Skripal Case from Russia with Love

Hello folks,

Today I will talk about the Skripal case and the OSINT methods used by the Bellingcat group to find the real identities of the russian spies behind the Sergueï and Ioulia Skripal poisoning.

The story started when a friend shared me some informations about two nicknames “Dorbik” and “Matad0r“, a vendor of bullet proof hosting services (a bulletproof hosting guarantees that websites hosted in these locations will not be shut down, even if they are blatantly hosting criminal content).

I searched a bit and found some interesting informations :

http://garwarner.blogspot.com/2012/03/operation-open-market-vendors.html

[REDACTED Defendant #20] AKA Dorbik AKA Matad0r is a vendor of Bullet Proof Hosting services. Bulletproof hosting guarantees that websites hosted in these locations will not be shut down, even if they are blatantly hosting criminal content. Other criminals hosted carding forums and phishing sites on Dorbik’s services.

With the USA official district court document (in 2017 before the Skripal Case) :

https://www.rospres.com/images/24042017merged.pdf

I searched the “Dorbik” nickname in this document and found the name of the dark market vendor:

Sergei Litvinenko” -> Sergei Like “Sergei Skripal” but Litvinenko like “Alexandre Litvinenko” who was a British naturalised Russian defector and former officer of the Russian FSB secret service.

You can read his full biography here: https://en.wikipedia.org/wiki/Alexander_Litvinenko

Like Sergei Skripal, Litvinenko got hospitalised in what was established as a case of poisoning by radioactive polonium-210 (Novitchok for the Skripal case).

He died from the poisoning on 23 November 2006.

From coincidences, I suggest that Sergei Skripal was “Sergei Litvinenko” aka “Dorbik” aka “Matad0r” and that Alexander Litvinenko was a member of his family but the informations are not enough to confirm this theory.

On 4 March 2018, Sergei Skripal and Yulia Skripal were poisoned in Salisbury with a Novichok nerve agent, according to official UK sources and the Organisation for the Prohibition of Chemical Weapons (OPCW).

In the 1990s, Sergei Skripal was an officer for Russia’s Main Intelligence Directorate (GRU) and worked as a double agent for the UK’s secret service from 1995 until his arrest in Moscow in December 2004.

Like you know, Alexander Litvinenko died in 2006, and weirdly, the same year, Sergei Skripal was convicted of high treason and sentenced to 13 years in a penal colony by a Russian court.

Two Russian nationals, who go by the names Alexander Petrov and Ruslan Boshirov were accused of the murder attempt on Sergei Skripal (fake names obviously):

Recently, On 14 September 2018, the website “Bellingcat” wrote an article about Alexander Petrov and established a link from the suspect’s passport and the russian security services, you can read the full post here: https://www.bellingcat.com/news/uk-and-europe/2018/09/14/skripal-poisoning-suspects-passport-data-shows-link-security-services/

You can see the last minute travel plans:

And you can see an important informations about his passport:

Alexander Petrov’s passport dossier is marked with a stamp containing the instruction “Do not provide any information”. This stamp does not exist in standard civilian passport files. A source working in the Russian police force who regularly works with the central database confirmed to Bellingcat and The Insider that they have never seen such a stamp on any passport form in their career. That source surmised that this marking reserved for operatives of the state under deep cover.

And more important, the domestic passport photo matches the photos released by the UK authorities and the face of the person calling himself Alexander Petrov:

Today, Bellingcat Investigation Team released others important informations, they found the real identity of Ruslan Boshirov from OSINT methods.

He was identified as a GRU colonel named Anatoliy Chepiga: https://www.bellingcat.com/news/uk-and-europe/2018/09/26/skripal-suspect-boshirov-identified-gru-colonel-anatoliy-chepiga/

The passport file contained a photograph – dated approximately in 2003, when this passport was obtained – that strongly resembled a younger “Boshirov” as seen in passport photos released by the UK police:

The amazing work of the bellingcat team identified the suspect from a 2003 database, he used his personnal address as “Military Unit 20662, Khabarovsk“, It also listed his place of birth as “village of Nikolaevka”, further linking this person to the Hero of the Russian Federation with the same name.

Bellingcat has contacted confidentially a former Russian military officer of similar rank as Colonel Chepiga, in order to receive a reaction to what Bellingcat found. The source, speaking on condition of anonymity, expressed surprise that at least one of the operatives engaged in the operation in Salisbury had the rank of colonel. Even more surprising was the suspects’ prior award of the highest military recognition.

On 13 September the two men were interviewed on Russian television where they claimed they were tourists visiting the city.

On 2 October 2018 Bellingcat released more informations about the colonel, they obtained a photograph posted on the Russian social network “Odnoklassniki (OK)” by a visitor who visited the Far-Eastern Military Academy (abbreviated as DVOKU in Russian) where you can see a picture of the colonel.

More informations can be found on:

https://www.bellingcat.com/news/uk-and-europe/2018/10/02/anatoliy-chepiga-hero-russia-writing-wall/

About the second suspect (Dr. Alexander Mishkin), Bellingcat released a full report, you are able to read it here:

https://www.bellingcat.com/news/uk-and-europe/2018/10/09/full-report-skripal-poisoning-suspect-dr-alexander-mishkin-hero-russia/

Recently, a GRU hackers team tried to hack the OPCW buildings to erase some evidences from different operations, a rental car full of hacking devices has been found on a parking near the OPCW buildings :

You can read the informations on:

https://www.bbc.com/news/world-europe-45746837
https://www.wired.com/story/russian-spies-indictment-hotel-wi-fi-hacking/
https://themoscowtimes.com/news/Russian-man-idetified-in-Dutch-hacking-probe-was-member-of-secret-services-football-team-63091
https://www.fbi.gov/wanted/cyber/gru-hacking-to-undermine-anti-doping-efforts
https://twitter.com/christogrozev/status/1047781100498681857

Leave a Reply

Your email address will not be published. Required fields are marked *