Spying, attacks, murder: Moscow's secret services have shown they are capable of striking even in the heart of the West. However, intelligence expert Christopher Nehring says they are marked by failure and limited means.
So far, 2021 has been the year of Russian intelligence, with four spectacular operations exposed in the last four months. In Berlin, Jens F., an electrician with a Stasi past, was caught selling Bundestag construction plans to secret service agents at the Russian Embassy. In Bulgaria, a Russian spy ring was uncovered around the ex-military intelligence officer Ivan Iliev. In Italy, a frigate captain named Walter Biot was found to be selling military information.
And in the Czech Republic, the Interior Ministry identified officers of the Russian military intelligence agency GRU as the perpetrators of two explosions at an ammunition depot in Vrbetice in 2014. These were the same men who allegedly poisoned Bulgarian arms dealer Emilian Gebrev in 2015, as well as former Russian double agent Sergei Skripal and his daughter with the Soviet-era nerve agent Novichok in 2018.
The Bulgarian Prosecutor General's Office has also linked the GRU with four other instances of sabotage at weapons depots belonging to Gebrev's company, EMKO. All this, of course, comes after Russian opposition politician Alexei Navalny was poisoned with a nerve agent in August 2020, as well as cases of cyberespionage against the German Bundestag in 2015 and, in 2020, against the American IT company SolarWinds.
So, what can we learn from all this Russian activity?
Syria, Libya, Central Asia, the Caucasus and Ukraine in particular: The Russian secret services, above all the GRU, are in a state of war. Operations like the one in Vrbetice, or the poison attack on the arms dealer Gebrev, are intended as support for Moscow's military engagement by way of covert special operations.
The targets of these attacks are supporters of Russia's military opponents. In this respect, Russia has since at least 2014, if not earlier, dispensed with any inhibitions about committing the most serious acts of violence within the territory of the Western alliance.
Intelligence operations like these have a longstanding tradition. Jens F. in Berlin, Ivan Iliev in Sofia, and Walter Biot in Rome — all were engaged in classic espionage. All that's new is the number of cases that have been exposed within such a short space of time. Disinformation campaigns, too, were part of Moscow's repertoire half a century ago, like the campaign by the KGB and the Stasi in the 1980s which spread the rumor that the AIDS virus was developed as a bioweapon by the US Army.
And assassinating double agents and secret service defectors is a tradition that dates back long before the Skripal case. The GRU poisoned the defector Vladimir Nesterovich in Mainz as early as 1925.
On closer inspection, it also seems that even the newest form of intelligence operations — cyberespionage — is simply old wine in new bottles. Thomas Rid, a cyber expert at Johns Hopkins University in the US, considers such actions to be just traditional espionage, sabotage and propaganda in digital form.
Embassies have always been the hot spots from which the GRU and the other agencies have run their spy rings. Money is the main enticement, while the agents in Germany and Bulgaria also had connections with the former communist secret services.
If, however, the task at hand was murder or sabotage, teams from the now disbanded elite Unit 29155 of Russia's military intelligence service traveled from Moscow to their destination via third countries all across Europe. Indirect travel routes, fake identities in which the first name matches the real one and the date of birth is only minimally changed — these methods are all relics of the old Soviet secret service, just like privileges and honors, vacation programs and pledges to look after agents and their relatives when they are exposed.
Russia is a major force in global cyberespionage — but the recent intelligence operations show that the human element is still very important. Even cyberespionage like the 2015 hack of the German parliament only succeeded as a result of human error; in that instance, it required people to open an email attachment.
At the heart of the espionage cases were people who had been bought. Human error on the part of Russian intelligence officers played a major role in the failure and leaking of their operations. Officers of GRU Special Unit 29155 repeatedly traveled to the Czech Republic, Bulgaria and the UK using the same cover identities and forged passports.
Following the 2018 Novichok attack on Sergei Skripal, those same officers carelessly tossed a perfume bottle containing the poison into a trash can and were thus also responsible for the subsequent death of Dawn Sturgess, a local resident who came in contact with the bottle.
FSB agent Konstantin Kudryavtsev, who was part of a cleanup team charged with eliminating all traces of the Novichok poisoning of Kremlin dissident Navalny, was tricked by his victim into revealing extraordinary details of the plan in a recorded phone call. Other FSB officers had also violated precautions by turning on private phones during the operation.
In the age of social media, video surveillance and ubiquitous online communication, data protection and privacy are under threat. The same applies to the state secrets of murderous intelligence services. This has been demonstrated by the British investigative online platform Bellingcat and its research.
Social media channels, images posted online and video footage, as well as communications and travel data exchanged on the internet have enabled Bellingcat journalists to reconstruct the cover identities, resumes, travel routes and cell phone conversations of Russian intelligence officers. One of the most clandestine Russian special forces units was thus exposed online. One of its "victims," the FSB officer Kudryavtsev linked to the Navalny attack, was forced to admit that digital journalism is completely uncharted territory for Russia's intelligence services.
Eliot Higgins, the founder of Bellingcat, nicknamed his organization "an intelligence agency for the people." In many ways, the revelations published by him and his colleagues have already demonstrated the similarity between investigative digital journalism and intelligence work. Both scour the internet for open or partially open information; both use communications data to establish connections and movement profiles; and both pay informants in order to obtain that data.
In the digital age, the boundaries between open and classified information have become blurred — and intelligence officers are no better protected online than ordinary citizens. The methods employed by secret service agents and journalists are increasingly alike.
Russia's secret services have shown they are willing and able to operate anywhere in Europe. John Sawers, a former director of Britain's MI6 foreign intelligence service, estimates that only about 10% of covert Russian operations are detected. However, we should not allow ourselves to be blinded by this show of strength because, at the same time, it is also a clear sign of weakness.
This is not only because of the services' many failures and negligence. The fact that, for example, the same officers are deployed again and again is also evidence that resources are limited. Attempts to gain information about US and NATO plans via third countries, at considerable expense and great risk to personnel, show the same. Moreover, the resulting enormous political loss of prestige and sanctions are hardly a sign of a successful outcome.
Christopher Nehring teaches intelligence history at the University of Potsdam and is the academic director of the German Spy Museum in Berlin. His book, Die 77 größten Spionage-Mythen (The 77 Biggest Espionage Myths) was published in 2019.