LONDON (Reuters) - Whoever leaked UK-U.S. trade papers online ahead of Britain’s general election took extensive precautions to cover their tracks, which experts who suspect Russia was behind the effort say points to a professional and well-planned operation.
The heightened security measures, including a web of disposable email addresses and virtual phone numbers, are not typical of ordinary internet users and draw further parallels with a previous Russian information operation, said outside researchers and government officials.
British intelligence officials are now investigating whether the documents, which detail negotiations between Britain and the United States over a future trade deal, were part of a “hack and leak” operation ahead of a general election on Thursday.
Social media site Reddit said last week the documents were first posted online by accounts linked to a Russian campaign uncovered in June, fuelling concern that Moscow was seeking to interfere in the upcoming vote.
“This is very, very clinical operational security,” said a person familiar with the government investigation. “Whoever has done this is massively trying to hide their tracks, it is not exactly run-of-the-mill behavior.”
The opposition Labour Party has seized on the leaked documents to allege a plot by the governing Conservatives to sell off parts of the state-run National Health Service (NHS) in trade talks with the United States, a key issue in the British election campaign.
Labour said last week that the authenticity of the leaked documents has not been disputed and it acted in the public interest by releasing them to journalists. It declined to comment on Tuesday on new evidence about the source of the leak.
A government spokeswoman pointed to an earlier statement that officials were looking into the matter.
The Kremlin has repeatedly denied allegations of election meddling and dismissed suspicions that Russian hackers may have stolen and leaked the documents.
A person with knowledge of the matter said the email address used to register multiple social media accounts which repeatedly shared web links to the leaked documents was also used to sign up for nine services offering virtual online phone numbers.
The Internet phone numbers could have been used to register more accounts, further obscuring the owner’s identity, or to send SMS messages directing politicians and journalists to the leaked papers, the source said.
Reuters was not able to establish if any messages were sent or received from the accounts.
The same person or people also registered an email account and online blogging account from a platform providing so-called “burner” email addresses, which have public inboxes but are designed to be used once and then abandoned, web records show.
Ben Nimmo, head of investigations at social media analytics firm Graphika — which worked with Reuters to first identify the suspected Russian activity — said the “attention to secrecy” closely resembled a previous Russian campaign, whose operators also made significant efforts to hide their identities.
“This operation was run by professionals. The attention to security was far too tight and consistent to come from anyone else,” he said.
“It’s an operation that wanted to get its stories noticed, but really, really didn’t want to be traced back to the source.”
Reporting by Jack Stubbs; Editing by