GRU: Spies Without Borders

Uploaded on 2018-11-26 in INTELLIGENCE--Europe, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW, INTELLIGENCE-Hot Spots-Russia, NEWS-Cybersecurity News

One of the unanswered questions lingering after the unmasking by investigative journalists from Bellingcat of the identities of suspects in the botched-up poisoning of Sergey and Yulia Skripal, is how two (or, likely, more) undercover GRU officers were able to obtain visas to travel to the UK. 

Securing a visa to the UK, as to most of EU destinations, is not a trivial procedure. A single-entry visitor visa is relatively straightforward to procure, it requires either an invitation from a UK resident or business, or a pre-arranged tourist trip.

To get a long-term, multi-entry visa, the kind the two GRU officers are reported to have used, a Russian applicant must go through many more hoops. The visa-seeker must make a convincing case for their need for multiple trips and present evidence for both their steady links to their home country, and their financial capability to sustain themselves in the UK over an extended period. 

The UK consular section makes a concerted effort to validate the data provided by applicants, and is known to reject applicants, even such with a prior multi-entry visa, once they discover an inconsistency in the “back story” presented by a would-be visitor. 

Yet, the non-existent personas “Boshirov” and “Petrov” were apparently able to secure multi-entry visas to the UK, as well as multi-entry Schengen visas, on which they both criss-crossed Europe, visiting the UK at least four times, and repeatedly travelling to at least 7 other EU countries in the period 2014-2018.

Hacking the UK Visa System

As Bellingcat investigators were working on the discovery of real identities of “Boshirov” and “Petrov”, Vadim Mitrofanov, a highly proficient Russian IT specialist awaiting a decision on his family’s asylum request, contacted us with what he thought was a piece of information relevant to the Skripal poisoning case.

Vadim told Bellingcat that two years earlier, in 2016, he had been working as chief technical officer at a company that is providing exclusive visa application processing services to consulates, including the UK consulates in Russia. 

The FSB had planned to use Vadim to try and breach the confidential information flow of visa applicants at the application processing company, as well as to compromise the actual visa issuance system at the British consulate. 

Outsourcing Data Is a Matter of Trust

Nearly a year after he was recruited by the FSB, Vadim arrived in the USA with his family on a visitor’s visa and applied for political asylum for his family and himself. The reason, laid out eloquently in a 10-page deposition to the US authorities, which Bellingcat and the Insider have reviewed, was that, having been forced to collaborate with the FSB, he had ultimately consciously sabotaged their work.

Vadim is a highly trained IT specialist; a graduate of a respectable Moscow engineering university. In 2015, he was working at the Beijing-based global headquarters of TLSContact, a leading provider of IT and logistical services to consulates. 

In short, the company was helping embassies of various countries process huge volumes of visa applications, leaving only the final decision-making, and visa issuance process, to the consulates themselves. In many countries the company is the exclusive outsourcing partner for the consulates of a number of EU countries.

Vadim’s job included designing computer systems in new locations as the company expanded its presence out into more and more countries. He also was also the company’s key specialist in the development of a portable and on-site biometric data collection.

He worked closely with the IT departments of visa sections of EU embassies. In late 2015, Vadim was transferred to the company’s Moscow branch. TLSContact’s Russian office was already providing near-exclusive visa application processing to the UK and Swiss consulates at that time, and it aimed to grow its market share further.

Thwarted Attempts to Escape 

Conscious that he had to play along with the FSB escalating requests, but uneasy with his own forced complicity in breaching the security of his employer, and of foreign embassies, Vadim devised a plan to extricate his family and himself from Russia.

Vadim’s story does not prove conclusively that FSB or any other security agency were successful in breaching the visa issuance system, and thus enabled GRU officers to travel in the UK repeatedly and ultimately conduct an alleged assassination attempt. However, it does indicate the application and methodical tenacity that were applied in trying to compromise the visa protocols. 

Such endeavors are not surprising given that security services need to ensure unimpeded access to various European locations. Absent an alternative explanation as to how these and other GRU officers were able to sneak through the multi-entry visa application filter, Vadim’s experience provides one possible answer. 

After all, Col. Chepiga and Col. Mishkin first traveled to the UK, and Switzerland several months after “Andrei’s initial query to Vadim about the feasibility of trace-free issuance of visas to the UK and Switzerland.

Bellingcat:

You Might Also Read:

What Is The GRU & Who Does It Hack?

Britain Plots Cyber Revenge On Russia For Novichok Poisonings:

 

 

« TalkTalk Hackers Jailed For Attack That Cost £77m
The Way You Walk Will Reveal Your Identity To Surveillance Technology »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DKCERT

DKCERT

DKCERT (Danish Computer Security Incident Response Team) is a service of DeIC (Danish e-Infrastructure Cooperation).

FinalCode

FinalCode

FinalCode offers a file encryption and file-based enterprise digital rights management (eDRM) platform.

ASU Online - Information Technology Program

ASU Online - Information Technology Program

The Information Technology program at ASU Online provides you with the expertise to design, select, implement and administer computer-based information solutions.

ThreatAdvice

ThreatAdvice

ThreatAdvice is a provider of cybersecurity education, awareness and threat intelligence.

National Center for Manufacturing Sciences (NCMS)

National Center for Manufacturing Sciences (NCMS)

NCMS is a cross-industry technology development consortium, dedicated to improving the competitiveness of the US industrial base. Strategic initiatives include industrial cyber security.

XLAB

XLAB

XLAB is an R&D company with a strong research background in the fields of distributed systems, cloud computing, security and dependability of systems.

Telecommunications & Digital Government Regulatory Authority (TDRA) - UAE

Telecommunications & Digital Government Regulatory Authority (TDRA) - UAE

TDRA focuses on regulating the telecommunications sector and enabling government entities in the field of smart transformation. It is responsible for the overall digital infrastructure in the UAE.

Cyber Resilience

Cyber Resilience

Cyber Resilience offer an intensive program designed to help you create strategies to quickly become cyber resilient and to manage cyber risks in a measurable and predictable way.

PreEmptive Solutions

PreEmptive Solutions

PreEmptive Protection hit the sweet spot between cost, convenience and functionality by helping you protect and secure your apps in a smarter way.

BreachLock

BreachLock

Breachlock delivers the most comprehensive Penetration Testing as a Service (PtaaS) powered by Certified Hackers and AI.

Wavex Technology

Wavex Technology

Wavex Technology is an award winning IT Services firm offering clients a secure and fully managed IT service.

Tide Foundation

Tide Foundation

Tide's breakthrough multi-party-cryptography enables TRUE-zero-trust technology that unlocks cyber-herd immunity.

r00tz Asylum

r00tz Asylum

r00tz Asylum is a nonprofit dedicated to teaching kids around the world how to love being white-hat hackers.

Digitale Gründerinitiative Oberpfalz (DGO)

Digitale Gründerinitiative Oberpfalz (DGO)

Digital Founder Initiative Oberpfalz's goal is to build a sustainable start-up culture in the field of digitization throughout the Upper Palatinate district of Bavaria.

Cynical Technology

Cynical Technology

Cynical Technology is a Nepalese cybersecurity company with expertise in security consulting, auditing, testing and compliance.

Hydden

Hydden

Hydden gives security teams the ability to create a solid foundation to build a truly next-gen identity security practice by bridging the gaps between siloed teams and technologies.