In today's edition of "The GRU don't need no stinkin' tradecraft", which is becoming a #counterintelligence tradition, we have the UK charging of the 2 GRU officers who carried out the Skripal attack. Here's the timeline assembled by Scotland Yard. /1 news.met.police.uk/news/counter-t…
This thread by @BBCDomC lays out the movements and footage described the Met in a very digestible thread. I highly recommend taking a look at it for reference alongside the Met's dry recitation of same. /2
The amount of detail and evidence the Met amassed about these officers' (Petrov & Boshirov) movements recalls the exposure of the Mossad operation that killed Mahmoud Al-Mabhouh in Dubai. This feels very much like that, which should embarrass the GRU. /3 spiegel.de/international/…
PM May's statement in Parliament on did a lot in few words. She tied the individuals to the GRU, said the op would've had to be approved at senior levels outside of GRU (echoing the language re: Putin in the Litvinenko Inquiry), & brought in Interpol. /4 bbc.co.uk/news/uk-454214…
NYT's coverage expanded further on May's remarks, which put this case in the broader context of the GRU's high profile operational successes & failures that have usually been blown by bad luck and worse OPSEC. /5 nytimes.com/2018/09/05/wor…
As I've said, the GRU is probably the subject of mixed feelings in the Kremlin right now. Unlike some of the other GRU OPSEC failures I've talked about, Putin had to know this attack would come back to Russia/GRU/the Kremlin. The choice of weapon & target made that inevitable. /6
But the fact that the GRU officers are getting publicly raked over the coals the way the Mossad operators involved in the Al-Mabhouh hit were does make the GRU look less than competent - which to Putin makes Russia look less than competent. He hates that. /7
Other outlets have already been able to dig up even more on Petrov & Boshirov, including the use of passports in those names throughout Europe. The West & the press now get to dissect two GRU officers at will, twisting the knife ad nauseam. /8
Remember that Putin is a Chekist: he served in the KGB's First & Second Chief Directorates, was FSB Director from 1998-1999, and his favorite service these days is the FSB. As a Chekist, he was professionally shaped in a culture that derided and looked down on the GRU. /9
Therefore, this litany of GRU screw-ups or blown operations speaks to Putin's innately held biases against the GRU and runs counter to the GRU's narrative of "Look how well we've done in Ukraine and Syria and the US election!". It's all grist for the FSB's mill. /10
All that said, this case is less likely to earn Putin's ire than other failures (like the Mueller indictments or Montenegro) because given the brazenness of the operation Putin would've known and accepted this was all possible if not likely. But still not great timing for GRU /11
What's now more than likely is that, in order to save face, Putin's apparatus will lionize these officers the same way that Litvinenko's killers were. The idea that we might see these guys in the Duma isn't really off the mark. /12
Privately, I am less sure that the GRU as an organization will benefit from this. I think overall, this is another bruise for the boys in the Aquarium and the FSB will probably try to take advantage of that. Time will tell how bad of a bruise it really is. /13~
• • •
Missing some Tweet in this thread? You can try to
force a refresh
John is right: if the intent of this disrupted black-bag job against the Spiez lab really was sabotage as opposed to espionage, it raises some curious potentialities about Russian motives. In a midnight analysis, it feels to me vaguely like some kind of desperation. 1/9
In my mind, the question is: what would make the increasing aggressive Russian services - in this case (apparently) the GRU - feel its necessary to engage in this particularly high-risk type of operation against a very hard target like a leading government CBRN facility? 2/9
I cannot overstate that deploying operators equipped with cyber sabotage tools to get physical/close, access to the networks of a Swiss chemical weapons laboratory when your service is already under scrutiny after a failed operation = just about all the moving parts. 3/9
To be very clear: I think that the “GRU are clowns” narrative is that is emerging is counterproductive and ill-informed. But I believe GRU’s aggressive “can do at all costs” attitude appears to have had a trending negative impact on the quality of its tradecraft. /1
Major data points that I think support this argument include the failed coup in Montenegro, the activity covered in the Mueller indictments, and the Skripal attack. Each presents it’s own examples of some subpar tradecraft and each has created substantive blowback. /2
As @jckichen has noted, tradecraft is not monolithic & should not be expected to applied equally/evenly throughout a given operation or across multiple operations. But I think these cases each had instances of subpar tradecraft that have since proven to be consequential. /3
In furtherance of the #counterintelligence discussion around the GRU and its competency, I want to address some recent reporting and analysis. Two articles - and one shared question - come to mind. /1
The 1st article takes the kind of argument I've made - the GRU has been sloppy resulting even successes generating some effects one would associate with qualified failures - and runs with it to the extreme. /2 bloomberg.com/view/articles/…
I have done my best to put as much nuance into my threads on this. I don't think so much that the GRU is incompetent (they have achieved numerous significant mission objectives) as that their tradecraft and OPSEC leaves much to desired, with that likely hurting them w/ Putin. /3
A #counterintelligence thread in the sense that I'm analyzing a foreign intelligence situation: I've been reading some very interesting analyses on the #Zakharchenko assassination and it's gotten me thinking about how this incident may or may not relate to FSB's role in Donbas /1
The first analysis I found useful was from @MarkGaleotti, and it emphasizes that it is doubtful that #Zakharchenko's death is move the situation towards peace. He mentions Dmitry Trapeznikov and Denis Pushilin as possible successors. /2 themoscowtimes.com/articles/war-p…
This article mentioned the thread I'm going to be pulling on here: the fact that #Zakharchenko and Alexander Timofeev, Z's tax minister sidekick who was injured in the blast, orchestrated the takeover of major illegal economies in Donbas - putting targets on their backs. /3
Active measures pivot: Microsoft indicates that the APT28/GRU has tried to spoof the websites of conservative think tanks known for advocating democracy promotion, examining corruption, and/or criticism of Trump. My #counterintelligence commentary /1 nytimes.com/2018/08/21/us/…
NYT has this right "The shift to attacking conservative think tanks underscores the Russian intelligence agency’s goals: to disrupt any institutions challenging Moscow and President Vladimir V. Putin of Russia." Russia doesn't care about our partisanship except to exploit it. /2
GRU needs to be doing something different to earn favor in the Kremlin right now. I recently explored how they are definitely not on Putin's good side these days (see included thread), and while this isn't "new" it is still a change of tact. /3
So I tried to make dankness while the sun shown about the newest sanctions that are going to hit Russia (delayed as they might be), but I'd like to take a moment to seriously address just how bad this all is for the GRU. #counterintelligence /1 nytimes.com/2018/08/09/wor…
The GRU's poor OPSEC has been a consistent driver among the naming-&-shaming and sanctions against Russia lately. Going all the way back to 2014, GRU - which has never been the most OPSEC conscious outfit - has been in the spotlight as Russia's primary meddling instrument. /2
Let's leave aside the ~2014 stuff about Crimea and Donbas because I have other work to do and focus on the more recent stuff. First, the identification of GRU as behind the Novichok attack in the UK was a double-edged sword for them. On one hand, it creates fear (Putin likey) /3