Get 40% Off
🤯 This Tech Portfolio is up 29% YTD! Join Now to Get April’s Top PicksGet The Picks – Just 99 USD

Russian hackers are linked to new Brexit leak website, Google says

Published 05/25/2022, 11:13 AM
Updated 05/25/2022, 02:11 PM
© Reuters. FILE PHOTO: Hands are seen on a keyboard in front of a displayed cyber code in this picture illustration taken October 4, 2018. REUTERS/Dado Ruvic/Illutration

© Reuters. FILE PHOTO: Hands are seen on a keyboard in front of a displayed cyber code in this picture illustration taken October 4, 2018. REUTERS/Dado Ruvic/Illutration

By Raphael Satter, James Pearson and Christopher Bing

WASHINGTON/LONDON (Reuters) - A new website that published leaked emails from several leading proponents of Britain's exit from the European Union is tied to Russian hackers, according to a Google cybersecurity official and the former head of UK foreign intelligence.

The website - titled "Very English Coop d'Etat" - says it has published private emails from former British spymaster Richard Dearlove, leading Brexit campaigner Gisela Stuart, pro-Brexit historian Robert Tombs, and other supporters of Britain's divorce from the EU, which was finalized in January 2020.

The site contends that they are part of a group of hardline pro-Brexit figures secretly calling the shots in the United Kingdom.

Reuters could not immediately verify the authenticity of the emails, but two victims of the leak on Wednesday confirmed that they had been targeted by hackers and blamed the Russian government.

"I am well aware of a Russian operation against a Proton account which contained emails to and from me," said Dearlove, referring to the privacy-focused email service ProtonMail.

Dearlove, who led Britain's foreign spy service - known as MI6 - between 1999 and 2004, told Reuters the leaked material should be treated with caution given "the context of the present crisis in relations with Russia."

Tombs said in an email he and his colleagues were "aware of this Russian disinformation based on illegal hacking." He declined further comment. Stuart, who chaired Britain's Vote Leave campaign in 2016, did not return emails.

Shane Huntley, who directs Google's Threat Analysis Group, told Reuters that the "English Coop" website was linked to what the Alphabet (NASDAQ:GOOGL) Inc-owned company knew as "Cold River," a Russia-based hacking group.

"We're able to see that through technical indicators," Huntley said.

Huntley said that the entire operation – from Cold River's hacking attempts to publicizing the leaks – had "clear technical links" between one another.

The Russian embassies in London and Washington did not return emails seeking comment.

Britain's Foreign Office, which handles media queries for MI6, declined comment. Other Brexit supporters whose emails were suspected of being disseminated on the website also did not respond to emails.

'LOOKS VERY FAMILIAR'

How the emails were obtained is unknown and the website hosting them made no effort to explain who was behind the leak. The leaked messages mainly appear to have been exchanged using ProtonMail. ProtonMail declined comment.

Reuters was unable to independently verify Google's assessment about a Russian link to the website, but Thomas Rid, a cybersecurity expert at Johns Hopkins University, said the site was reminiscent of past hack-and-leak operations attributed to Russian hackers.

"What jumps out at me is how similar the M.O. is to Guccifer 2 and DCLeaks," he said, referring to two of the sites that disseminated leaked emails stolen from Democrats in the run-up to the 2016 U.S. presidential election.

"It looks very familiar in some ways, including the sloppiness," he said.

If the leaked messages are in fact authentic it would mark the second time in three years that suspected Kremlin spies have stolen private emails from a senior British national security official and published them online.

In 2019, classified U.S.-UK trade documents were leaked ahead of Britain's election after being stolen from the email account of former trade minister Liam Fox, Reuters previously reported. UK officials never confirmed the specifics of the operation, but then-British foreign minister Dominic Raab said the hack-and-leak was an effort by the Kremlin to interfere in the Britain's election, a charge that Moscow denied.

The "English Coop" site makes a variety of allegations, including one that Dearlove was at the center of a conspiracy by Brexit hardliners to oust former British Prime Minister Theresa May, who had negotiated a withdrawal agreement with the European Union in early 2019, and replace her with Johnson, who took a more uncompromising position.

Dearlove said that the emails captured a "legitimate lobbying exercise which, seen through this antagonistic optic, is now subject to distortion."

He declined further comment.

Johnson, who took over from May later in 2019, has staked out a tough stance on Russia's invasion of Ukraine, committing hundreds of millions of dollars of military equipment to the government in Kyiv. In April, Johnson visited the capital for a televised walkabout with Ukrainian President Volodymyr Zelenskiy.

Johnson was officially banned from Russian soil on April 16. Internet domain records show the "Coop" website was registered three days later. Its URL included the words "sneaky strawhead" in an apparent knock at Johnson's tousled hairstyle.

Rid said that while journalists should not shy away from covering authenticated material exposed by the leak, they should still tread very carefully.

© Reuters. FILE PHOTO: Hands are seen on a keyboard in front of a displayed cyber code in this picture illustration taken October 4, 2018. REUTERS/Dado Ruvic/Illutration

"If the leak has newsworthy detail, then it is also newsworthy to point out that the material comes from an adversarial intelligence agency, especially in a time of war," said Rid.

(This story corrects spelling of historian's name to Tombs instead of "Toombs" paragraphs 2 and 7)

Latest comments

Russia supported Johnson and other pro-Brexit people back then.  Now Russia turned on former ally, like Na zee Germany turned on Russia.
Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.