Special Report: Russian intelligence’s very bad year

HUMINT lessons learned in 2022; implications for a Taiwan contingency

Some housekeeping notes: I plan to dedicate more time to analytical deep dives in 2023, with an emphasis on the energy war Putin has launched against the West.

There have been some interesting China-Russia energy developments this past week, as CCP General Secretary Xi Jinping met with Turkmenistan President Serdar Berdimuhamedov this week and issued a rather striking joint statement. According to the PRC Foreign Ministry, “Natural gas cooperation is the cornerstone of China-Turkmenistan relations, and greater cooperation in this area serves the strategic and long-term interests of both countries. The two sides need to advance cooperation on major projects at a faster pace, and unlock cooperation potential in such areas as green energy, natural gas utilization, energy technologies and equipment to promote cooperation across the industrial chain.”

Since Turkmenistan and Russia directly compete in Chinese natural gas markets, the Xi-Berdimuhamedov meeting should raise some eyebrows, particularly since, at least according to official data, Gazprom delivered only 15 billion cubic meters of natural gas to China in 2022 via its Power of Siberia (PoS) pipeline. Gazprom’s deliveries to China were lower than expected, as Amy Myers Jaffe and I estimated earlier this summer that Russia would ship 16 bcm. With Moscow also claiming the PoS won’t deliver its full capacity until 2027, two years later than agreed, Beijing may be turning to Ashgabat (and, potentially, US LNG) for more reliable natural gas supply. Much more on this and other energy topics in 2023, as constitutional democracy must defeat Putin in the energy war.

For a recap of China-Russia relations in 2022, I’ve written a piece in The Diplomat.

I was required to stay in DC for work over the holiday, but was less busy than anticipated. This gave me some time to write the rather long article included below, which I hope you’ll nevertheless find informative and interesting. I’ll be in Abu Dhabi on a work trip for the next couple of weeks, after which The Report will be back with a standard issue in late January (hopefully).

Russian intelligence’s very bad year  

Next year could be even worse.

Soviet and Russian spies used to be the stuff of legend. From the fictional feats of John Le Carre’s Karla or the Jennings duo on the TV show The Americans, to the real-world exploits of operatives such as Teodor Maly and Mark Zborowski, Soviet intelligence officers and their Russian successors have correctly enjoyed a reputation as the world’s most skillful espionage practitioners.

With the Russian intelligence complex experiencing visible, systemic failures in 2022, however, it’s time to reassess its reputation. Russian security services remain a highly capable actors and, admittedly, may have achieved significant (but non-public) successes this year, due to the inherent opacity of intelligence work. But their weaknesses are increasingly glaring. Russian security services’ analytical deficiencies have been compounded by Putin’s extraordinarily poor war planning and execution. Russia’s signals intelligence (SIGINT) complex is proving increasingly leaky, while its human intelligence (HUMINT) operators are straining under greater tasking with fewer personnel, risking the probability of detection and operational failure. Russia has traditionally excelled at HUMINT, but a wartime operational tempo and fundamental technological changes are eroding this capability and leading to the unraveling of Russia’s spy networks. Russian intelligence had a very bad 2022, but next year could see an even greater crack up. At the same time, Russian security services may be seeking to use their scarce resources to intervene even more openly in future Western elections and empower Kremlin-adjacent populists. The West appears to have won several major espionage victories in 2022, but it must continue degrading Russia’s malign intelligence capabilities in 2023.

Putin proved in 2022 that he is not as competent as feared

The Russian intelligence community’s 2022 failures start at the top, with Vladimir Putin, the “King of the Spies,” to borrow Mark Galeotti’s framing. While Putin was a longstanding KGB counterintelligence officer, the war exposed Vladimir Putin’s misunderstanding of fundamental elements of power, including 21st century espionage. As The Report wrote in early March 2022:

“Putin tried to conceal his plans from everyone – Western technical intelligence, potential Western spies in the Russian policymaking and security apparatus, and, apparently, the Russian military. Putin’s attempts to conceal the invasion failed utterly; he valued secrecy over operational efficiency but obtained neither. Indeed, the 69-year-old, like many intelligence officers from the pre-digital age, seems to have failed to grasp how technology – satellites, cellphones, computers, cameras, etc – has produced a revolution in intelligence affairs.”

Putin’s obsession with secrecy, while useful in many intelligence and counterintelligence contexts, proved disastrous for coordinating a complex, joint operation.

The FSB’s blunders in preparing the invasion of Ukraine

Vladimir Putin’s disastrous decision to invade Ukraine largely reflected his own profound misjudgments, but Russia’s intelligence services were hardly blameless. Most “intelligence failures” are actually policymaking errors, as decision makers often cherry-pick intelligence to confirm their biases or simply ignore unpleasant information. Putin’s decades-long denial of a separate Ukrainian sovereignty and identify certainly left him predisposed to accept estimates of an easy invasion. Russian security services, however, especially the Federal Security Service (FSB)’s Fifth Service, eagerly confirmed Putin’s biases, aggravating the most significant military disaster in Russian history since at least the Soviet invasion of Afghanistan in 1979.

The FSB, more than any other Russian security service, bears the brunt of the blame for Moscow’s disastrous invasion of Ukraine. The FSB is Russia’s chief domestic intelligence service but leads security efforts in countries formerly in the Soviet Union; it is also arguably the most powerful actor in the Russian intelligence ecosystem. Acting on inaccurate information from the FSB’s Fifth Service and poor campaign plans, columns of Russia’s Rosgvardia national guard entered Ukraine without substantial armored protection. The result was a bloodbath: Rosgvardia units are essentially riot police and their lightly-armored vehicles were easily picked apart by Ukrainian soldiers employing Javelins, NLAWs, and other heavy weapons.

The Rosgvardia foul-up was a symptom of a far larger problem: the FSB’s overconfidence. According to reporting from the Washington Post, FSB officers spent their final pre-invasion days preparing accommodations in Kyiv. The Russian military’s war plans proved wildly unrealistic due to faulty, overconfident FSB estimates, as stout Ukrainian resistance first prevented Russian forces from capturing Kyiv then drove the invaders back in the later phases of the war.

In response to the FSB Fifth Department’s failures, Putin reportedly jailed its director, Colonel-General Sergei Beseda, although later reporting suggests Beseda is still active. While Putin is primarily responsible for the analytical (not to mention moral) failures that drove Russia’s invasion of Ukraine, the FSB’s failure shaped the crucial, initial stages of a war that is degrading the Russian intelligence complex.

Russia’s porous SIGINT defenses and overestimated offensive capabilities

Russia’s force structures, or the siloviki, have long enjoyed a enjoyed a reputation as one of the world’s most capable cyber actors. It seems increasingly likely that their capabilities were overestimated before the war and are only getting worse, however. Russian signals intelligence (SIGINT), or “cyber” defensive capabilities have long been regarded as relatively porous, which the war seems to have confirmed: Western security services enjoyed extraordinary, near-real time insight into Russian war planning as high-ranking commanders reportedly discussed war plans on non-secure networks. Moreover, an onslaught of Russian offensive cyberattacks against Ukraine and, potentially, other Western targets, have not materialized despite fears. While Russian cyber knowhow, especially offensive capabilities, shouldn’t be dismissed, there’s a growing body of evidence suggesting that Russia’s SIGINT abilities are less advanced than feared before the war. Finally, with some reports finding over 30% of Russian IT professionals have fled the country, Russia’s cyber capabilities will likely deteriorate further.

Signals intelligence (SIGINT), refers to intelligence collected from electronic transmissions that can be collected by ships, planes, ground sites, or satellites; communications intelligence (COMINT), or information gleaned from communications intercepts (such as phone calls, emails, etc), is a subset of SIGINT. Russian security services have been a very active player in SIGINT, particularly offensive SIGINT: they very likely implanted the “agent.btz” malware which infiltrated the US Central Command’s computer systems in 2008; engaged in an audacious hack-and-release campaign in 2016 after listening to the requests of a US Presidential candidate, potentially altering the election’s outcome; and broke into Treasury and Commerce Department email systems.

Despite this storied (some would say sordid) history of offensive cyber operations, Russian SIGINT defenses are extremely porous and, in some cases, nearly non-existent. Non-state actors such as Bellingcat have been able to acquire incriminating information about Navalny’s FSB stalkers by simply purchasing the data for a small fee from data merchants, while Vladimir Putin’s talk at the St. Petersburg International Economic Forum was delayed by over 100 minutes due to hackers. It doesn’t take much creativity to imagine how a vastly more capable state actor, such as Ukraine, might take advantage of Russia’s extremely porous cyber defenses. Indeed, Ramzan Kadyrov, the brutal warlord of Russia’s Chechnya, reportedly revealed Russia’s invasion plans on an open phone line, providing critical tactical intelligence about the impending invasion. Astonishingly, Russian military forces continued to use unsecured communication devices and lines after the invasion, creating targeting opportunities for Ukrainian military intelligence.

While Russia’s defensive cyber capabilities have failed to meet even low external expectations, its cyber offensive capabilities in the post-invasion period have, so far, proved less fearsome than originally anticipated. On February 15th, a little over a week before the invasion, Ukrainian government websites and banks were shut down by a cyberattack, presumably from Russia. This attack was noxious but appears to have done little to nothing to degrade Ukraine’s ability to resist. Russian cyber forces also reportedly attempted – and failed – to knock out a section of the Ukrainian power grid that would have caused an electricity blackout for 2 million people. Finally, the Russian military’s kinetic attacks on the Ukrainian electricity grid are not only heinous but may also reveal Russia’s offensive SIGINT weaknesses: instead of employing inexpensive cyber capabilities, Russian armed forces are depleting their scarce precision-guided munitions inventory and firing missiles at Ukrainian electricity infrastructure.

Gavin Wilde’s outstanding deep dive into Russian cyber warfare for Carnegie provides highly credible explanations for Moscow’s cyber shortcomings. First, Russian cybercommands may be optimized for counterpropaganda, not offensive cyber operations. Wilde also hypothesizes that Russia’s premier offensive cyber capacities are housed within agencies focused on intelligence and subversion – not combined-arms warfare. Finally, Wilde writes that pervasive optimism bias in the run-up to the invasion may have inhibited Moscow’s cyber performance, as Russian planners believed they could capture vast portions of Ukraine intact. Intriguingly, Wilde found “The FSB likely held an institutional view of Ukraine as part of its own home turf, potentially disinclining it from damaging crucial Ukrainian infrastructure that Russia would itself require in an invasion and occupation.”

Finally, the mass exodus of Russian IT professionals may be the most profound and damaging consequence of the war for Russian SIGINT, and the Russian intelligence ecosystem more broadly. Some reporting suggests 3-in-10 Russian IT professionals have fled for other countries, taking with them valuable skills, institutional knowledge and, in some cases, classified intelligence. Russia intelligence’s remaining IT workforce will likely have fewer personnel to accomplish more tasks due to the war, impairing its SIGINT efficiency.

Let’s be clear: Russia possesses significant cyber capabilities, especially offensive capabilities, and can do real damage to the United States and its allies, friends, and partners. Russian hacking groups have successfully breached US critical infrastructure, including the infamous Colonial Pipeline hack in May 2021. Still, Russia’s poor wartime cyber efforts and the exodus of Russian IT professionals, along with the centrality of technology in 21st century espionage, raise questions about Russia’s ability to keep pace with the world’s leading technological and intelligence powers.

The SVR is burning its most exquisite capabilities

Perhaps the most damaging outcome of the war on Russian intelligence is the rapid erosion of spy networks controlled by the Foreign Intelligence Service (SVR), Russia’s premier civilian intelligence service. The war is attriting some of Russia’s most exquisite intelligence capabilities, such as Russian intelligence officers operating under deep cover and Western moles working for Russia. 

Intelligence officers operating under non-official cover (NOC) are among an intelligence service’s most valuable assets: unlike intelligence officers operating under official cover, typically at an embassy, NOCs do not enjoy diplomatic immunity and have no official ties with their government, placing them at severe risk if uncovered. Consequently, NOCs are typically highly skilled and extraordinarily committed to their mission, while their actions can be denied by their government (with varying degrees of plausibility). Russian security services, continuing Soviet traditions, have employed NOCs operating under illegal cover, such as the infamous Anna Chapman spy ring.

Putin’s invasion of Ukraine is pressuring their NOC assets. Wartime requirements have increased the tempo of Russian intelligence operations, while Western countries’ expulsion of Russian intelligence officers operating under official cover is reducing the ability of the SVR to run assets via “normal” channels, via its embassies and consulates. Accordingly, the SVR has been forced to lean heavily on its NOC assets, substantially raising their probability of detection and detention.

While cultivating NOCs and their spies is costly and takes years or even decades to develop, the invasion may have dismantled key Russian spy networks in a matter of months, as several Russian NOCs and at least one very high-ranking Russian mole in German intelligence have been arrested. Moreover, since counterintelligence investigations often take months or even years before action is taken, Western security services are likely in the intermediate or closing stages of more arrests or operational neutralization.

While much intelligence data is non-public, for obvious reasons, public evidence suggests it has been a very difficult year for Russian intelligence officers and their agents. In June, Dutch authorities refused entry to a Russian NOC posing as a Brazilian but secretly working for Russia’s military intelligence service, the GRU, sending him back to Brazil, where he was sentenced to 15 years imprisonment. In late November, Swedish authorities raided the house of a Russian couple believed to be tied to the GRU; the couple may also have handled two brothers in the Swedish force structures who are accused of spying for Moscow over a 10-year period. Norway, meanwhile, has arrested a Russian man purportedly researching Arctic policy but allegedly spying for Russian security services, while several Russian citizens have been detained for flying drones near Norway’s critical oil and gas infrastructure. Austrian authorities are also investigating a Greek national who very likely spied for Russia for years, as a search of his home uncovered specialized equipment.

Other arrests and captures may be even more significant. An alleged, high-ranking mole in Germany’s Federal Intelligence Service technical reconnaissance department was arrested by German counterintelligence authorities on December 21st after reportedly passing classified information to Moscow. The agent was very likely one of Russia’s most valuable sources until his capture.

The series of arrests and captures was very likely the product of efficient counterintelligence work by Western security services. Still, the scope and significance of these Western arrests could raise fears in Moscow that Western intelligence has achieved technical access to Russian secrets or, potentially even worse for Moscow, burrowed its own mole or network of moles inside Russian intelligence. With Vladimir Putin’s immoral, ruinous, and reckless war leading to the deaths of tens of thousands of Russians and Ukrainians, and plunging countless more in Russia, Ukraine, and beyond into poverty and squalor, it would not be a surprise if a Russians, acting out of patriotic duty, stood up to undercut Putin’s war and restore peace by cooperating with Western intelligence.

While it’s impossible to publicly measure trends in intelligence, due to its secretive nature, Russian spy networks do appear to be suffering blows in some of their highest priority theaters. Moreover, because counterintelligence operations take months, years, or even longer, 2023 could see further unraveling of Russian spy networks, although some of these results may not become public for a long time.

This is no time for triumphalism: a note of caution about Russian and Chinese security services

While 2022 exposed weaknesses in the Russian intelligence community, Russian security services remain formidable. The SVR remains expert in human intelligence; the GRU’s brazen attacks in the Czech Republic and Salisbury, England demonstrate it remains capable of blunt, unsubtle force; and the FSB is unimpressive but probably effective and loyal enough to suppress domestic protests and any elite move against Putin. While the Russian intelligence complex has performed poorly in 2022, it would be unwise to assume it is incapable of adaption. Russian security services may overhaul practices or scale back unachievable ambitions. An underrated risk is that Putin will seek to intervene even more openly in Western elections, including via energy and economic levers. Putin and the Russian force structures are down, not out.

Other lessons must be applied to constrain the sharp power of another, much more capable competitor: the People’s Republic of China. It would be a mistake to assume that Chinese intelligence is overrated just because Russian efforts failed miserably in 2022: PRC intelligence services draw from vastly more resources than their Russian counterparts, are extraordinarily capable cyber actors, and have different ways, means and ends.

Still, lessons learned from Russia’s invasion of Ukraine could limit PRC HUMINT in potential wartime contingencies. While fears of being accused of warmongering may have prevented Washington and Brussels from expelling suspected Russian intelligence officers prior to the invasion, post-invasion expulsions are clearly degrading Russian intelligence operations. Consequently, if the People’s Republic of China ever appears likely to invade Taiwan, or apply other significant coercive measures, the US and its allies, friends, and partners should move to expel suspected PRC intelligence officers before military hostilities commence. This measure would not be without drawbacks and risks, but it could symbolically signal resolve and substantively degrade the PRC’s ability to collect intelligence and conduct covert actions ahead of a potential conflict.

Although PRC HUMINT networks are traditionally less reliant on embassies than Russia’s, they are still significant. Encouragingly, Beijing’s zero-COVID policy very likely degraded its human intelligence collection efforts (and, interestingly, may have been a contributing factor in the arrest of some Chinese assets seeking to steal Russian military technology). As Chinese spy networks emerge from zero-COVID restrictions, however, they may increasingly rely on embassies to reconstitute dormant assets. While there is little near-term risk of a PRC invasion of Taiwan, Washington, Brussels, and other like-minded partners may be able to limit future PRC HUMINT operations by expelling intelligence officers operating under diplomatic cover.

Finally, judging from public arrests made throughout 2021, Russian security services, especially the GRU, were very active in Europe ahead of the invasion. As many noted at the time, this was an obvious potential early warning indicator. Similarly, any sudden spike in PRC military intelligence operational tempo would be notable, particularly if accompanied by other warning indicators that John Culver and others have written about.

2022 was an awful year for Russian intelligence. Next year could be worse.

What lessons can Western countries learn from Russia’s intelligence failures in 2022? The most important lesson would be to avoid the fundamental intelligence errors committed by Putin and other members of the siloviki: confirmation bias, optimism bias, and politicization are all enemies of good intelligence work. It would also be wise to strengthen sanctions compliance tools and funding, as the December arrest of a Russian smuggling ring centered in Massachusetts and New Jersey suggests Russian intelligence is increasingly tasked with obtaining technologies for its defense sector. Furthermore, Western security services should also identify, vet, and, when appropriate, approach or even recruit Russian IT expatriates – a step they presumably are already taking.

The Russian state’s capabilities, including its intelligence prowess, have been overestimated. Russian SIGINT capabilities have been ineffective throughout the war, while Russian HUMINT networks appear to be unraveling due to a higher operational tempo and the expulsion of intelligence officers working under official diplomatic cover. 2022 was a bad year for the Russian state, including its intelligence complex. The West should continue the pressure in 2023, ensuring Russia’s malign intelligence networks are permanently degraded.

v/r,

Joe Webster is a senior fellow at the Atlantic Council and editor of the China-Russia Report. This article represents his own personal opinion.

The China-Russia Report is an independent, nonpartisan newsletter covering political, economic, and security affairs within and between China and Russia. All articles, comments, op-eds, etc represent only the personal opinion of the author(s) and do not necessarily represent the position(s) of The China-Russia Report.

P.S. Please subscribe, like and share! It helps grow The China-Russia Report.