<<

decision-making directly or focus on directly decision-making political target either organisations These operations. influencing in covert role akey play often countries of other services intelligence the that note and MIVD AIVD services security and intelligence Dutch the reports, annual published recently In their Doing ’s work dirty Source: Russia. of Forces Armed the of Staff General the of Directorate Main the of formation the of anniversary 100th the to dedicated event agala at Putin President the manipulation of public perceptions of perceptions public manipulation the from the Cold The spies who came in MAY 2020 Kremlin.ru 1 is of activities kinds these to regard with indirectly. jaarverslag-mivd defensie.nl/downloads/jaarverslagen/2020/04/30/ 2020, April 30 accessed 2020, April 30 2019, Report Annual (MIVD), Service Security and jaarverslagen/jaarverslag-2019 2020, April 30 accessed 2020, April 2019, 29 Report Annual General Intelligence and Security Service (AIVD), (AIVD), Service Security and Intelligence General 1 One of the countries mentioned mentioned countries of the One https://www.aivd.nl/onderwerpen/

; Defence Intelligence Intelligence ; Defence https://www.

Danny Pronk Clingendael Alert Clingendael Alert

Russia.2 This country has long been most Hacker, poisoner, soldier, spy adept at covertly influencing the perceptions and public opinion in other countries, which One of the most prominent cyber cases to can have a disruptive effect on policy-making date was the use of the so-called Advanced processes.3 However, as they are carried Persistent Threat 28 – aka Fancy Bear – hack out covertly, these activities have tended to group to meddle in the 2016 US presidential remain hidden in the shadows. Lately though, election. According to the report by US they seem unable to stay out of the limelight. Special Counsel Mueller, twelve Recent operations by Russia’s intelligence Russian intelligence officers from the GRU services, in particular the intelligence were guilty of hacking into the Democratic service GRU, are a case in point. Rarely has National Committee administration and the an intelligence service of a major power campaign for presidential candidate Hillary received so much public attention over such Clinton.5 Mueller’s findings fitted a clear a short period of time as the GRU.4 pattern in which the GRU was found by the National Cyber Security Centre in the UK to be almost certainly responsible for 2 See Mark Galeotti, Russian Political War: Moving an increasing number of cyber incidents in 6 Beyond the Hybrid (London and New York: past years. Routledge, 2019); Oscar Jonsson, The Russian Understanding of War: Blurring the Lines Between In another prominent case, the confidential War and (Washington, DC: Georgetown medical files of a number of international University Press, 2019); and also Ivo Jurvee, “The athletes were released after a hack of the Resurrection of ‘’: Intelligence World Anti-Doping Agency’s administration Services as a Part of Russia’s Influencing and management system.7 And in April Toolbox”, Hybrid CoE Strategic Analysis, April 2018, 2018, the GRU attempted to gain access to accessed 24 April 2020, https://www.hybridcoe. the computer networks of the Organisation fi/publications/strategic-analysis-april-2018- resurrection-active-measures-intelligence-services- for the Prohibition of Chemical 8 part--influencing-toolbox/ (OPCW) in The Hague. This was followed 3 See Ladislav Bittman, “Soviet Bloc ‘’ in May 2018 by a spear-phishing attempt and other ‘Active Measures’”, in: Robert Pfaltzgraff, in which the GRU’s hackers impersonated Uri Ra’anan and Warren Millbert (eds), Intelligence federal authorities in to target Policy and (London: MacMillan OPCW employees, and thus again the Press, 1981), pp. 212-228; Ladislav Bittman, The KGB and Soviet Disinformation: An Insider’s View (Washington, DC: Pergamon-Brassey’s, 1985); David V. Gioe, Richard Lovering and Tyler Pachesny, “The Soviet Legacy of Russian Active Measures: New Vodka from Old Stills?”, International Journal of Intel- 5 Special Counsel Robert S. Mueller, Report On ligence and Counterintelligence, published online: The Investigation Into Russian Interference In 5 March 2020, pp. 1-26; Joseph S. Gordon, “Intro- The 2016 Presidential Election (Washington, DC: duction”, in Psychological Operations: The Soviet US Department of Justice, 2019). Challenge, edited by Joseph S. Gordon (London: 6 National Cyber Security Centre, “Reckless Westview Press, 1988); Richard H. Shultz and Roy campaign of cyber-attacks by Russian military Godson, Dezinformatsia: Active Measures in Soviet intelligence service exposed”, 3 October 2018, Strategy (Washington, DC: Pergamon-Brassey’s, accessed 23 April 2020, https://www.ncsc.gov.uk/ 1984); Herbert Romerstein, “Disinformation as a news/reckless-campaign-cyber-attacks-russian- KGB in the ”, Journal of Intelligence military-intelligence-service-exposed History, . 1, No. 1 (2001), pp. 54–67. 7 Nicole Perlroth and Tariq Panja, “Microsoft 4 Sergei Boeke and Ben de Jong, “Heads Rolling at the Says Hacked Antidoping Agency GRU? Blundering Russian Intelligence”, Clingendael Computers”, The New York Times, 28 October 2019, Spectator, 23 October 2018, accessed 23 April 2020, accessed 24 April 2020, https://www.nytimes. https://spectator.clingendael.org/en/publication/ com/2019/10/28/sports/olympics/russia-doping- heads-rolling--blundering-russian-intelligence; wada-hacked.html Christian Esch, “The Rise of Russia's GRU Military 8 Huib Modderkolk, Het is oorlog, maar niemand Intelligence Service”, Der Spiegel, 19 October 2018, die het ziet (Amsterdam: Podium b.v. Uitgeverij, accessed 30 April 2020, https://www.spiegel.de/ 2019); Militaire Inlichtingen- en Veiligheidsdienst, international/world/russia-and-the-rise-of-gru- Vooruitziend Vermogen voor Vrede en Veiligheid: military-intelligence-service-a-1233576.html Openbaar Jaarverslag 2018, April 2019.

2 Clingendael Alert

OPCW’s computer networks.9 Recently, variety of non-attributable actions wherever American intelligence contractor Booz Allen and whenever required.13 Hamilton published a report detailing all cyber operations carried out by GRU hackers Finally, the attempted of over a period of 15 years, linking them to Sergei Skripal and his daughter in Salisbury more than 200 , disruption and in 2018 with a military from the disinformation incidents and campaigns in Novichok group again raised suspicions 33 separate case studies.10 Booz’s findings about the GRU, mainly because Skripal mirror those made earlier by the cyber himself worked for the GRU when he security firm Symantec in 2018.11 was recruited by the British intelligence service MI6.14 The Skripal poisoning The GRU also played an important role in apparently served the combined purpose the annexation of Crimea in 2014 and in the of sending a political message to the instigation of separatism in Eastern Ukraine and underscoring a continuing Russian that followed. A GRU officer also played campaign against traitors.15 a key role in the shooting down of flight MH17 over Eastern Ukraine, also in 2014.12 Over the years the GRU has demonstrated 13 Tor Bukkvoll and Åse G. Østensen, “The Emergence a willingness to develop and sponsor of Russian Private Military Companies: A New paramilitary organisations that further Tool of Clandestine Warfare”, Special Operations Russian national interests. This trend has Journal, Vol. 6, No. 1 (2020), pp. 1-17; Daniel increased since the 2014 crisis in Eastern Brown, “3 countries where Russia’s shadowy Ukraine, where the Kremlin used many of Wagner Group mercenaries are known to operate”, these paramilitary organisations to fight in Business Insider, 27 April 2018, accessed 23 April the Donbass. The Russian government has 2020, https://www.businessinsider.nl/russia- also used private military companies such as wagner-group-mercenaries-where-operate-2018- the Wagner Group, consisting of a cadre of 4/?international=true&r=US ; Alexander Rabin, skilled operatives from GRU , in a “ and Dividends: Who Really Controls the Wagner Group?”, Foreign Policy Research Institute, 4 October 2019, accessed 23 April 2020, https:// www.fpri.org/article/2019/10/diplomacy-and- 9 David V. Gioe, “Cyber Operations and Useful Fools: dividends-who-really-controls-the-wagner-group/ The Approach of Russian Hybrid Intelligence”, ; Matthew Cole and Alex Emmons, “Erik Prince Intelligence and National Security, Vol. 33, No. 7 Offered Lethal Services to Sanctioned Russian (2018), pp. 954–973. Mercenary Firm Wagner”, The Intercept, 13 April 10 Booz Allen Hamilton, Bearing Witness: 2020, accessed 23 April 2020, https://theintercept. Uncovering the Logic Behind Russian Military com/2020/04/13/erik-prince-russia-mercenary- Cyber Operations, 27 March 2020, accessed wagner-libya-/ 6 April 2020, https://boozallen.com/content/dam/ 14 David Omand, “From Nudge to Novichok: The boozallen_site/ccg/pdf/publications/bearing- Response to the Skripal Nerve Agent Attack Holds witness-uncovering-the-logic-behind-russian- Lessons for Countering Hybrid Threats”, Hybrid military-cyber-operations-2020.pdf CoE Working Paper, April 2018, Accessed 24 April 11 Symantec, “APT28: New Espionage Operations 2020, https://www.hybridcoe.fi/publications/ Target Military and Government Organizations”, nudge-novichok-response-skripal-nerve-agent- 4 October 2018, accessed 23 April 2020, https:// attack-holds-lessons-countering-hybrid-threats/; symantec-enterprise-blogs.security.com/blogs/ Mark Urban, The Skripal Files: The Life and Near election-security/apt28-espionage-military- Death of a Russian Spy (New York: Henry Holt and government Company, 2018). 12 Kevin G. Hall, “Russian GRU Officer Tied to 15 Luke Harding, A Very Expensive Poison: The Downing of Passenger Plane in Ukraine”, Miami Definitive Story of the Murder of Litvinenko and Herald, 25 May 2018, accessed 24 April 2020, Russia’s War on the West (London: Faber & Faber, https://www.miamiherald.com/latest-news/ 2016); David V. Gioe, Michael S. Goodman and article211871689.html ; Bellingcat, “Identifying the David S. Frey, “Unforgiven: Russian Intelligence Elusive ‘Elbrus’: From MH17 To In Vengeance as Political Theatre and Strategic ”, 24 April 2020, accessed 25 April 2020, Messaging”, Intelligence and National Security, https://www.bellingcat.com/news/uk-and- Vol. 34, No. 4 (2019), pp. 561–575; Amy Knight, europe/2020/04/24/identifying-fsbs-elusive- Orders to Kill: The Putin Regime and Political Murder elbrus-from-mh17-to-assassinations-in-europe/ (London: Biteback Publishing, 2018).

3 Clingendael Alert

A life spent in the shadows

At present, there are three main intelligence One indication of this is that the number of and security services in Russia: the foreign significant memoirs written by ex-employees intelligence service (SVR), the federal is negligible.17 Former KGB archivist Vasili security service (FSB) and the military Mitrokhin, together with British historian intelligence service (GRU). The latter has Christopher Andrew, has written a very existed for the longest time. The acronym comprehensive, two-volume standard work stands for Glávnoye Razvedyvatel’noje on the intelligence operations of the KGB Upravléniye (English: Main Intelligence in the Cold War.18 No such work on the Directorate) of the general staff of the armed GRU is available, however.19 But the fact forces, and as such the organisation falls that this intelligence service has become so within the responsibility of the Ministry of ubiquitous as the tool through which Russia’s Defence. Of the various Russian intelligence covert influencing operations are conducted services, and despite its recent level of warrants further scrutiny, not only by our activity, it is striking to note how little is own intelligence services but also by the known about the GRU compared to the decision-makers and publics targeted by it. Soviet KGB and its successor organisations SVR and FSB.

After the end of the Cold War and the of the , many former KGB officers and defectors wrote their memoirs, making information about the KGB accessible to a wider audience.16 The GRU, on the other hand, has always remained much more of a closed organisation.

17 The only one being Viktor Suvorov, Inside 16 For instance Christopher Andrew and Oleg Soviet (London: Macmillan Gordievsky, KGB: The Inside Story of Its Foreign Publishing, 1984). Operations From to Gorbachev (London: 18 Christopher Andrew and , Hodder & Stoughton, 1990); Ben Macintyre, The : The KGB in Europe and The Spy and the Traitor (London: Penguin, 2018); the West (London and New York: Allen Lane, and Anatoli Sudoplatov, Special 2000); Christopher Andrew and Vasili Mitrokhin, Tasks: The Memoirs of an Unwanted Witness, The Mitrokhin Archive II: The KGB and the World A Soviet (Boston: Little Brown & Co, (London and New York: Allen Lane, 2005). 1994). Also Ben de Jong, Schild en zwaard van 19 The closest is Jonathan Haslam, Near and de Oktoberrevolutie: De memoires van Sovjet Distant Neighbours: A New History of Soviet inlichtingenoffcieren, 1953-1991 (Maastricht: Intelligence (Oxford and New York: Oxford Shaker Publishing, 2004). University Press, 2015).

4 About the Clingendael Institute Clingendael – the Institute of – is a leading think and academy on international affairs. Through our analyses, training and public debate we aim to inspire and equip governments, businesses, and civil society in order to contribute to a secure, sustainable and just world. www.clingendael.org  @clingendaelorg [email protected]  The Clingendael Institute +31 70 324 53 84  The Clingendael Institute  clingendael_institute  Newsletter

About the author

Danny Pronk is a Senior Research Fellow at Clingendael. His research focuses on security and defence issues, particularly in relation to and Russia, and on geopolitical trend analysis, horizon scanning and strategic foresight.