Google Says Russian Hackers Are Linked To New Brexit Leaked Website

A new website that published leaked emails from several prominent supporters of Britain’s exit from the European Union is linked to Russian hackers, according to a Google cybersecurity official and former head of the UK’s foreign intelligence.

The website – titled “Very English cop d’état” – says it published private emails from former British spymaster Richard Dearlove, prominent Brexit campaigner Gisela Stuart, pro-Brexit historian Robert Tombs and other supporters of Britain’s divorce from the European Union have done. Was finalized in January 2020.

The site argues that they are part of a group of staunch pro-Brexit figures secretly calling the shots in the United Kingdom.

Reuters could not immediately verify the authenticity of the emails, but on Wednesday the two victims of the leaks confirmed they were targeted by hackers and blamed the Russian government.

“I am well aware of a Russian operation against a Proton account that contained emails from and on my behalf,” Dearlov said, referring to the privacy-focused email service ProtonMail.

Dearlove, who headed Britain’s foreign spy service – known as MI6 – between 1999 and 2004, told Reuters that the leaked material was given “in the context of the current crisis in relations with Russia”. Should be treated with caution.

Tombs said in an email that he and his associates were “aware of this Russian propaganda based on illegal hacking.” He declined to comment further. Stuart, who headed Britain’s Vote Leave campaign in 2016, did not return emails.

Shane Huntley, who directs Google’s Threat Analysis Group, told Reuters that the “English Cop” website was linked to what the Alphabet-owned company knew as “Cold River”, a Russia-based hacking group.

“We can see this through technical indicators,” Huntley said.

Huntley said there were “obvious technical links” between each other throughout the operation, from Cold River’s hacking attempts to making the leaks public.

Russian embassies in London and Washington did not return emails seeking comment.

Britain’s Foreign Office, which handles media queries for MI6, declined to comment. Other Brexit supporters, whose emails were suspected to have circulated on the website, also did not respond to emails.

How the emails were received is unknown and the website hosting them made no effort to explain who was behind the leak. The leaked messages appear to have been exchanged primarily using ProtonMail. ProtonMail declined to comment.

Reuters was unable to independently verify Google’s assessment about Russian links to the website, but Johns Hopkins University cybersecurity expert Thomas Rid said the site was reminiscent of previous hack-and-leak operations attributed to Russian hackers.

“What jumps out at me is that MO is very similar to Guccifer2 and DLeaks,” he said, referring to two sites that circulated leaked emails stolen from Democrats for the 2016 US presidential election.

“It sounds very familiar in some ways, including sloppiness,” he said.

If the leaked messages are indeed authentic, it will be the second time in three years that suspected Kremlin spies have stolen private emails from a senior British national security official and published them online.

In 2019, classified US-UK trade documents were leaked ahead of the UK election after the email account of former trade minister Liam Fox was stolen, Reuters previously reported. UK officials never confirmed the specifics of the operation, but then-British Foreign Minister Dominic Raab said the hack-and-leak was an attempt by the Kremlin to interfere with Britain’s election, a charge which Moscow denied.

The “English Cop” site makes a variety of allegations, including one that Dearlove was at the center of a conspiracy by Brexit hardliners to oust former British Prime Minister Theresa May, who signed a withdrawal agreement with the European Union in early 2019. , and replace him with Johnson, who did not compromise much.

Dearlove said the email captured “legitimate lobbying practice that, viewed through this opposing optic, is now subject to distortion.”

He declined to comment further.

Johnson, who took office later in May 2019, has taken a tough stand on Russia’s invasion of Ukraine, giving hundreds of millions of dollars worth of military equipment to the government in Kyiv. In April, Johnson visited the capital for a televised walkout with Ukrainian President Volodymyr Zelensky.

Johnson was officially banned from Russian soil on 16 April. Internet domain records show that the “cop” website was registered three days later. Its URL included the words “sneaky strawhead” in an apparent knock on Johnson’s tousled hairstyle.

Rid said that while journalists should not shy away from covering authentic material exposed from the leak, they should still tread very carefully.

“If the leak has reportable detail, it’s also worth pointing out that the material comes from an adversarial intelligence agency, especially in times of war,” Rid said.