Skip to content


A group of Russian hackers are believed to be behind the publication of a cache of emails obtained from a former MI6 director and other Brexiteers unhappy with Theresa May’s failure to broker an exit deal “own” of the EU.

Google said the ‘clumsy campaign’ was branded by a Russian group called Coldriver – and the hackers published the correspondence under the title ‘Very English State Coop’, claiming it revealed the existence of a shadowy group of pro-Brexit plotters.

But the main group of emails – dated from August 2018 to July 2019 – instead appear to show a group of Brexiteers frustrated by May’s willingness to seek compromises with the EU and their attempts to campaign against it.

Shane Huntley, who heads Google’s threat analysis group, said Russian Coldriver hackers had previously attempted to steal user login credentials. “This is the first time we’ve seen them enter the misinformation/hack and leak space,” he added.

Hacking and leaking operations are part of the standard modus operandi of Russian hackers, who are often linked to one of the country’s spy agencies – and the attack is one of the first detected during the war. Ukraine which has now lasted for three months.

A key figure targeted was Sir Richard Dearlove, former director of MI6 between 1999 and 2004, including the period leading up to the war in Iraq. The former spymaster told Reuters, which first reported the story: “I am well aware of a Russian operation against a Proton [email] account that contained emails to and from me. »

The emails outline a short-lived plan to create a hardline Brexit campaign group in the summer of 2018 amid growing opposition to May’s proposed deal with Checkers, which had already prompted the resignation of May. Government’s Boris Johnson.

Codenamed “Operation Surprise”, the group was to be chaired by former Labor MP Gisela Stuart, who supported Leave, with Dearlove among a group of public figures who would sit on its advisory board.

Its objectives, according to the leaked document, were to “block any agreement” to leave the EU stemming from the Checkers white paper, to “ensure that we leave under the proper conditions of the WTO” and “if necessary to depose this Prime minister and replace him with another for ends”. Later, he adds: “May has now proved unable to perform his duties” and lists a group of well-known right-wing journalists as part of his “circle media”.

But the group never got off the ground, after Stuart told fellow advisory board members in August 2018 that she didn’t think it was necessary as other anti-Chequers campaigns were growing rapidly.

Many other emails consist of ongoing complaints about officials, May’s policy drift and even chatter about anti-Brexiter George Soros, much of it consisting of political remarks he allegedly made to family members over dinner.

Dearlove said the emails captured a “legitimate lobbying exercise” which, seen through “this antagonistic lens” of a Russian hack and leak operation “is now subject to distortion”.

Sign up for First Edition, our free daily newsletter – every weekday morning at 7am BST

The website containing the emails is called “Sneaky Strawhead” – a reference to Johnson’s often messy hairstyle. It was registered on April 19 by individuals using a commercial domain name provider.

Democratic Party emails were hacked by members of Russia’s GRU military intelligence in the run-up to the 2016 presidential election and forwarded to WikiLeaks, where their publication helped pave the way for the election of Republican candidate Donald Trump.

Confidential documents relating to US-UK trade talks have been stolen from a personal email account belonging to former trade secretary Liam Fox. The 451-page cache was emptied on Reddit and eventually ended up in the hands of then Labor leader Jeremy Corbyn during the 2019 election campaign.

Not all news on the site expresses the point of view of the site, but we transmit this news automatically and translate it through programmatic technology on the site and not from a human editor.