a
 22    different toxin---BZ, and not Novichok.
 23-   This was an attempt to shift the blame from Russia (origin of
 24    Novichok), to NATO countries, where it was apparently in use.
 25-   Most viral piece on the matter in all of 2018.
 26
 27Although technically correct, this isn't the entire truth. As part of
 28protocol, the OPCW added a new substance to the sample as a test. If any
 29of the labs failed to identify this substance, their findings were
 30deemed untrustworthy. This toxin was a derivative of BZ.
 31
 32Here are a few interesting things to note:
 33
 341.  The entire process starting with the OPCW and the labs is
 35    top-secret. How did Russia even know Speiz was one of the labs?
 362.  On April 11th, the OPCW mentioned BZ in a report confirming Porton
 37    Down's findings. Note that Russia is a part of OPCW, and are fully
 38    aware of the quality control measures in place. Surely they knew
 39    about the reason for BZ's use?
 40
 41Regardless, the Russian version of the story spread fast. They cashed in
 42on two major factors to plant this disinfo:
 43
 441.  "NATO bad" : Overused, but surprisingly works. People love a story
 45    that goes full 180°.
 462.  Spiez can't defend itself: At the risk of revealing that it was one
 47    of the facilities testing the toxin, Spiez was only able to "not
 48    comment".
 49
 50### April 3, 2018
 51
 52-   The Independent publishes a story based on an interview with the
 53    chief executive of Porton Down, Gary Aitkenhead.
 54-   Aitkenhead says they've identified Novichok but "have not identified
 55    the precise source".
 56-   Days earlier, Boris Johnson (then-Foreign Secretary) claimed that
 57    Porton Down confirmed the origin of the toxin to be Russia.
 58-   This discrepancy was immediately promoted by Moscow, and its network
 59    all over.
 60
 61This one is especially interesting because of how *simple* it is to
 62exploit a small contradiction, that could've been an honest mistake.
 63This episode is also interesting because the British actually attempted
 64damage control this time. Porton Down tried to clarify Aitkenhead's
 65statement via a tweet[^2]:
 66
 67> Our experts have precisely identified the nerve agent as a Novichok.
 68> It is not, and has never been, our responsibility to confirm the
 69> source of the agent @skynews @UKmoments
 70
 71Quoting the [Defense
 72One](https://www.defenseone.com/threats/2019/12/britains-secret-war-russia/161665/)
 73article on the matter:
 74
 75> The episode is seen by those inside Britain's security communications
 76> team as the most serious misstep of the crisis, which for a period
 77> caused real concern. U.K. officials told me that, in hindsight,
 78> Aikenhead could never have blamed Russia directly, because that was
 79> not his job---all he was qualified to do was identify the chemical.
 80> Johnson, in going too far, was more damaging. Two years on, he is now
 81> prime minister.
 82
 83### May 2018
 84
 85-   OPCW facilities receive an email from Spiez inviting them to a
 86    conference.
 87-   The conference itself is real, and has been organized before.
 88-   The email however, was not---attached was a Word document containing
 89    malware.
 90-   Also seen were inconsistencies in the email formatting, from what
 91    was normal.
 92
 93This spearphishing campaign was never offically attributed to Moscow,
 94but there are a lot of tells here that point to it being the work of a
 95state actor:
 96
 971.  Attack targetting a specific group of individuals.
 982.  Relatively high level of sophistication---email formatting,
 99    malicious Word doc, etc.
100
101However, the British NCSC have deemed with "high confidence" that the
102attack was perpetrated by GRU. In the UK intelligence parlance, "highly
103likely" / "high confidence" usually means "definitely".
104
105Britain's defense
106-----------------
107
108### September 5, 2018
109
110The UK took a lot of hits in 2018, but they eventually came back:
111
112-   Metropolitan Police has a meeting with the press, releasing their
113    findings.
114-   CCTV footage showing the two Russian hitmen was released.
115-   Traces of Novichok identified in their hotel room.
116
117This sudden news explosion from Britan's side completely bulldozed the
118information space pertaining to the entire event. According to Defense
119One:
120
121> Only two of the 10 most viral stories in the weeks following the
122> announcement were sympathetic to Russia, according to NewsWhip.
123> Finally, officials recalled, it felt as though the U.K. was the
124> aggressor. "This was all kept secret to put the Russians on the hop,"
125> one told me. "Their response was all over the place from this point.
126> It was the turning point."
127
128Earlier in April, 4 GRU agents were arrested in the Netherlands, who
129were there to execute a cyber operation against the OPCW (located in The
130Hague), via their WiFi networks. They were arrested by Dutch security,
131and later identifed as belonging to Unit 26165. They also seized a bunch
132of equipment from the room and their car.
133
134> The abandoned equipment revealed that the GRU unit involved had sent
135> officers around the world to conduct similar cyberattacks. They had
136> been in Malaysia trying to steal information about the investigation
137> into the downed Malaysia Airlines Flight 17, and at a hotel in
138> Lausanne, Switzerland, where a World Anti-Doping Agency (WADA)
139> conference was taking place as Russia faced sanctions from the
140> International Olympic Committee. Britain has said that the same GRU
141> unit attempted to compromise Foreign Office and Porton Down computer
142> systems after the Skripal poisoning.
143
144### October 4, 2018
145
146UK made the arrests public, published a list of infractions commited by
147Russia, along with the specific GRU unit that was caught.
148
149During this period, just one of the top 25 viral stories was from a
150pro-Russian outlet, RT---that too a fairly straightforward piece.
151
152Wrapping up
153-----------
154
155As with conventional warfare, it's hard to determine who won. Britain
156may have had the last blow, but Moscow---yet again---depicted their
157finesse in information warfare. Their ability to seize unexpected
158openings, gather intel to facilitate their disinformation campaigns, and
159their cyber capabilities makes them a formidable threat.
160
1612020 will be fun, to say the least.
162
163[^1]: https://en.wikipedia.org/wiki/Sergei\_Skripal
164
165[^2]: https://twitter.com/dstlmod/status/981220158680260613