According to a Google cybersecurity official and the former head of UK foreign intelligence, a new website that published leaked emails from several leading proponents of Britain’s exit from the European Union is linked to Russian hackers.
The website, titled “Very English Coop d’Etat,” claims to have published private emails from former British spymaster Richard Dearlove, leading Brexit campaigner Gisela Stuart, pro-Brexit historian Robert Toombs, and other Brexit supporters.
According to the website, they are part of a group of hardline pro-Brexit figures who are secretly calling the shots in the UK.
Reuters was unable to confirm the authenticity of the emails immediately, but two victims of the leak confirmed on Wednesday that they had been targeted by hackers and blamed the Russian government.
“I am well aware of a Russian operation targeting a Proton account containing emails to and from me,” Dearlove said, referring to the privacy-focused email service ProtonMail.
Dearlove, who led Britain’s foreign spy service, known as MI6, from 1999 to 2004, told Reuters that the leaked material should be treated with caution in light of “the current crisis in relations with Russia.”
In an email, Toombs stated that he and his colleagues were “aware of this Russian disinformation based on illegal hacking.” Stuart, who chaired Britain’s Vote Leave campaign in 2016, did not return emails.
Shane Huntley, director of Google’s Threat Analysis Group, told Reuters that the “English Coop” website was linked to “Cold River,” a Russia-based hacking group known to Alphabet Inc.
Huntley stated that the entire operation had “clear technical links” from Cold River’s hacking attempts to publicizing the leaks.
The Foreign Office in the United Kingdom, which handles media inquiries for MI6, declined to comment. Other Brexit supporters whose emails were suspected of being circulated on the website did not respond to emails either.
It is unknown how the emails were obtained, and the website hosting them made no attempt to explain who was behind the leak. The leaked messages mainly appear to have been exchanged using ProtonMail.
Although Reuters was unable to independently verify Google’s assessment of a Russian link to the website, Thomas Rid, a cybersecurity expert at Johns Hopkins University, said the site was similar to previous hack-and-leak operations attributed to Russian hackers.
If the leaked messages are genuine, it will be the second time in three years that suspected Kremlin spies have stolen and published private emails from a senior British national security official.
According to Reuters, classified US-UK trade documents were leaked ahead of the UK election in 2019 after being stolen from the email account of former trade minister Liam Fox. The specifics of the operation were never confirmed by UK officials, but then-British Foreign Minister Dominic Raab claimed the hack-and-leak was an attempt by the Kremlin to interfere in the UK election, a charge Moscow denied.
The “English Coop” website makes a number of claims, including that Dearlove was at the center of a plot by Brexit hardliners to depose former British Prime Minister Theresa May, who had negotiated a withdrawal agreement with the European Union in early 2019, and replace her with Johnson, who took a more hardline stance.
According to Dearlove, the emails captured a “legitimate lobbying exercise that, when viewed through this antagonistic lens, is now subject to distortion.”
Johnson, who took over in May of this year, has taken a tough stance on Russia’s invasion of Ukraine, pledging hundreds of millions of dollars in military equipment to the Ukrainian government. Johnson was in Kiev in April for a televised walkabout with Ukrainian President Volodymyr Zelenskiy.
Johnson was officially barred from entering Russia on April 16. The “Coop” website was registered three days later, according to Internet domain records. Its URL included the words “sneaky strawhead,” a dig at Johnson’s messy hairstyle.
While journalists should not be afraid to cover authenticated material exposed by the leak, Rid cautioned them to tread carefully.