“The Russian Sleuth Who Outs Moscow’s Elite Hackers and Assassins”
WIRED, February, 21, 2019
Security
By Andy Greenberg
“Roman Dobrokhotov has been playing a dangerous game for a Russian reporter: identifying agents of the GRU military intelligence agency.”
Ten years ago, Roman Dobrokhotov sat down in the front row of a Kremlin auditorium, surrounded by a polite audience of journalists and dignitaries attending a speech by Russia’s then-president Dmitri Medvedev. Medvedev was only a few minutes into his address on the importance of the country’s constitution—which he had just amended to allow Vladimir Putin to serve as president again—when Dobrokhotov stood up, turned around, and addressed the audience himself.
“Why listen to him? He’s broken all our human rights and freedoms,” Dobrokhotov said in a loud, clear voice. “And he tries to tell us about the constitution!”
Dobrokhotov still remembers the faces of the people around him. “They tried to pretend they couldn’t hear, but the acoustics were actually very good,” he says. In a typical scene of Kremlin doublethink, Medvedev told the crowd that the young heckler should have the right to speak, even as security guards covered Dobrokhotov’s mouth and hauled him out of the room.
Today, Dobrokhotov has found a better megaphone. And the 35-year-old Muscovite is using it to broadcast something that’s much harder for the Kremlin to ignore: the secrets of one of its most aggressive and dangerous spy agencies.
Over the past two weeks, the investigative news site Dobrokhotov runs, the Insider, has published a series of exposés on the alleged third agent of the Russian military intelligence agency known as the GRU involved in last year’s attempted nerve-agent assassination of Russian defector Sergei Skripal. The attack resulted in one person’s death and the hospitalization of three others, including Skripal and his daughter.
The Insider’s reporting, published in collaboration with researchers at the website Bellingcat, has shown that the accused man, Denis Vyacheslavovich Sergeev, appears to be linked to a separate attempted killing with a nerve agent poison in Bulgaria in 2015. Their stories exposed yet another alleged GRU assassin’s identity, hinted at the wider extent of Russia’s use of chemical weapons in assassination efforts, and established an apparent new link between Sergeev and a private mercenary company known as the Wagner Group.
These are just the latest in an ongoing series of revelations the Insider and Bellingcat have made about the GRU, an agency now believed to be responsible for everything from the Skripal assassination attempt to the hacking and leaking operation targeting US and French elections.
A significant portion of what the world knows about the GRU’s involvement in those recent scandals comes from the work of Dobrokhotov’s site and its Bellingcat partners. The Insider has revealed the GRU’s role in hacking the emails of then presidential candidate Emmanuel Macron in France, ahead of the country’s 2017 election—even naming the specific GRU unit responsible—months before an indictment by US special counsel Robert Mueller exposed that same unit’s hacking efforts in the US election. Dobrokhotov has helped to identify two Russian military officers allegedly involved in the downing of Malaysian Airlines flight 17 over Ukraine, which killed all 298 civilians on board. And most recently, it has worked with Bellingcat to investigate Skripal’s would-be assassins, identifying two of the three alleged GRU killers by name last year before completing the trifecta last week.
The GRU’s Gadfly
Dobrokhotov says he never exactly made a decision to target the GRU, which for decades has remained even more opaque than fellow Russian intelligence agencies like the FSB or SVR. “We just start to investigate one story, and it turns out to be a GRU officer. Then we investigate a totally different story, and it seems to be a GRU officer again,” Dobrokhotov says in English that he has honed with hours of watching Stephen Colbert. “They’re just so active, and they make so many mistakes, that they pop up in every investigation.”
But while most of the international credit for that string of GRU revelations has gone to Bellingcat, Dobrokhotov and his staff have taken on higher stakes. Unlike Bellingcat’s researchers, they’re Russian and live in close proximity to the very spies and assassins they’re exposing. That has allowed them to run down some details of their investigations that Bellingcat never could have otherwise. It also puts them at far greater risk of arrest—or worse—than their international collaborators.
“I’m astonished by their ability. They’re extraordinary investigators,” says John Hultquist, a former State Department staffer and current researcher at security firm FireEye who has focused for years on GRU hacking. “To do that work from Russia takes a remarkable amount of courage.”
About the Author:
Andy Greenberg is a senior writer for WIRED, covering security, privacy, and information freedom. He’s the author of the book Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers. The book and excerpts from it published in WIRED won a Gerald Loeb Award for International Reporting, a Sigma Delta Chi Award from the Society of Professional Journalists, two Deadline Club Awards from the New York Society of Professional Journalists, and the Cornelius Ryan Citation for Excellence from the Overseas Press Club. Greenberg works in WIRED’s New York office.
