Breaking News
Get Actionable Insights with InvestingPro+: Start 7 Day FREE Trial Register here
Investing Pro 0
Ad-Free Version. Upgrade your experience. Save up to 40% More details

Russian hackers are linked to new Brexit leak website, Google says

Stock Markets May 25, 2022 02:11PM ET
Saved. See Saved Items.
This article has already been saved in your Saved Items
2/2 © Reuters. FILE PHOTO: Hands are seen on a keyboard in front of a displayed cyber code in this picture illustration taken October 4, 2018. REUTERS/Dado Ruvic/Illutration 2/2

By Raphael Satter, James Pearson and Christopher Bing

WASHINGTON/LONDON (Reuters) - A new website that published leaked emails from several leading proponents of Britain's exit from the European Union is tied to Russian hackers, according to a Google cybersecurity official and the former head of UK foreign intelligence.

The website - titled "Very English Coop d'Etat" - says it has published private emails from former British spymaster Richard Dearlove, leading Brexit campaigner Gisela Stuart, pro-Brexit historian Robert Tombs, and other supporters of Britain's divorce from the EU, which was finalized in January 2020.

The site contends that they are part of a group of hardline pro-Brexit figures secretly calling the shots in the United Kingdom.

Reuters could not immediately verify the authenticity of the emails, but two victims of the leak on Wednesday confirmed that they had been targeted by hackers and blamed the Russian government.

"I am well aware of a Russian operation against a Proton account which contained emails to and from me," said Dearlove, referring to the privacy-focused email service ProtonMail.

Dearlove, who led Britain's foreign spy service - known as MI6 - between 1999 and 2004, told Reuters the leaked material should be treated with caution given "the context of the present crisis in relations with Russia."

Tombs said in an email he and his colleagues were "aware of this Russian disinformation based on illegal hacking." He declined further comment. Stuart, who chaired Britain's Vote Leave campaign in 2016, did not return emails.

Shane Huntley, who directs Google's Threat Analysis Group, told Reuters that the "English Coop" website was linked to what the Alphabet (NASDAQ:GOOGL) Inc-owned company knew as "Cold River," a Russia-based hacking group.

"We're able to see that through technical indicators," Huntley said.

Huntley said that the entire operation – from Cold River's hacking attempts to publicizing the leaks – had "clear technical links" between one another.

The Russian embassies in London and Washington did not return emails seeking comment.

Britain's Foreign Office, which handles media queries for MI6, declined comment. Other Brexit supporters whose emails were suspected of being disseminated on the website also did not respond to emails.


How the emails were obtained is unknown and the website hosting them made no effort to explain who was behind the leak. The leaked messages mainly appear to have been exchanged using ProtonMail. ProtonMail declined comment.

Reuters was unable to independently verify Google's assessment about a Russian link to the website, but Thomas Rid, a cybersecurity expert at Johns Hopkins University, said the site was reminiscent of past hack-and-leak operations attributed to Russian hackers.

"What jumps out at me is how similar the M.O. is to Guccifer 2 and DCLeaks," he said, referring to two of the sites that disseminated leaked emails stolen from Democrats in the run-up to the 2016 U.S. presidential election.

"It looks very familiar in some ways, including the sloppiness," he said.

If the leaked messages are in fact authentic it would mark the second time in three years that suspected Kremlin spies have stolen private emails from a senior British national security official and published them online.

In 2019, classified U.S.-UK trade documents were leaked ahead of Britain's election after being stolen from the email account of former trade minister Liam Fox, Reuters previously reported. UK officials never confirmed the specifics of the operation, but then-British foreign minister Dominic Raab said the hack-and-leak was an effort by the Kremlin to interfere in the Britain's election, a charge that Moscow denied.

The "English Coop" site makes a variety of allegations, including one that Dearlove was at the center of a conspiracy by Brexit hardliners to oust former British Prime Minister Theresa May, who had negotiated a withdrawal agreement with the European Union in early 2019, and replace her with Johnson, who took a more uncompromising position.

Dearlove said that the emails captured a "legitimate lobbying exercise which, seen through this antagonistic optic, is now subject to distortion."

He declined further comment.

Johnson, who took over from May later in 2019, has staked out a tough stance on Russia's invasion of Ukraine, committing hundreds of millions of dollars of military equipment to the government in Kyiv. In April, Johnson visited the capital for a televised walkabout with Ukrainian President Volodymyr Zelenskiy.

Johnson was officially banned from Russian soil on April 16. Internet domain records show the "Coop" website was registered three days later. Its URL included the words "sneaky strawhead" in an apparent knock at Johnson's tousled hairstyle.

Rid said that while journalists should not shy away from covering authenticated material exposed by the leak, they should still tread very carefully.

"If the leak has newsworthy detail, then it is also newsworthy to point out that the material comes from an adversarial intelligence agency, especially in a time of war," said Rid.

(This story corrects spelling of historian's name to Tombs instead of "Toombs" paragraphs 2 and 7)

Russian hackers are linked to new Brexit leak website, Google says

Related Articles

Add a Comment

Comment Guidelines

We encourage you to use comments to engage with other users, share your perspective and ask questions of authors and each other. However, in order to maintain the high level of discourse we’ve all come to value and expect, please keep the following criteria in mind:  

  •            Enrich the conversation, don’t trash it.

  •           Stay focused and on track. Only post material that’s relevant to the topic being discussed. 

  •           Be respectful. Even negative opinions can be framed positively and diplomatically. Avoid profanity, slander or personal attacks directed at an author or another user. Racism, sexism and other forms of discrimination will not be tolerated.

  • Use standard writing style. Include punctuation and upper and lower cases. Comments that are written in all caps and contain excessive use of symbols will be removed.
  • NOTE: Spam and/or promotional messages and comments containing links will be removed. Phone numbers, email addresses, links to personal or business websites, Skype/Telegram/WhatsApp etc. addresses (including links to groups) will also be removed; self-promotional material or business-related solicitations or PR (ie, contact me for signals/advice etc.), and/or any other comment that contains personal contact specifcs or advertising will be removed as well. In addition, any of the above-mentioned violations may result in suspension of your account.
  • Doxxing. We do not allow any sharing of private or personal contact or other information about any individual or organization. This will result in immediate suspension of the commentor and his or her account.
  • Don’t monopolize the conversation. We appreciate passion and conviction, but we also strongly believe in giving everyone a chance to air their point of view. Therefore, in addition to civil interaction, we expect commenters to offer their opinions succinctly and thoughtfully, but not so repeatedly that others are annoyed or offended. If we receive complaints about individuals who take over a thread or forum, we reserve the right to ban them from the site, without recourse.
  • Only English comments will be allowed.

Perpetrators of spam or abuse will be deleted from the site and prohibited from future registration at’s discretion.

Write your thoughts here
Are you sure you want to delete this chart?
Post also to:
Replace the attached chart with a new chart ?
Your ability to comment is currently suspended due to negative user reports. Your status will be reviewed by our moderators.
Please wait a minute before you try to comment again.
Thanks for your comment. Please note that all comments are pending until approved by our moderators. It may therefore take some time before it appears on our website.
Comments (1)
First Last
First Last May 25, 2022 11:46AM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
Russia supported Johnson and other pro-Brexit people back then.  Now Russia turned on former ally, like Na zee Germany turned on Russia.
Are you sure you want to delete this chart?
Replace the attached chart with a new chart ?
Your ability to comment is currently suspended due to negative user reports. Your status will be reviewed by our moderators.
Please wait a minute before you try to comment again.
Add Chart to Comment
Confirm Block

Are you sure you want to block %USER_NAME%?

By doing so, you and %USER_NAME% will not be able to see any of each other's's posts.

%USER_NAME% was successfully added to your Block List

Since you’ve just unblocked this person, you must wait 48 hours before renewing the block.

Report this comment

I feel that this comment is:

Comment flagged

Thank You!

Your report has been sent to our moderators for review
Continue with Google
Sign up with Email