The Labour candidate Ben Bradshaw has said he has been the victim of a suspected Russian cyber-attack after he received an email from Moscow with attachments containing sophisticated malware.
Bradshaw â who has repeatedly raised the subject of Kremlin interference in British politics, including in the EU referendum â received the email at his election gmail address. The sender â âAndreiâ â claimed he was a whistleblower from inside Vladimir Putinâs presidential administration.
The email contained several apparently genuine documents. They showed how the Kremlin has set up a secret âfake news unitâ in Russiaâs far east region which is used to suppress negative stories and to boost pro-government sentiment. However, two of the documents carried malicious code.
Bradshaw initially sent the email to cyber-experts, who confirmed that the files were suspicious. He has now reported the email to the national cyber security centre (NCSC) â a part of GCHQ â and to parliamentary authorities.
The NCSC confirmed it was examining the case on Tuesday, saying: âThe NCSC works closely with political parties, local authorities and individuals and offers them access to the best cybersecurity guidance and support. We were recently contacted by Mr Bradshaw and are currently looking at the information we have received.â
Intelligence professionals said the attack was technically sophisticated and specifically designed to target the prospective Labour candidate. The files include the signature of a genuine regional envoy on presidential notepaper and a detailed PowerPoint slide in Russian of protest meetings, seemingly compiled by Putinâs FSB spy agency.
Bradshaw said: âThe email came to my gmail account, which is more vulnerable than my parliamentary one. What the sender was claiming was potentially extremely useful and political dynamite. It was drafted in a clever way to make it tempting to open.â
Asked why the Russians might want target him, he said: âI was the first MP to raise Russiaâs role in the Brexit vote in 2016. Ever since I have been asking questions about the Kremlinâs subversion of our democracy.â
The email was written in good English, with several of the original Russian documents helpfully translated. It was sent from an anonymous account using ProtonMail, an encrypted email provider.
The sender âAndreiâ said he wanted to leak details of the propaganda pilot project because similar âfake news practicesâ were used âwith Brexit and the USâ in 2016 â a reference to the Kremlinâs social media operation in support of the leave campaign and Donald Trump.
âAndreiâ wrote: âLessons are to reapplied in 2020. Since you are campaigning for the general election, maybe you would be interested in being first to break the story?
âMy motivation for contacting you is that I personally object to the methods my bosses in the Russian Presidential Administration are using ⌠They value the current state of affairs that allows them to store money in the UK, as you know, so an exposĂŠ could create a strong correct reaction in Moscow.â
The sender said his documents might be âpolitical capitalâ for Labour before the election, adding: âEspecially considering the recent articles about the Conservatives operating with Russia money.â
Bradshaw said the suspected cyber-attack was further confirmation that Moscow was seeking to influence British politics. He condemned Boris Johnsonâs refusal to publish the intelligence and security committeeâs report on Moscow interference and said the prime minister had yet to come clean on his links with wealthy Russians living in the UK.
âJohnson has repeatedly lied about this. He hasnât told the truth about his own contacts. Thatâs one of the reasons he doesnât want the report published before the election because of what it contains,â Bradshaw said.
Earlier this year, US special counsel Robert Mueller said Russia had conducted a âsweeping and systematicâ operation to support Trump in the 2016 election. Mueller indicted several individuals from the notorious St Petersburg âtroll factoryâ, which was also used to push pro-Brexit messaging in advance of the EU referendum vote.
Last year parliamentâs digital, culture, media and sport select committee said Moscow had used âmalign digital influence campaignsâ in Britain, including after the novichok poisoning in Salisbury of Sergei Skripal. The committee took issue with Downing Streetâs claim there was no evidence of âsuccessfulâ Russian interference and said it should investigate.
Over the summer, suspected hackers from Moscowâs GRU military intelligence agency launched a sophisticated attack on around 30 western journalists and Russia experts. The attack involved phishing emails sent to ProtonMail accounts, similar to the one used last week to contact Bradshaw.
News of the apparent attack on Bradshaw followed claims on Monday that a leaked dossier of US-UK trade documents published by the Labour party had been initially shared online using methods that mirrored those previously used as part of a Russian disinformation campaign.
There is no suggestion either that the NHS documents, produced by Jeremy Corbyn at a dramatic press conference last week, were fake. But the consultancy Graphika said that the cache of files was initially distributed via Reddit, three German-language websites and an anonymous Twitter account, in a manner similar to a previous operation by a Russian group known as Secondary Infektion.
The researcher who first raised the prospect of foreign involvement in the Labour leak, Ben Nimmo, said on Tuesday that it would require information from Twitter or Reddit to fully resolve whether Russia was involved.
Without such a development, the links were ânot enough to provide conclusive attributionâ, Nimmo admitted. Secondary Infektion, which acted in the same manner to the individual or group that leaked the trade documents, was identified only when Facebook used its behind-the-scenes knowledge to cite Russia as the source.
Gloss