FOUR bungling Russian spies were caught trying to hack the Salisbury novichok investigation armed with a laptop and a dongle.
The GRU agents were found sitting in a hired Citroen C3 car outside the Organisation for the Prohibition of Chemical Weapons in the Netherlands.
Police recovered a receipt for their taxi ride to Moscow Airport from the base of Russian military intelligence. And the dongle and computer – which held details of numerous other hacking operations – were stashed in the boot.
The foiled ‘close hack’ — making use of the OPCW’s wi-fi and stolen log-ins — was revealed yesterday by Dutch authorities. Hours later, the US heaped more pressure on Vladimir Putin by accusing the men of involvement in the notorious Fancy Bears hacking group.
Nato allies threw out the espionage rulebook — which normally sees spy arrests handled discreetly — in the face of the Kremlin’s stubborn refusal to admit responsibility for the poisoning.
The fresh embarrassment comes days after one of the two agents behind the Salisbury attack, who claimed he was a tourist visiting to see the tall cathedral spire, was exposed as a GRU colonel.
Tory MP Tom Tugendhat, chairman of the Commons foreign affairs committee, said corruption in the Kremlin had led to a lack of investment in the secret service and turned it into a laughing stock.
‘Decades of theft have stripped Russia’s intelligence of the skills they once had,’ he said. ‘Putin’s corrupt greed has turned the GRU into an amateurish bunch of jokers.’
Foreign secretary Jeremy Hunt said: ‘What we are getting from Russia is fake news, and here is the hard evidence of Russian military activity.’
The four agents — named and shamed as Evgenii Serebriakov, 37, Aleksei Morenets, 41, Oleg Sotnikov, 46, and Alexey Minin, 46 — were tracked from the moment they flew in to Amsterdam using diplomatic passports on April 11.
They booked in to the Marriott Hotel, next to the OPCW building in The Hague, where Salisbury samples were analysed and confirmed as novichok.
The spies used an Aldi carrier bag to carry away all the rubbish from their room — including crisp packets and Heineken cans — in an apparent attempt to avoid leaving traces of their visit that could give them away. But the laptop in the boot held incriminating details of hacking attacks on targets in Germany, Switzerland, Denmark and the US.
It even contained Serebriakov’s selfies from the 2016 Olympics in Brazil, where athletes including Sir Bradley Wiggins were victims of a hack on confidential World Doping Agency data.
Serebriakov and his colleagues are accused by the US of being part of the Fancy Bears group behind the operation.
Two of the agents had been due to travel on to Switzerland — where the OPCW has another base — but they were all deported to Russia after being arrested.
Yesterday’s announcements were timed to coincide with a Nato meeting in Brussels, where the organisation is expected to reveal plans to hit back at state-sponsored hacking with its own cyber attacks. Britain, the US, Denmark and the Netherlands will provide the technical know-how, reports suggest.
The four agents are said to be part of Sandworm, a GRU unit that also launched cyber attacks on the Foreign Office and the Porton Down lab in an effort to find out about the Salisbury investigation.
Russia denied any involvement in either the hacking or the attempted assassination of former KGB double agent Sergei Skripal in Salisbury.
Foreign ministry spokesman Maria Zakharova said Britain and its allies had released a ‘diabolical perfume of lies’.
Mr Skripal, 67, and daughter Yulia, 34, survived being poisoned with deadly novichok in March. But Dawn Sturgess, 44, died in July after her partner Charlie Rowley, 45, found a discarded perfume bottle containing the poison.
How the hackers attacked
THE suspects allegedly used two different hacking techniques — ‘close access’ and ‘spear phishing’ — to launch the cyber attacks.
‘Close access’ sees hackers try to breach a wi-fi network by getting physically close to it. Once in signal range — usually by hanging around in the street outside — they look for unsecured devices, which are not password protected, to gain access to computer systems.
Cybersecurity expert Myles Bray, of ForeScout, said: ‘Because remote attacks can be traced back to source, the appeal of access via a company’s wi-fi is it can help disguise who is behind the breach.’
‘Spear phishing’ sees hackers try to trick a user into opening a malicious email or entering sensitive data into fake websites, which download spy viruses onto their computers. These attacks can be done from anywhere, but are easier to trace.