Russian hackers are linked to new Brexit leak website, Google says

The website – titled ‘Very English State Coop’ – says it has published private emails from former British spymaster Richard Dearlove, leading Brexit campaigner Gisela Stuart, pro-Brexit historian Robert Tombs and other supporters of Britain’s divorce from the EU, which was finalized in January 2020.

The site claims they are part of a group of extremist pro-Brexit figures who are secretly calling the shots in the UK.

Reuters could not immediately verify the authenticity of the emails, but two victims of the leak on Wednesday confirmed they were targeted by hackers and blamed the Russian government.

“I am well aware of a Russian operation against a Proton account that contained emails to and from me,” Dearlove said, referring to privacy-focused email service ProtonMail.

Dearlove, who ran Britain’s foreign spy service – known as MI6 – between 1999 and 2004, told Reuters the leaked information should be treated with caution given “the context of the current crisis in relations with Russia”.

Tombs said in an email that he and his colleagues were “aware of this Russian misinformation based on illegal piracy.” He declined to comment further. Stuart, who chaired Britain’s Vote Leave campaign in 2016, did not return emails.

Shane Huntley, who heads Google’s threat analysis group, told Reuters the ‘English Coop’ website was linked to what the Alphabet Inc-owned company called ‘Cold River’, a UK-based hacking group. Russia.

“We are able to see this through technical indicators,” Huntley said.

Huntley said the whole operation – from the attempts to hack Cold River to the release of the leaks – had “clear technical connections” between them.

Russian embassies in London and Washington did not return emails seeking comment.

The UK Foreign Office, which handles media inquiries for MI6, declined to comment. Other Brexit supporters whose emails were believed to be on the site also did not respond to emails.

How the emails were obtained is unknown and the website hosting them made no effort to explain who was behind the leak. The leaked messages appear to have been primarily exchanged using ProtonMail. ProtonMail declined to comment.

Reuters was unable to independently verify Google’s assessment of a Russian link to the website, but Thomas Rid, a cybersecurity expert at Johns Hopkins University, said the site recalled operations of past hacks and leaks attributed to Russian hackers.

“What jumps out at me is how similar the MO is to Guccifer 2 and DCLeaks,” he said, referring to two of the sites that leaked stolen emails to Democrats ahead of the 2016 US presidential election.

“It feels very familiar in some ways, including the lack of rigor,” he said.

If the leaked messages are in fact genuine, it would be the second time in three years that suspected Kremlin spies have stolen private emails from a senior British national security official and published them online.

In 2019, classified US-UK trade documents were leaked ahead of the UK election after they were stolen from former trade minister Liam Fox’s email account, Reuters previously reported. British officials have never confirmed details of the operation, but then British Foreign Secretary Dominic Raab said the hack and leak were an effort by the Kremlin to interfere in the election British, a charge that Moscow has denied.

The English Coop site makes various allegations, including that Dearlove was at the center of a plot by Brexit hardliners to oust former British Prime Minister Theresa May, who negotiated a withdrawal agreement with the European Union in early 2019, and replace it with Johnson, who has taken a more intransigent position.

Dearlove said the emails described a “legitimate lobbying exercise which, when viewed through this adversarial lens, is now subject to distortion.”

He declined to comment further.

Johnson, who took over in May later in 2019, took a tough stance on Russia’s invasion of Ukraine, committing hundreds of millions of dollars worth of military equipment to the government in Kyiv. In April, Johnson traveled to the capital for a televised walk with Ukrainian President Volodymyr Zelensky.

Johnson was officially banned from Russian soil on April 16. Internet domain records show that the “Coop” website was registered three days later. Its URL included the words “sneaky strawhead” in an apparent swipe at Johnson’s tousled hairstyle.

Rid said that while journalists should not shy away from covering authenticated information exposed by the leak, they should still be very careful.

“If the leak contains any newsworthy details, then it’s also newsworthy to point out that the material comes from a conflicting intelligence agency, particularly in times of war,” Rid said.

About William G. Patrick

Check Also

Upcoming ‘Made in Bangladesh Week’ gets a new website

The official website of “Made in Bangladesh Week” has been launched, containing detailed information about …