UK sanctions Russian intelligence agents for cyber espionage attacks
The British government has today sanctioned two Russian intelligence operatives responsible for a co-ordinated cyber espionage attack on MPs, academics, journalists, public sector bodies and NGOs.
I was one of their victims. In May 2022 a secure email account belonging to me was hacked, and a series of fake and defamatory smears were spread, using its purported contents.
This was not just a criminal cyber-attack. As the UK makes clear today, it was part of a “cyber espionage operation” conducted by a hostile state— involving not only a security breach but a co-ordinated, multi-year exploitation strategy, designed to interfere with our democracy.
At the time, I was told by those investigating my breach that it was likely perpetrated by SEABORGIUM/COLDRIVER — a group linked to Russian intelligence, which has a record of creating “tainted leaks”, using edited, distorted and faked content. However, they indicated that a very high bar was needed to attribute the attack to Russia.
Today the British government formally attributed the attack to the Russian intelligence agency FSB, and its cyber-ops sub-section, the 18th Centre.
- A case study of the tainted leak methodology, where content is altered to create a hostile narrative, was published by CitizenLab.
- A review of the attackers’ methodology was published by Microsoft.
- The NCSC has also published updates for those at risk.
I have no doubt why I was attacked: for my role in building solidarity with Ukraine, and for my investigative reporting on Russian/Chinese influence operations targeting the British left.
I am proud to say that, through the work of myself and others, the efforts of those trying to stop Britain supplying arms to Ukraine have been left in disarray.
I would like to thank the National Cyber Security Centre, the National Crime Agency and the Foreign Office for their work in response to this attack. Thanks also to CitizenLab, whose expertise in understanding the methodology of the breach was invaluable. Also thanks to those in the legal profession who worked pro bono on my behalf.
Use the law
With the National Security Act 2023, the UK now has clear and tightly defined laws to prosecute those who intentionally aid foreign information manipulation and interference (FIMI) operations. I hope to see the law used to deter and disrupt such attacks in future.
With the UK general election coming I have no doubt that there will be more such attacks. Russia, China and Iran each have skin in the game of sowing disinformation and division, discrediting those who criticise their regimes, and boosting their UK political proxies — which there are now, sadly, several of.
There are wider lessons to be learned. It’s clear that any journalist, politician or NGO involved in tracking Russian influence and disinformation is considered a target by the Kremlin and its proxies.
Technically, there are suggestions of how to mitigate the risks in the NCSC updates.
Professionally, journalists need to consider how to build stronger safeguards for those at risk, especially those working freelance, without the protection of corporate cyber-security and legal teams.
Politically, we need a militant democracy prepared to use the full force of the law to disrupt hostile information operations. By attributing this attack, I hope the UK government is taking a step in that direction.
Paul Mason 7 December 2023