telephone metadata logs from a telephone number registered in the name of the (cover) persona “Sergey Fedotov” (a department manager at a GRU front company offering courier services) has allowed us to analyze Denis Sergeev’s telephone usage – including calls and data connections – in the period of May 2017 – May 2019....
Based on the analysis of Sergeev’s telephone movements within Moscow, we have established that his daily routine involves trips from his place of residence to several locations housing GRU operations. These include the GRU headquarters at Khoroshevskoe Shosse 67B, and the GRU Academy at Narodnoe Opolchenie 50. Notably, Sergeev’s daily routine shows unchanged pattern of travel to these GRU locations from 2017 through the end of 2018....
using his 3G/4G telephone connection--during his covert London trip GRU Maj-Gen Sergeev made and received regular phone calls from only one telephone number. This was the same number he called just before flying from Moscow, and he communicated with this contact a total of 11 times during the London trip.
We have established that as of presstime, this number is “unregistered”, i.e. belongs to a prepaid sim-card without a documented owner....metadata logs show that this telephone number does not produce the regular “footprint” left by regular numbers: i.e. there are no cell-tower IDs, or IMEI/IMSI logs matching this number. It is thus likely that this is a number from a special series used by Russian’s security services, and it is possibly not linked to a hardware telephone but – for instance – to a gateway device.
Sunday, 4 March, 2018--day of the Skripal Poisoning
On the morning of March 4, Fedotov made several data connections from his Paddington hotel. At 9:03 AM his phone rang, and he spoke with “Amir” for just about a minute. At 10:20 he sent or received a file of 8 MB, commensurate with a photo file.
At 10:40 Sergeev called “Amir” one last time, and spoke with him for about 2 minutes....He made the London-Moscow flight, and the plane to Moscow took off at 14:15. As Sergeev’s plane was about to land, “Amir” tried to call him at 8:51 PM, and when he could not reach him, sent him a text message. Sergeev landed at 21:00, checked his online messengers for messages, and left for his home by car. Once at his home, at 22:35 he made a brief 10-second call to “Amir”.
The new findings confirm that
Sergeev was an active GRU officer at the time of the Salisbury operation, as opposed to a retired officer employed for a private operation. They also shed light on the likely chain of command for this (and other) GRU overseas operations, with one coordinating senior officer communicating with headquarters in Moscow while the team on the ground receive limited to no new instructions. This set-up may be linked to operational security and the need to minimize the operative team’s exposure to traceable data communications. Evidence obtained by us on other international operations involving the same team suggests that this is a stable GRU operational model. https://www.bellingcat.com/news/uk-and-europe/2019/06/28/the-gru-globetrotters-mission-london/
No comments:
Post a Comment