CHAPTER 6

Active Measures

Evidence that Vladimir Putin’s Russian intelligence agencies, including state intelligence FSB, clandestine service SVR, and military intelligence GRU, as well as national cyber-contractors and the state-run news media, used well cultivated espionage methods developed under the Soviet Union to carry out the cyber-attack on the 2016 United States election is overwhelming. The espionage methodology that they used for these operations is called Aktivnyye Meropriyatiya or “Active Measures.” In a House subcommittee for foreign affairs, at the peak of the Cold War, Robert Gates defined it as: “Soviet active measures are covert operations designed to shape public opinion in foreign countries on key political issues. These measures are targeted at opinion-makers, such as political leaders, the media, and influential businessmen, as well as the public at large.”¹

Active measures are the dirty tricks of the intelligence community, done on a political or personal stage using a myriad of methodologies, including assassination, forging documents, and the arranging for them to “surface,” and making legitimate documents appear insidious or incriminating. Other methods include fabricating and planting rumors so that they enter the media stream as news; distributing carefully crafted false narratives or disinformation; and writing and printing books, pamphlets with disinformation themes, and fabricated stories. Some of the most effective used stolen or false information or imagery to compromise or blackmail an individual to do one’s bidding (Kompromat). Even famous dissidents living in the West were under attacks. Aleksander Solzhenitsyn, the famous writer who exposed the Soviet gulag prison systems, was a target of “active measures.”²

Starting in 2013, the Russians launched massive active measures against the United States and Europe. Using compromised assets, blackmail, media manipulation, and quite possibly a number of assassinations, Russian intelligence, at the direction of President Putin, have exploited political division through propaganda campaigns, spies, and disinformation. Russia continues to use these measures against the United States and its allies, including the use of hacking, cutouts, spies, and unwitting assets to advance its goals worldwide. Russian intelligence employs subversive social media campaigns, fake news, troll armies, and propaganda to subvert the democratic process in the US and European democracies. It continues to this day.

None of this is new. From the early days of the Soviet Union to today, the Russian espionage craft is alive and well. Deployed against the United States and Europe in 2016 and 2017, Russian active measures have been explained by former Russian intelligence officials as the use of all actions short of including overt military operations to influence an enemy nation or to gain an outcome favorable to Russia. Pavlovsky says that this new animosity to America began in 2012 when Putin returned for a second term:

“I think in the early Putin days as president, and then certainly when Medvedev was president and Putin was prime minister, Russia was not what it is today. We were interacting with them in a much more normal way—we being the United States and Europe. It was only when Putin came back the second time as president, that the behavior started to turn, and turned significantly back towards what was essentially Russian behavior during the Cold War, which is challenge the United States everywhere you can in the world, and do whatever you can to undermine what they’re trying to accomplish. Do whatever you can to weaken them.”³

Weakening one’s enemies is precisely what active measures are for.

History of Active Measures

Active measures of every sort are part of the operational menu for bringing about results that could not be achieved elsewhere. The first Russian secret police, the Cheka, were established in 1917 by the Bolsheviks and were primarily used to thwart opposition to the Bolshevik ideology and “enemies of Bolshevism.”⁴ The Cheka were disbanded and reestablished as the State Political Directorate (GPU) in 1922, and then renamed under Stalin as the People’s Commissariat for Internal Affairs (NKVD)—used in Stalin’s “Great Terror” in the 1930s.⁵ After Stalin’s death, Khrushchev established the KGB in the early 1950s.⁶ According to a House Intelligence report on active measures:

“Soviet bloc disinformation operations were not a rare occurrence: more than 10,000 were carried out over the course of the Cold War. In the 1970s, Yuri Andropov, then head of the KGB, created active measures courses for operatives, and the KGB had up to 15,000 officers working on psychological and disinformation warfare at the height of the Cold War. The CIA estimated that the Soviet Union spent more than $4 billion a year on active measures operations in the 1980s [approximately $8.5 billion in 2017].”

Active measures were and remain an offensive instrument of Russian policy.

Tennent Bagley, a former CIA officer assigned to handle high value Russian defectors, wrote that in 1923, under the OGPU, one of the earliest Soviet active measures groups had three principal objectives:

“1. discover what the enemy of the revolution knew, what they were seeking

2. create and disseminate false information to project the desired image of the Soviet leadership and

3. to disseminate that disinformation into the press of various countries.”⁷

The Stanislav information warfare active measures group was the Komitet-Informatsii (KI) or Committee of Information. It operated between 1947 and 1951.⁸ The committee was formed in July 1947 as a centrally organized information warfare and intelligence exploitation group. It merged the Russian military intelligence (GRU) and the early Stalinist Ministry of State Security (MGB) into a unified foreign intelligence service.⁹ It was created in response to the American National Security Act of July 1947, which created the CIA. The first leader was Vyacheslav Molotov, Minister of Foreign Affairs. Eventually, bit-by-bit the personnel from the KI were peeled away back to the GRU and MGB until it was dissolved in 1951.¹⁰

General Ivan Ivanovich Agayants was one of the early commanders of the KI and is a legend in Russian intelligence. He began his career in espionage, disinformation, propaganda, and active measures in 1930.¹¹ As a spy from 1937 to 1940, Agayants was stationed in France to conduct operations supporting the anti-fascist brigades in the Spanish Civil War. After the invasion of France, he went to Iran.¹² In 1943, when the Soviet Union became a part of the anti-Nazi alliance, he was brought back to the Mediterranean—Algiers—to serve as an envoy to the French provisional government led by Charles de Gaulle. After the defeat of the Nazis and creation of the KGB, he served as the first resident (chief of station) in France. Agayants often traveled around the world to assist or oversee operations throughout the Cold War.¹³

In 1959 at the height of his stellar career he sent a memorandum to the then KGB chairman, Aleksandr Shelepin. He proposed a new department that would specifically plan, manage and execute active measures. It would become the KGB’s Active Measures department—Department D. By 1962 they had 40 officers, by 1967, the staff had more than doubled to over 100 officers. By the end of the Cold War it was nearly 15,000 people.¹⁴ The Department was divided into five parts: political, economic, scientific and technical, military, and counterintelligence. Eventually, the department rose to a level of prominence and was rebranded Service “A.”

The KGB’s Service A was the key department of the First Chief Directorate responsible for active measures. It managed dirty tricks activities around the world including disinformation efforts, making forgeries, arming insurgents, and sending weapons to terrorists or deploying assassins. It was this group depicted with ruthlessly evil KGB characters in the James Bond film From Russia with Love.¹⁵

Under the Soviet system of government, the chain of command started in the politburo, the policy-making committee in the Communist Party, then below them was the central committee. Within the Supreme Soviet was the International Department, which handled the United States-Canada Institute, pro-Soviet communist parties, front groups, and “Liberation Movements,” aka insurgent or terror groups. Until WWII, the United States was an “important target” for Russian intelligence officers but afterward it became the “main enemy” for Department D, including NATO and followed by China. The CIA and its sister intelligence agencies of the West were always a constant target. Security and defense contractors were targets for agent recruitment. In one of the more famous cases, Andrew Daulton Lee and Christopher Boyce worked with the KGB to steal information on US spy satellites from the TRW Defense and Space Systems Group in 1977.¹⁶ The two were arrested and sent to prison. They were later portrayed by Timothy Hutton and Sean Penn in the movie, The Falcon and the Snowman, which was based on the book by Robert Lindsey. However, all industry companies were targets. The KGB had spied on international oil companies in San Francisco using microwaves to capture voices during their corporate meetings.¹⁷

Since the day the Soviet Union officially ceased to exist on December 25, 1991, Putin has not changed those task orders for the FSB and SVR.

Though most of active measures operations were coordinated from the Kremlin and were deployed directly by Moscow efforts, the nine Warsaw pact nations in the Soviet bloc carried out operations based on their own agendas. Doing so provided cover for Kremlin activity abroad. This allowed the reach of Kremlin aims to migrate west. Such efforts were still ultimately relayed back to Soviet authority.

The directives of the Active Measures teams were derived from Soviet national objectives. Their long-term goals were to work on lifting sanctions and keeping NATO influence and member states away from Russian borders. All other activities below that were generally performed in piecemeal fashion to address a small component of these larger goals. Often these missions would be part of the jigsaw puzzle to weaken Russia’s opponents and to create a favorable environment for Kremlin policy. They’d do this by creating a newspaper or hosting an international peace conference with American political groups who wanted a connection to Russian money but did not have a direct contact. Much of the time was spent discrediting and vilifying opponents and dissidents.

When it came to targeting the CIA for disinformation, the KGB went for a direct attack. They used allies, politicians, and political dupes to villainize the CIA and its operations. Almost all KGB defectors agreed that the overall mission focus for attacking and damaging the CIA was to demoralize, expose, and undermine the effectiveness of the agency. The KGB did not leave the US Department of Defense alone on this field. Their global political and propaganda warfare teams would develop themes, organize protests, and ensure that American forces overseas were always uncomfortable.

Though intelligence agencies were high priorities, the highest goals were to undermine the American political process. The Russian interest in damaging American politics goes back to its earliest Bolshevik days. For almost 70 years, democracy in America was often portrayed as false while Soviet democracy, as they called it, was promoted as “true democracy”—since supposedly everything belonged to everyone. Yet the Supreme Soviet spent inordinate amounts of time and money trying to ideologically destroy the United States and European liberal democracies. The KGB and all state media were tasked to ensure the following strategic objectives were carried out:

1. Infiltrate the decision-making process of the American bureaucracy.

2. Influence, insinuate, and use the American media.

3. Promote smear campaigns against politicians who were obstacles to Russian objectives, including presidential, congressional, state or local officials, or public policy figures.

4. Fuel racial division and resentment.¹⁸

Where the direct contact with Russian intelligence might have been a turnoff for potential assets, use of operatives from other countries and intelligence organizations were more effective. During the Cold War, Czech, East German, Angolan, Egyptian, Syrian, Afghan, and Cuban officers were able to conduct operations that would have otherwise been hindered by a Russian contact. Russian liaison officers kept these satellite services in order and conducted counterintelligence spy hunts for infiltrators from Western agencies. All important decisions required their approval.¹⁹ Though their prime ministers and interior ministers were aware of what their agents were doing, Moscow kept a tight rein on their work.

Training for satellite intelligence services in all aspects including propaganda, disinformation, forgery, and other active measures were handled by the KGB. The nationalities were divided up into different camps; their countries covered the cost of the training, but the KGB determined the spy craft curriculum.

After the fall of the Soviet Union, active measures continued under intelligence officer Sergei Tretyakov. According to Tretyakov, a colonel for the modern-day Russian clandestine service SVR, KGB Service A was never disbanded but was simply rebranded to Department MS, or “Support Measures.”²⁰ Department MS changed with the times. They would avoid tying activities to the diplomatic missions to avoid counterintelligence efforts by the FBI. The advent of advanced computing communications and mobile telephones made linking Russian spies to the embassy and their agents harder to prove, though they had to keep using the embassy as a secure base of operations.

Disinformation Warfare

Disinformation is the art of using false or misleading information and injecting it or getting it credited by legitimate and credible sources. The false information must be logical, believable, and acceptable to gain the confidence of the target population of an adversary nation. Like all good lies, the material must be crafted to play to the biases and accepted norms of the target audience, even if the information is horrible or distasteful to others not of that tribe. If the target audience disbelieved the message because it violates the consistency of accepted reality, then the disinformation campaign will be ineffective or fail. However, the accepted reality can be bent so that eventually, as the disinformation campaign plays itself out, a grand lie will be accepted for truth. That is the artistry of disinformation.

During the Cold War, Russian disinformation campaigns were used to frame the world according to the Kremlin. They have also been used to project the power of Russia’s military capabilities, hype the living conditions and joyfulness of Russian citizens, and to manipulate relations between other countries. Guided visits in Russia by foreigners were arranged to give them a view of the prosperity of Russian people or to cover the abuses of Russian citizens.

Extremists strong in biases and prejudice were considered the easiest targets for disinformation. Those who seek to gain their information from biased sources without critical skepticism were preferred targets for campaigns of disinformation. The rise of partisan news only magnified the problem as each played to the biases of their crowd and thus were easy targets of disinformation.²¹

One prominent disinformation agent was Vitali Yevgennevich Lui, who got published in the New York Times and the Washington Post, and was featured on CBS News and other notable credible news agencies, under the name Victor Louis.²² His efforts were used to attack dissidents like Solzhenitsyn or Stalin’s daughter, Svetlana Alliluyeva. In one case, he was used via the London Evening News to spread disinformation aimed at China claiming the Soviets were planning a preemptive nuclear attack.²³

Ex-spy Sergei Tretyakov explained that disinformation products crafted in Moscow were surreptitiously transmitted to Russian FSB/SVR officers in the US who would use public internet access, such as the New York Public Library internet terminals. From there the propaganda warfare staff would propagate articles that purported to be educational or scientific reports which were created to be believable work of reputable academics with names that sounded respectable.²⁴ Those reports would then be passed to organizations that were known for criticizing the US government.

According to the famous ex-KGB trained Czech officer-turned-dissident and author Ladislav Bittman, Russian intelligence saw each mission from smallest to strategic as having three necessary characters:

1. The Operator: The operator as the Russian intelligence officers and producers of the disinformation (called the “product”).

2. The Adversary: The adversary was spy speak for the target of the operation. It could be anyone or anything. Most often it was a national political goal or policy, a specific politician or political party, a public figure, or even the entire population of a target country.

3. The Unwitting Agent: The unwitting agents were the unaware participants used to attack the adversary either directly or indirectly. They were unwitting as the operator usually covered his true nationality, intent, and sources of payment. Often UAs believed they were working in a common interest with the operator.

In his classic book on Cold War active measures, KGB and Soviet Disinformation, Ladislav Bittman spelled out the details of the Active Measure Campaign and how this organized method leads to chaos for the adversary and the unwitting agent.²⁵

“1. The unwitting agents were used to attack the adversary in a direct role as a proxy for the operator. The unwitting agent believes the actions were self-initiated.

2. The operator directly attacking the adversary but, in a way, that the adversary retaliates against the unwitting agent. Doing so would leave the adversary and unwitting agent to fight it out without noticing the operator.

3. The operator directly attacking the adversary but, in a manner, that the adversary doesn’t perceive the action as an attack or were led to rationalize the actions.

4. The operator attacks both the adversary and unwitting agent with the aim to pit them against each other.”

In the early days of the Soviet Union, the Cheka used these methods against Russian exiles in Western Europe to retaliate against those who left the ideological fold. These efforts were driven by ideological demands of the revolutionaries and focused on circles of former Russians and foreign Communist parties.²⁶

The goal of strategic disinformation was necessary to sow doubt, suspicion, and conspiracy theory for enough time that the Russians could execute a full-scale invasion. By extension, the Foreign Ministry was responsible for holding the propaganda and disinformation line at all costs. Like old politburo statements from the Soviet era and even when the truth is easily observable, and the party line was disprovable, diplomats and apparatchiks would insist up was down. For example, when Russia invaded the Ukrainian peninsula of Crimea, hundreds of sources witnessed and videotaped the takeover of key government buildings by Russian Special Forces soldiers (RUSOF). The men wore RUSOF uniforms. They carried RUSOF guns. They spoke Russian. They flew in on Russian aircraft. They were Russian except for one glaring piece of kit… they had removed their Russian army flags and name tapes from their uniforms. Foreign Minister Sergei Lavrov was confronted about Russian forces in Crimea spearheading a military operation. He came forward on international TV and claimed that the “little green men” were not Russia Special Forces.²⁷ In fact, he insisted they were locals who just happened to have the most advanced weaponry and kit in Eastern Europe. Speaking from a conference in Madrid, Lavrov stated, “If they are the self-defense forces created by the inhabitants of Crimea, we have no authority over them. They do not receive our orders.”²⁸ In 2015, Putin would boldly admit that Russian Special Forces had indeed spearheaded the invasion of Crimea. They needed to control the local government infrastructure, so no Ukrainian terrorism could occur.

In the early days of the post-revolution Soviet Union, Operation SINDIKAT and Operation TRUST were some of the first active measure campaigns in Soviet history. TRUST was carried out by the Red State Political Directorate (OGPU) spies to trap a dissident Russian writer named Boris Savinkov and his handler, a former British agent (and alleged con artist) Sidney Reilly. Reilly was a World War I British espionage officer who went to Russia as an independent contractor after the revolution. He supported anti-Soviet causes and operations of the White Army. He is most notably portrayed in popular fiction and the BBC TV series Reilly: Ace of Spies.

The Red Army Bolshevik counterintelligence created the appearance of their agents acting as if they were an anti-Soviet counterrevolutionary “White Army” organization called “The Trust.” Using this lie, the OGPU lured Savinkov and Reilly back to Russia and captured them. Savinkov was sentenced to prison but forced to write against his former White Army comrades for Russian and European publications. Savinkov was later killed at the hands of the Soviet revolutionaries.²⁹ Reilly also did not fare well. He was taken to a forest and executed by firing squad. Like all good Russian propaganda, the death of a famous British spy was given an exciting cover story that was in itself a propaganda product. Russia claimed his death was at the hands of simple, trustworthy Soviet border guards who shot him as he tried to cross from Finland into the glorious new Soviet Union.

Document theft and dispersal to a hungry news media, à la the 2016 election, were precisely what Russian intelligence did in 1927 to discredit Japan and stop its imperial machinations. Russian intelligence officers from the Stalin-era Chekist intelligence agency, the INO (Inostranny Otdel or Foreign Department) carried out a brilliant operation that penentrated the heart of the Japanese imperial government. The INO was formed by Felix Dzerzhinsky to give the Cheka access to overseas intelligence. The INO officers recruited a Japanese government interpreter who had very high-level access to the offices of the Japanese government. He was tasked to steal a strategic war plan allegedly written by Baron Gi-Ishi Tanaka, the then Japanese Prime Minister. The stolen documents were returned to Russia and leaked to the American and Chinese press in Nanking by the spies. The “Tanaka Memorial Imperialist Conquest Plan” called for the Japanese invasion of Manchuria and Mongolia. This action was part distraction as it was meant to have the appearance of being stolen by American spies.³⁰ To this day, the authenticity is under dispute.

Russian intelligence were masters of forgery in active measures. Sometimes the forgeries were mixed with real documents to spread “black propaganda” or fake news stories. Under the KGB the 1950s and 60s were great times for forgeries. Their usage dropped off in the mid-70s but in 1976, rudimentary computers and faster IBM electric style typewriters facilitated the resumption of anti-US campaigns. Computers would come to replace them soon enough. Not all forgeries were meant for public consumption. Undetected forgeries can still do damage privately, particularly when they show up in classified information as “leaked.” The KGB, and now the FSB, carried out thousands of micro campaigns of propaganda and forgeries. From trying to discredit the US-backed government in Ghana to making documents appear that West Germany and America wanted racist South Africa to acquire nuclear weapons. In many cases, these campaigns are so pervasive that the lies continue on the internet.

Kompromat

Kompromat refers to the use of “compromising materials” that were used to impugn the reputation of a target. The materials may have been real or forged but were aimed to attack politicians, officials, media or entertainment personalities, or business targets. The materials came in a variety of types—documents, photographs, or videos. In the early days, the KGB sought to find and use Kompromat on Eastern bloc defectors and dissidents.

The Russians used Willy Brandt. Brandt was Germany’s first left-of-center Chancellor, part of the Social Democrat Party (SDP), and a Nobel prize-winner for improving East-West relations in Germany. Brandt was elected in 1969 and was extremely popular in Germany and the West. The KGB gave him the target code name POLYARNIK.

A major active measure was executed against Brandt in the form of getting Günter Guillaume, a deep penetration agent for the Stasi—East Germany’s secret intelligence service—to discredit Brandt. Guillaume was a trained German agent and former Nazi who had been infiltrated into the West in 1956 in order to subvert the political parties. Guillaume worked his way up the ranks and became a close personal aide to Brandt. In 1973, West German counterintelligence was tipped that Guillaume was an East German spy. Brandt was informed and changed no routines in order to capture the spy. Guillaume was caught in 1974 and tried for treason. He was later exchanged for Russian spies. Brandt resigned over the affair of having a KGB/Stasi spy as his right-hand man.³¹

In 1961, a former British naval officer and politician Anthony Courtney was caught in an early Kompromat operation using a KGB officer as a sex partner. When he ran for office and won, he was a staunch critic of the exploitation of diplomatic privileges by the Russians. His effectiveness in spreading anti-Russian sentiment caused the KGB to expose him in the British media. The Russians released photos of him having sex with a Russian Intourist guide named Zinaida Grigorievna Volkova, who was working for the KGB. The sexy photos were taken during his visit to Russia in 1961. Needless to say, he was quickly forced out of Parliament.³² An adaptation of this scandal was used in the James Bond film From Russia with Love, when Bond is filmed from behind a double-sided mirror wall, with KGB officers filming his sexual liaison with a Russian embassy codebreaker.

The FSB under Putin used Kompromat extremely effectively in the highly charged anti-corruption atmosphere of the Post-Soviet Russia in 1997. A video surfaced purportedly of Russian justice minister Valentin Kovalev in a sauna with five naked women. The video was allegedly taken by the Solntsevo criminal gang. The videotape was found after a search of a banker’s house. The banker, Arkady Angelevich, was under investigation.³³ The tape is widely believed to have been made by the FSB, planted, and “found” during the investigation.

Russian lawyer and former Prosecutor General, Yuri I. Skuratov, was shown in a pornographic video with two young women who were supposedly prostitutes. Skuratov had been part of a corruption case against Russian president Boris Yeltsin, Putin’s new boss.³⁴ In January 1999, Skuratov had been called to meet Yeltsin, who then showed him a video and asked him to resign. Later, Putin, then Russia’s Prime Minister himself, called for Skuratov to resign again and threatened criminal prosecution.³⁵

Ilya Yashin, a Russian opposition activist and friend of slain activist Boris Nemtsov, was caught in a video titled “The Word and the Deed.”³⁶ The video attempted to show the men bribing police. The video also featured Mikhail Fishman, editor of Russian Newsweek, and Dmitry Oreshkin. Another video also included footage of Fishman with cocaine and a young woman titled, “Fishman Were an Addict.” The video featured Fishman snorting drugs with “Katya.” Ilya Yashin recognized the girl and the location.³⁷ Victor Shenderovich was trapped in a 2010 Kompromat operation where a video of his liaison with a young woman forced him to go public. The Russian satirist had to admit in a blog post he also had sex with the young woman named “Katya” after being told a video of him had surfaced on the internet.³⁸ He was married and a father; it effectively shut him up.

In 2015, Vladimir Bukovsky was set to testify in the case of murdered KGB officer Alexander Litvinenko when he was arrested for having child pornography on his computer. His house was raided before he could testify.³⁹ He subsequently sued UK prosecution, claiming his innocence.⁴⁰ It is widely believed that the Russian intelligence hackers may have planted the pornography surreptitiously without ever entering his home.

In 2016, Russian television network NTV broadcast a video of Natalia Pelevina having an affair with Mikhail Kasyanov. Pelevina says the video was set up by the FSB under orders by Putin. She was another activist focused on the Magnitsky Justice Campaign. This campaign led to American sanctions that tied up billions of dollars of oligarch money. Mikhail Kasyanov was married, and the video was filmed in a private apartment he owned. Kasyanov was chair of PARNAS, an opposition party to Putin. The video was seen by millions of Russians on NTV.

These activities were not limited to Russian opposition. Attempts on American diplomats continue, including the active measure run against US State Department political officer Brendan Kyle Hatcher. Hatcher focused on human rights in Russia and was subjected to an intense surveillance and Kompromat campaign. In 2009, a heavily edited video was posted to a Russian website for the newspaper Komsomolskaya Pravda attempting to show Hatcher with a prostitute. What the video does show is Hatcher, who is married, on the street talking on a mobile phone under FSB surveillance. The video then shows his hotel room, with him in it alone, filmed with hidden cameras from all angles. It cuts to the same darkened room with supposedly a man and a woman having sex but there is no way to tell whether it’s Hatcher. The State Department came out and declared the video a cheap forgery and continued to support Hatcher as a “good officer.”⁴¹

Kompromat was acquired traditionally through photography, videos, theft of letters, and audio recordings. In the modern world, it would be the advent of computer technology and digital mobile technology where anyone could be a victim of Kompromat. Additionally, modern computer networks were susceptible to theft. Everyone stores email, personal photos, and organizational secrets on computer networks, and those, if hacked, would be a treasure chest Russian intelligence would want to access. Hacking computers, cracking secure encryption networks and phreaking telephone systems, was a specialized active measure that was the domain of two Russian intelligence organizations, the FSB and the GRU.

The Soviet Union historically lagged way behind the American technology curve when it came to computers. For the Soviets, the first computers were utilized for missile control and cryptography. In 1948, Soviet scientist Sergei Alexeyevich Lebedev directed the design of the first Soviet computer called the “small electronic calculating machine,” or MESM. By 1950, the 6,000 vacuum tube–filled machine was operational.⁴² Despite the advance in computing, the mindset of the Kremlin under Stalin was aimed at human intelligence and openly disdainful of the use of computers. Decades later, the first Russian internet service provider, DEMOS, was established in 1989. This was 20 years behind the Western establishment of the internet created by DARPA and Stanford University. In Russia, the first networks connected research organizations only. The Soviet’s first contact with the global internet occurred on August 28, 1990, with an email exchange between Kurchatov Institute and Helsinki, Finland.⁴³ The first Soviet Union domain (.su) was registered September 19, 1990.⁴⁴

The First Hacking Campaigns

The first well known hacker of US assets for the KGB was a German named Markus Hess. He had been tapped by the KGB to steal technology secrets in the mid-1980s. Hess hacked into the Lawrence Berkley National Laboratory (LBL) systems from his location in Hanover, West Germany. Using his access through the LBL systems, he went on to compromise additional systems including computers belonging to the US Army, Air Force, and Navy. He was caught after being tracked by a systems administrator at LBL named Clifford Stoll. Stoll baited the unknown attacker with a honey pot plan. The plan involved planted documents that would lure the attacker into sustaining a data connection that allowed investigators to trace the origin of the attack. This led to the arrest of Markus Hess, Dirk Brzezinsky, Karl Koch, and Peter Carl in March 1989. Koch would die in May 1989 before trial, and the remaining three were given suspended sentences.⁴⁵

The four men were loosely affiliated with a group of hackers named the Chaos Computer Club (CCC), the oldest and largest organization of hackers in Europe. Dating back to 1981, the CCC was focused on exposing information of governments it deemed intrusive. In this capacity, the CCC was a perfect target for the KGB to seek recruitment that would give plausible deniability and a Useful Idiot to take the fall. Decades later, much of the philosophy that drove the CCC could be found in one of the attendees of its 2007 conference, a former hacker named Julian Assange. Assange presented his idea of WikiLeaks to the CCC’s yearly congress accompanied by his server tech partner, Daniel Domsheit-Berg.⁴⁶

Operation Moonlight Maze

Author Fred Kaplan wrote the book Dark Territory: The Secret History of Cyberwarfare, a true-life spy story of how a massive Russian intelligence network hacked US defense computers and were caught in an operation known as MOONLIGHT MAZE. In 1997, eight years after the first Russian ISP was launched, the first substantial Russian cyber-attack against the West via computer systems involved a massive campaign to infiltrate computers in various educational, government, and military systems stretching around the United States.

The connections were happening outside the normal business hours and from networks around the world. What investigators noticed was that the attacker had a particular goal in mind, was patient about getting to the targets, and demonstrated sophisticated though not perfect operational security (OPSEC). This included attempts to obfuscate or eliminate the tracks of entry. As analysts and investigators were working to detect the source of a series of breaches, the NSA set a trap for the hacker. Using a technique developed by Clifford Stoll, the man who caught the German hackers years before with a honey trap, the new plan involved adding code to the NSA program to respond like a beacon. The effort ultimately resulted in the NSA tracking the stolen material back to a Moscow IP emanating from the Russian Academy of Sciences.

In 1999, because of these events, Deputy Secretary of Defense John Hamre would say, “We’re in the middle of a cyberwar.”⁴⁷ Little did he know the United States was barely at the beginning of a protracted decades-long online war without an ending in sight. Targeting the United States would include not only the use of military and government agency hackers, but also the use of proxies like independent hackers, hacking groups, and criminals from multiple countries; but the largest and most aggressive was the new Russian Federation. Using both criminal and contracted proxy hackers would be cost effective and would give the government plausible deniability.

Independent hackers were driven by their own economic agendas and thus the government wouldn’t have to support them. This would allow Moscow to build an unpaid army of hackers, trolls, and propagandists who could be driven by their own ambitions and yet interfere with attribution. In cyber warfare, attribution is key to identifying the target for defense or retaliation campaigns.

One seemingly unique characteristic of Russian hacking efforts was the fusion of government, business, and criminals into the CYBER BEARS. While it was not unheard of to have a former hacker go to work for the United States after serving time or paying a penalty, in Russia it was a full-blown art. Hackers in Russia had a single rule to live by, hack whoever you want, so long as you don’t hack a Russian. Doing so would guarantee a knock on the door by the FSB.

One hacker became notorious in the game of nation-state cyber battles: Evgeniy Bogachev. Bogachev was named in a report by US intelligence agencies about the Russian effort to hack the 2016 election. With a list of hackings that dated back to at least 2006, Bogachev was accused of stealing millions using a Trojan malware named Zeus, and a ransomware set called CryptoLocker. The Zeus Trojan was used to steal credentials that were ultimately used to access financial institutions. Bogachev was accused of using a botnet named Gameover Zeus to spread CryptoLocker across the web. It was taken down in an international effort dubbed Operation Tovar. Operation Tovar was one of the largest international campaigns to disrupt criminal cyber activity and included law enforcement from eleven countries and numerous private cybersecurity companies.

Known under his screen names “lucky12345” or “slavik,” Bogachev was just one of many Russian criminals believed to have ultimately helped the Russian government in its efforts to penetrate US and European assets. Another hacker who was allegedly recruited by the Russian government was Alexey Belan. Belan was accused of stealing Yahoo! user credentials in 2014. Bogachev was indicted in August 2012.⁴⁸ Belan was indicted and listed on the FBI’s most wanted list in March 2017.⁴⁹ Both Bogachev and Belan were allegedly recruited by FSB officers Dmitry Dukochaev and Igor Sushchin, according to an indictment released March 15, 2017.⁵⁰ These hackers represent a fraction of the hackers who conducted activities for Russian intelligence over the last 20 years. For the Russian effort to flip the West into its column in the 2016 American and 2017 European elections they would employ the entirety of their national active measures. Every resource was applied from hacking to Kompromat to their national specialty, employing fake news.

“Wet Work”—Murder by Assassination

Assassinations had been a key part in Russian active measures since the birth of the nation, but the Soviet Union made it an art form. From the pre-Soviet days, officers of the Tsar were murdered as an act of “capital punishment” for crimes against the people. For example, several attempts were made to kill the Tsar’s family advisor, the strange mystic Rasputin. After attempts to murder him by stabbing, and then with poison, he was ultimately shot and dumped in the Malaya Nevka River.

The first leader of the Soviet Union, Vladimir Illyich Lenin, was targeted for assassination just after the 1917 Revolution. In January 1918, shots were fired at his vehicle, allegedly by members of the White Guard, on his way to Smolny Palace. His life was saved by a Swiss Communist Fritz Platten who was riding alongside Lenin’s vehicle. He covered Lenin from the gunfire with his own body. In August 1918, Fanny Kaplan also attempted to assassinate Lenin. Though Kaplan seriously injured Lenin, he survived; Kaplan was tried and executed.

Thus, a revolution born of blood would continue with more blood as eventually Josef Stalin took the helm of Soviet power. Over 30 years he used both mass executions and targeted assassinations as a means to control opposition who were dubbed “enemies of the people.” Dating back to 1926 when Vyacheslav Menzhinsky set up the “Administration of Special Tasks,” the Russian intelligence services have been carrying out “Wet Jobs.” “Wet Job,” or mokroye delo (), was the term used by the KGB to define assassination operations.⁵¹ The department was responsible for assassinations, kidnappings, and sabotage. Special tasks, as they were called, were handled by the KGB’s Operational and Technical Directorate (OTU).⁵²

“My task would be to mobilize all available NKVD resources to eliminate Trotsky, the worst enemy of the people,” said Pavel Sudoplatov in his book Special Tasks. “I was responsible for Trotsky’s assassination.”⁵³ And eliminate Trotsky, they did. On August 21, 1940, in Mexico City, Trotsky died after being repeatedly struck with an axe by Jaime Ramón Mercader del Río, an NKVD agent originally from Spain. Trotsky was one of many who were targeted by Stalin as he sought to destroy all opposition to the Kremlin’s ideologically driven objectives.

After the fall of the Soviet Union and the rebranding of the KGB to the FSB and SVR, the tasks of targeted assassinations continued unabated. From the 1990s on, the “special tasks” were aimed at critics of the Kremlin and the aligned oligarchs as the country shifted from its communist days to the corrupt “mafia state” as it was called by former KGB/FSB officer, Alexander Litvinenko.

Alexander Litvinenko and Boris Berezovsky

Alexander Walterovich Litvinenko had served in both the KGB and FSB in multiple roles but mainly counterintelligence. In the 1990s, Litvinenko was tasked with assignments focused on organized crime, a role that would become more important after the fall of the Soviet Union as crime bosses vied to take control over resources and officials. Additionally, he was tasked with responsibilities that took him to the heart of the Chechen war as he shifted from his KGB role to one in the FSB.

One key role that would foreshadow his fate was his work as security for Boris Berezovsky, a Russian oligarch who made his wealth in the early days of the post-Soviet era. In 1994, Berezovsky’s life was nearly ended when he was targeted with a car bomb that killed his driver. Litvinenko was tasked with investigating the attack. Ironically, Berezovsky was accused twice of ordering assassinations, including the murder of the mayor of Moscow, Yuri Luzhkov.⁵⁴ Berezovsky had known Putin for many years, and in the 1990s was clearly close to the former KGB officer turned FSB head. But later Berezovsky openly criticized Putin over his increasingly authoritarian policies and specific events like the death of Russian sailors in the Kursk submarine. As a result, Berezovsky went into exile, and Putin’s government ate up all of his media and oil businesses. But back home, this didn’t stop Putin from hunting him as he was charged with embezzling and being a crime boss. Despite these charges, it was Berezovsky who called Putin a “gangster” and “terrorist number one.” He said he intended to topple Putin and force regime change. As a result, Berezovsky became a target for assassination. In 2003 and 2007 he was targeted again—each unsuccessful.⁵⁵

Litvinenko had grown more critical of the corruption of Russian law enforcement. The very agencies tasked to control crime were now cooperating in a full-on Mafia state. It was Berezovsky who had introduced Putin to Litvinenko in the late 1990s as Putin became leader of the FSB. Yet when Litvinenko turned to Putin about cases of corrupt officials, he was not only rebuffed, but hampered in his investigations. He went public with accusations about this corruption on November 17, 1998, with fellow officers and was subsequently fired for his bold act.⁵⁶ Putin proudly took responsibility for firing Litvinenko in an interview.⁵⁷

Subsequently, Litvinenko sought and was granted exile in the United Kingdom in May 2001. But back in Russia he became an enemy of the state. In his new life, Litvinenko would begin working with British intelligence to expose the Russian corruption, which increased his risks as a target. In Russia, nothing would be worse than a former FSB agent cooperating with MI6. Now the world would hear from yet another Russian defector about the efforts of Russia to sow terror around the world. He echoed the words of others who tied Russian intelligence with terrorists around the world. His book, Blowing Up Russia, Terror from Within, was an exposé on the use of terrorism to bolster Putin’s grip on Russian authority. As more terror events unfolded in Russia, Litvinenko would be quick to tie them to the FSB.

Journalist Anna Politkovskaya was targeted several times for assassinations, including being held in 2001 and subjected to a mock execution. After she repeatedly wrote about the human rights abuses and handling of the Chechen war she survived a poisoning attempt during a flight on the way to help those taken hostage in Beslan. Chechen leader Ramzan Kadryov told her, “You are an enemy, to be shot.” She was assassinated in her Moscow apartment elevator on October 7, 2006. She had been shot twice in the chest, once in shoulder, and finished with a coup de grâce to the head.

After Anna Politkovskaya was murdered, Litvinenko pointed the finger at Putin for her assassination. On November 1, 2006, he turned violently ill. On November 23, he died of poisoning. At some point an assassin gave him the radioactive isotope, polonium-210, which he unknowingly ingested. Subsequently, the British authorities launched a massive investigation and held public hearings to discuss the death of the former FSB officer. The two suspects were named: Dmitry Kovtun and Andrei Logovoy. In January 2007, British investigators formally indicted the assassins, but despite requests to extradite the suspects, Russia refused to turn them over. Years of investigations went by until the British government accused Nikolai Patrushev and Vladimir Putin of ordering the assassination in 2015.

Back in Russia, the Putin propaganda machine had their own suspect. They blamed Boris Berezovsky. Though they offered no proof of these claims. Even though traces of polonium were found in Berezovsky’s office, it was not surprising since Litvinenko had visited the former oligarch after he was already ill. After he was accused of murdering his friend, Berezovsky sued the Russian television channel, RTR Planeta, and was awarded damages in 2010.⁵⁸ Ultimately, like his friend, Berezovsky was killed in March 2013. His body was found hanging, and though the coroner found that the death was a suicide, another pathologist hired by his family claimed that upon closer examination the death didn’t appear to be a suicide.

Journalists were a ubiquitous target for assassinations. Anna Politkovskaya was just an example. Natalia Estemirova was abducted and murdered on July 15, 2009, after having covered the human rights abuses in Chechnya including kidnappings, torture, and executions by the Russian government. Yuri Shchekochikhin was an investigative journalist who covered government corruption and human rights abuses, and like Politkovskaya and Estemirova, the Chechen wars. He was poisoned in June 2003 and died weeks later on July 3, 2003. It was suggested to many that he, like Litvinenko, was poisoned with radioactive materials though the Russians would never release his autopsy records.⁵⁹

Other political critics of Putin have been murdered, including liberal politician Boris Nemtsov. Nemtsov had been an activist for decades before he was murdered on February 27, 2015. From his early days protesting the disastrous Chernobyl meltdown to his opposition of Viktor Yanukovych, Nemtsov led a lengthy career of calling for reform. He served as a governor for Nizhny Novgorod oblast after being appointed by Boris Yeltsin in late 1991.⁶⁰ He was later elected to the Federation Council in 1993, and by 1997, had risen to become First Deputy Prime Minister.

But after Putin came to power, Nemtsov would become one of his chief critics. With other critics like chess master Garry Kasparov and Vladimir Kara-Murza, Nemtsov repeatedly called out Putin as an autocrat. In 2007, he was going to run for President of Russia but withdrew and threw his support to Mikhail Kasyanov of the People’s Democratic Union. The same month, he joined Kasparov in creating the Solidarity (Solidarnost) movement. Shortly after, he was attacked by three men who were in the Nashi youth movement.⁶¹

After Nemtsov signed on with the Putin Must Go manifesto in March 2010 and helped develop a report, “Putin: Results-10 years,” the website hosting the report was targeted with a DDoS attack.⁶² When Nemtsov and his allies levied their criticisms at Putin, he responded with claims that they were attempting to fill their pockets. This didn’t dissuade Nemtsov who again accused Putin of corruption during the Sochi Olympics with claims of embezzling the funds that were meant for security.

After the Russian invasion of Crimea, Nemtsov published an op-ed in the Kyiv Post blaming Vladimir Putin. He said, “Putin is trying to dissect Ukraine and create in the east of the country a puppet state, Novorossiya, that is fully economically and politically controlled by the Kremlin.” Novorossiya translates to New Russia and is one of the calling cries of the pro-Kremlin nationalist groups including the Rodina party. But Nemtsov went on further to point out that the real reason had more to do with the natural resources in the area: “It’s crucial for his clan to control metallurg in the east of Ukraine, as well as its military-industrial complex,” and that “Ukraine is rich in shale gas which would create real competition for the business of Putin’s Gazprom.”⁶³

Nemtsov was keenly aware that he was a target. He had been arrested many times under Putin’s regime including in 2007, 2010, and 2011. Just like Putin-critic Alexey Navalny, Nemtsov was arrested for “unauthorized protests,” which only proved his lingering point that Putin was an authoritarian. He stated he was afraid for his life but that it wouldn’t dissuade him, “If I were afraid of Putin, I wouldn’t be in this line of work.”⁶⁴

Nemtsov’s fears would materialize on the night of February 27, 2015, when he was gunned down on the Bolshoy Moskvoretsky Bridge in Moscow right in front of the Kremlin. The reaction around the world was strong with activists and leaders issuing strong rebukes and pointing the finger at the Kremlin and the FSB. But officially the Kremlin blamed five Chechen men who worked for Ramzan Kadryov.⁶⁵

While there are many who were murdered by the Kremlin, not every attempt proved successful. Notably, Boris Nemtsov’s friend, Vladimir Kara-Murza, was targeted at least twice and both times the Kremlin failed.⁶⁶

Oleg Erovinkin had served with the KGB starting in 1976. He was mysteriously killed in Moscow and found in a Rosneft company car, a black Lexus, on December 26, 2017. Erovinkin had been serving as Chief of Staff to Igor Sechin since May 2008, when he was appointed by Vladimir Putin.⁶⁷ It was also suspected that Erovinkin had been a source for the Steele Dossier that exposed the Trump campaign’s Russian efforts.⁶⁸ In the Steele Dossier, one entry mentioned a source who was in contact with Igor Sechin. The July 19, 2016, entry said, “a Russian source close to Rosneft President, PUTIN close associate and US-sanctioned individual, Igor SECHIN, confided the details of a recent secret meeting between him and” Carter Page, who was acting as an advisor to Donald Trump.⁶⁹ However, the official cause of death was listed as a heart attack. His death happened well after the news and details in the Steele Dossier were released. If it was true that Erovinkin had discussed the meeting with Steele or other conduits, this would have been a threat to the Kremlin’s operational security as it sought to cultivate Carter Page to be used as an agent of influence over Trump.

On March 4, 2018, former Russian spy Sergei Skripal and his daughter Yulia were found by police slumped over each other on a bench with their eyes rolled back in their heads in a Salsbury, England, park. Skripal was a colonel and former Russian military intelligence officer of the GRU who retired in 1999. During his time at the GRU, he was recruited by British intelligence where he worked to identify FSB, SVR, and GRU intelligence agents. He was later found out and arrested in Moscow in 2004 and charged with high treason for being a spy for MI6, the British intelligence service. He was sentenced to 13 years in prison, but was likely being held as a bargaining chip for other Russian spies. That chip was cashed in July 2010 when Skripal was handed over to the UK as part of a spy swap that returned ten Russian “illegals” captured in the US, including celebrity spy Anna Chapman. Experts say Skripal was poisoned with a military grade nerve agent known as Novichok. This class of chemical weapon is eight times more deadly than VX, which can kill in less than a minute.

In addition to Skripal, three responding police officers were hospitalized. Twenty-one others who came into physical contact with them or surfaces they had touched were affected by the Novichok chemical agent. Skripal was a close friend of Christopher Steele, famous for his work on the “Trump dossier.” Some have suggested the attack was a result of this association, as it appeared that Vladimir Putin was cleaning up former Russian intelligence officers who may have betrayed the Kremlin’s interests.⁷⁰

Prime Minister Theresa May went before Parliament and excoriated Moscow. May said, “Either this was a direct action by the Russian state against our country, or the Russian government lost control of its potentially catastrophically damaging nerve agent and allowed it to get into the hands of others.”⁷¹

On March 22, 2018, the British government responded by kicking 23 Russian diplomats out of the country. British officials also said other diplomatic activities would be suspended. Under Article 5 of the NATO charter, the UK was within in its power to call upon allies to respond against Russia. In the United States, Donald Trump was relatively silent on the issue. His normal barrage of tweets had no mention of the case. The soon-to-be-fired Secretary of State Rex Tillerson said that the attack “clearly came from Russia,” and that the United States would react to the event. However, White House spokesperson Sarah Huckabee Sanders failed to hold the Russians to task on the matter. After days of criticism, UN Ambassador Nikki Haley finally agreed with Britain that Russia was responsible, but Donald Trump refused to mention Russia and Putin by name.

The Russian response was a mixture of mockery to the British claims. It was a reminder that the Kremlin never forgives. “Traitors will kick the bucket,” said Putin to a television audience in 2010.⁷² In a March 2018 interview with NBC host Megyn Kelly, Putin said, “not everything can be forgiven… in particular betrayal.”⁷³ That same day on Russian television, TV anchor Kirill Kleimenov said that Skripal was “by training, a traitor to his country,” and warned that “being a traitor is one of the most dangerous professions in the world.”⁷⁴ British officials who were stunned that state TV would brag about their deed threatened to remove RT network from British airwaves in response to the Skripal attack.⁷⁵

It took a state-sponsored chemical weapon of mass destruction terrorist attack on the territory of our closest NATO ally to understand that Putin was now using all tools at the state’s disposal to punish traitors. Like a professional terrorist leader, Putin understood that the intended audience of the attack was not the immediate victims—it was anyone who dared cross the spymaster-in-chief, including all Russian diaspora. The other part of the message was that if Russia calls on anyone, including its spies and assets to assist the FSB or GRU, they had better understand the stakes of refusal.