Hackers, Spies and Contract Killers
How Putin's Agents Are Infiltrating Germany
Russian secret service agencies have been targeting the West for years. They infiltrate computer systems, spy on politicians, conduct sabotage operations and even kill those who have fallen afoul of Moscow. Why did Germany wake up to the danger so late?
By Maik Baumgärtner, Floriana Bulfon, Jörg Diehl, Roman Dobrokhotov, Matthias Gebauer, Christo Grozev, Roman Höfner, Martin Knobbe, Roman Lehberger, Ann-Katrin Müller, Frederik Obermaier, Sven Röbel, Marcel Rosenbach, Fidelius Schmid und Wolf Wiedmann-Schmidt
Five months after her sudden disappearance, Maria Adela K. provided a sign of life.
She had been trying to hide from herself, she wrote to her friends in an emotional post on Facebook. But now she had to "reveal the truth."
She had cancer, she wrote.
Thirty-two of her Facebook friends promptly responded.
They showed concern, said they were happy to hear from her and also offered words of encouragement.
But shortly after that, K. disappeared again, leaving her friends in the dark.
There is much to suggest that the news about the cancer from 2018 was fabricated, like so much in the life of Maria Adela K.
Everything, really. Concealment and deception are apparently key elements of her profession: The purported businesswoman, it would seem, is actually a spy serving the Russian Federation.
Joint reporting by DER SPIEGEL and the investigative platforms Bellingcat and The Insider, along with Italian daily La Repubblica, suggests that K. acted as an agent of the Russian military intelligence agency GRU and targeting employees of the NATO base in Naples and the U.S. Navy base there.
It's possible that K. was also supposed to spy in Germany.
As is so often the case in espionage cases, there is a lack of definitive proof, but the circumstantial evidence is overwhelming.
K. used passports that appear to be from a series issued by the GRU.
She pursued Peruvian citizenship using false information and sought proximity to employees of the two military bases – until she invented the cancer story to go underground.
According to our reporting, her real name is Olga Vasilyevna K., born in June 1982 in rural southern Russia.
Just before her stirring Facebook message, a brand new Audi A3 was registered in her name in Moscow.
"Illegals" are what Russian spies like K. are called.
They're men and women who live inconspicuously in the West for years with elaborately constructed life stories, and they integrate firmly into the societies they spy on.
Dozens of them were deployed in the Soviet era; the series "The Americans" even created a cinematic monument to them.
Demoralize, Divide, Unsettle
"Illegals" like Adela K. belong to the network of agents who work for Moscow around the world, snooping, sabotaging, even murdering.
They are the clandestine combatants in a broad offensive against the West.
Putin's intelligence services influence political parties, manipulate elections, control Telegram channels and foment protests in the West with misinformation.
They infiltrate the computer networks of Western governments and hack into highly sensitive facilities.
Their goal: to demoralize, divide and unsettle Russia's adversaries.
Few other world leaders have empowered their secret service agents to the degree that Russian President Vladimir Putin has, himself a former KGB officer.
Tens of thousands of people working for the FSB, the SWR foreign intelligence service and the military's GRU are waging a shadow war against the West.
It is a struggle for power and influence, for raw materials and money – and it has been underway for far longer than the visible conflict in Ukraine.
Germany, Europe's most economically powerful democracy, is one of Moscow's primary targets.
For years, counterespionage efforts were subdued at best, but the country's political leaders are slowly waking up from a decades-long slumber.
"What is happening here is an attack on our liberal democracies, on our entire Western society," says a member of cabinet from a major European country.
"From election interference campaigns to assassination operations, Russia treated Europe like its playground," says Marc Polymeropoulos, who led the CIA's operations in Europe and Eurasia from 2017 to 2019.
He says his warnings about Moscow's clandestine operations repeatedly fell on "deaf ears."
"With the Russian war of aggression against Ukraine, the threat of Russian espionage, disinformation campaigns and cyberattacks has taken on another dimension," says German Interior Minister Nancy Faeser of the center-left Social Democrats (SPD).
The Invisible War
Just how close the visible and invisible war are to one another could be observed on Feb. 24, the day of Russia's invasion of Ukraine.
Suddenly, a huge number of customers of the American telecommunications provider Viasat lost their satellite internet connections.
At the same time, 5,800 wind turbines in Germany were suddenly no longer able to communicate with their network hub.
The real target of the attack, though, was a different Viasat customer: the Ukrainian military and its command and control network.
The perpetrators used a vulnerability to penetrate the service provider's network administration.
From there, they instructed customers' satellite modems to overwrite their flash memory, rendering them useless.
Viasat had to send its customers nearly 30,000 new devices.
The digital battle began before Russia even launched its first missiles.
The European Union and the United States have since blamed Russia for the cyberattack, saying the aim had been to disrupt Ukrainian command structures during the invasion.
What else might be in store for Germany?
It's a question on which the German government is currently focusing its attentions.
In July, Foreign Minister Annalena Baerbock of the Green Party said she is concerned about attacks on German power grids.
And recently, Interior Minister Faeser presented a revamped cybersecurity agenda.
Her ministry also warned that, given Germany's federal system, powers at the federal level are inadequate for addressing the current threat situation.
But Germany's reaction to Moscow's spies was long reminiscent of its approach to Russian natural gas imports.
Whereas Eastern European states, the U.S. and the UK have warned for years about the operations conducted by Russian intelligence services, governments in Berlin, Paris and Rome preferred to turn a blind eye to the gathering storm.
Since the fall of the Berlin Wall, the desire for friendship with Russia has been significant in Germany.
Following the terrorist attacks of Sept. 11, 2011, Germany's foreign intelligence agency, the BND, even shut down its counterespionage operations, the theory being that Germany now had to focus its attentions on a new type of enemy.
In 2001, Vladimir Putin gave a speech in the federal parliament, the Bundestag, for which he received a standing ovation – and this despite the fact that Russian soldiers had reduced the Chechen capital Grozny to rubble only a short time before.
Western governments sought proximity to Putin, and not just economically.
Counterespionage Neglected
In the aftermath of Sept. 11, there was a widespread belief that the West and Russia had a common goal in security policy, the fight against Islamist terrorism.
Counterintelligence got short shrift, with many considering it a relic of the Cold War.
But while the Soviet Union may have perished, its intelligence apparatus was alive and well, a fact that was overlooked by many.
This complacency would come at a cost.
The first target was a country once occupied by the Russians and forced into the Soviet Union.
In 2007, Russian hackers crippled Estonia's digital infrastructure for several weeks.
In 2008, Herman Simm, a longtime high-ranking official in the Estonian Defense Ministry, was exposed as a spy.
For years, he had been providing Russia's SWR intelligence service with highly sensitive information. Simm was "the most damaging (spy) in alliance history," according to a classified NATO report in 2010.
In 2010, the U.S. exposed Anna Chapman and nine other Russian spies active in the country.
The young top agent had obtained her name and citizenship by marrying a British man.
The tabloids dubbed her "Agent 90-60-90" for her figure measurements when, after her cover was blown, she posed in lingerie for a number of glossies.
The glamour spy Anna Chapman (left), who was discovered in the U.S.; the suspected agent Olga K. (center); and a Facebook photo under the alias "Maria Adela K." [M] Ole Schleef / DER SPIEGEL; A. Gorshkov / Sputnik Kremlin / AP, E. Blondet / action press, S. Esposito / picture alliance / Pacific Press, V. Izzo / ddpThe purported married couple Andreas and Heidrun Anschlag, who worked for the foreign intelligence service SWR from a single-family home in Michelbach in the German state of Hesse, behaved less conspicuously.
At events, the two would speak to members of the military and businessmen, politicians and scientists.
The husband had taken a job at an automotive supply company as his cover.
The duo landed their greatest coup when they recruited an official from the Dutch Foreign Ministry in The Hague.
The man was burdened with financial worries and his wife's serious illness, and he supplied the pair with hundreds of documents from the inner workings of the European Union and NATO over a period of several years.
In 2013, a court sentenced the pair to several years in prison, but they were soon deported to Moscow.
Russia continues to use the classic agent model to try to infiltrate its adversaries. Indeed, only recently, the Kremlin tried to place a spy into one of the world's highest courts.
A few months ago, a young man purporting to be from Brazil applied to the International Criminal Court (ICC) in The Hague.
Undercover in The Hague
Victor Muller Ferreira, allegedly born in Rio de Janeiro in 1989, brought with him an extraordinarily positive letter of recommendation from his professor at the prestigious Johns Hopkins University, in addition to a moving family story.
He was accepted for an internship at the ICC and Muller Ferreira planned to travel to the Netherlands in early April.
In fact, the ostensibly up-and-coming expert on international relations is named Sergey Cherkasov and is a Russian spy, as the Dutch foreign intelligence service, AIVD, discovered.
Just as the first reports of massacres, rapes and torture from Ukrainian sites like the Kyiv suburb of Bucha began hitting the headlines, Russia was apparently trying to place an informant in the central organization charged with prosecuting these war crimes.
Had the coup succeeded, Cherkasov might have been in a position to manipulate evidence in The Hague and inform his handlers in Moscow about the investigation.
But it never came to that. Officials were waiting for Cherkasov as he tried to enter the Netherlands and he was immediately deported to Brazil.
Adele K., on the other hand, has not been nabbed to this day – even though she made a serious mistake in setting up her cover identity.
In August 2005, she applied under the name Maria Adela K. to be entered into Peru's National Registry of Identification and Civil Status.
She presented a birth certificate dated Sept. 1, 1978, which indicated she had a German parent in the coastal province of Callao, just outside the Peruvian capital of Lima.
It's possible that she later wanted to be able to apply for German citizenship in order to be able to spy inconspicuously in the country.
But the Peruvian authorities were suspicious and asked for additional information.
So Adela K. submitted an extra document: a certificate stating that she had been baptized on Sept. 14, 1978, in the Cristo Liberador parish in Callao.
False Papers
When the authorities contacted the parish, however, they received an astonishing answer: The church had first been established in 1987, so no one could have been baptized there in 1978.
The officials refused to approve citizenship and referred the case to the national prosecutor because of false statements.
But who in Europe cares about the forgery of documents in South America?
Starting in 2006, Maria Adela K. began appearing in various places in Europe as a "leading specialist," with no additional specifications provided.
She showed up at the State University in Moscow, as a fashion student in Rome, as a beach girl in a "tiny" bikini, according to one witness in Malta, and as an purported student in Paris living in the 13th arrondissement.
The French Embassy in Moscow had apparently issued her with the first visa for the Schengen area, and from then on, K. continued to develop her cover story.
In 2012, she married a young man who held three passports: one Russian, one Ecuadorian and one Italian.
In October of the same year, she founded a company based in Paris that sold jewelry, leather goods and wine.
Her husband died in 2013 while in Russia, allegedly from an autoimmune disease, thus depriving her of Italian citizenship.
But she did manage to secure a permanent work permit for the country.
K. first came into contact with people from NATO and the U.S. armed forces in 2014.
The president of the biggest Lions Club in Naples recommended her for another Lions Club in the city, the Lions Club Napoli Monte Nuovo, which is supported by members of the local U.S. Naval Base and NATO's Allied Joint Forces Command.
Adela K. became secretary of the club – and suddenly found herself surrounded by potential informants.
Officially, she worked at her newly established store, but even though the jewelry and accessories business wasn't doing particularly well, K. never seemed to lack for money.
The addresses she registered as her residences at the time were in one of the city's best neighborhoods, and photos on her Instagram and Facebook profiles show views over the Gulf of Naples.
She participated in Lions Club charity auctions and attended the annual NATO ball.
She celebrated her birthday with military officers from NATO and the U.S. Navy.
And she began a love affair with an American soldier, who is still convinced to this day that she was less interested in his profession and his country than in him as a man.
Did no one suspect anything?
A Luxury Life in Moscow?
Lieutenant Colonel Thorsten S. of Germany's armed forces, who held a leading position at the club at the time, recalls one puzzling incident.
When the club was on the verge of closure due to financial woes, Adela paid everyone's annual fees out of her own pocket.
"That was pretty weird," says S.
Adela's longtime friend Marcelle d'Argy Smith, the former editor-in-chief of the British edition of Cosmopolitan, recalls that "she is very smart and attractive.
No woman would let her husband near her."
D'Argy Smith says Adele asked her repeatedly to introduce her to influential people in politics and society.
But then, in summer 2018, Adela K. suddenly disappeared from Naples, apparently reemerging as Olga K. in Moscow. Had life as an agent become too dangerous for her?
In 2020, a French lieutenant colonel was arrested at the NATO base in Naples as a suspected Russian spy.
It is unclear whether Adela K. had been in contact with him, nor is it known what information she may have passed on to her handlers in Russia.
K. led a quite luxurious lifestyle in Moscow.
According to a leak from the service provider Yandex, she ordered meals from two high-end Moscow restaurants, sushi several times and also Indian food.
DER SPIEGEL and its partners compared photos of Olga K. and Adela K. using different facial recognition software and found that it is highly likely that they are the same person.
K. did not respond to questions from DER SPIEGEL.
Adela K. appears to be one of the agents for whom the Russian state is making considerable efforts.
Moscow constructs complete cover identities for top people and sends them to different countries around the world.
These men and women are paid handsomely for dedicating their lives to the intelligence services.
According to information obtained by DER SPIEGEL, the GRU and SWR secret services maintain a total of up to 70 "illegals," not a huge number.
But other agents, who are significantly more numerous than the "illegals," likewise play an important role in Russia's espionage battle, working for the embassies and consulates of the Russian Federation abroad.
Their work may not be as glorified as that of colleagues, but there are many of them.
Insiders believe that SWR maintains around 3,000 of these spies, and the GRU up to 1,000.
Most are disguised as diplomats.
At the beginning of the year, Western intelligence services estimated that more than 150 Russian spies with diplomatic accreditation were still working in Germany alone.
Their informants usually don't know that they are dealing with Russian intelligence agents.
Who, after all, would suspect that Pavel Rubtsov, the former deputy head of the trade and economic office at the Russian Embassy in Berlin, is in fact likely a representative of the foreign intelligence service SWR?
He has since been expelled from the country.
Initiated at a Festival
And who is going to be suspicious when running into a fellow compatriot at the fishing festival in Schlehdorf, Bavaria, following a rafting trip with friends?
That's what happened to materials researcher Ilnur N., a Russian doctoral candidate at the University of Augsburg.
In the summer of 2019, a man spoke to him in Russian while he was waiting in line at a fish stand.
It was Leonid Strukov, officially the Russian deputy consul general in Munich.
But officials with the German judiciary are convinced he is an SWR officer.
Strukov told Ilnur N. that he was frequently in Augsburg and asked whether it would be possible for them to meet for a beer.
Ilnur N. agreed, and a first meeting took place not long later.
According to N., Strukov told him at the meeting that he was helping a former colleague at a Russian bank that was looking for investment opportunities in aerospace companies.
He asked N. if he could help out by providing some expertise on new fields of research in aerospace technology.
N. agreed.
He compiled files from public sources, but also used his university data archive access to obtain some fee-based information.
He didn't provide any sensitive information, but he was still paid by the deputy consul general – sometimes 100 euros, sometimes 200 and later as much as 600.
The Russian spy was especially interested in the European Ariane 6 launch vehicle – and here, too, N. was able to deliver.
At some point, the young scientist began telling Strukov about his own research into the development of a cryostat, a container in which extremely low temperatures are generated to test materials for space travel.
Strukov didn't initially seem interested, but he asked specific questions about the complex issue at a later meeting.
He also asked if N. could provide him with some of the documents from his research.
If need be, he could just take photos of the screen with his mobile phone.
The Augsburg-based mole Ilnur N. (left); indicted reserve officer Ralph G. (right); suspected GRU officer Mikhail Starov (center). [M] Ole Schleef / DER SPIEGEL; C. Stache / picture alliance / dpa, G. Thielmann / imageBROKER / mauritius images, Science Photo Library, Meike Wirsel / BILDPolice were waiting for the two men at a subsequent meeting a short time later in Augsburg.
The Federal Office for the Protection of the Constitution, Germany's domestic intelligence agency, had been shadowing Strukov, and N. also fell into their net.
Strukov showed his consulate ID card, invoked his diplomatic immunity and left.
N. was placed in pretrial custody, ultimately ending up with a suspended sentence of one year, a bill for the legal costs and, likely, a ruined career.
N. was essentially a useful idiot for the Russians, as so many of their informants are.
Others help the agents out of vanity or greed for money; very few act out of political conviction.
David S., however, may be one of the few who did. Investigators later found Russian books and a Russian flag in his apartment.
He had turned his back on his native Britain years ago and moved to Germany, where he lived in Potsdam and worked as a security guard at the British Embassy in Berlin.
Investigators are convinced that he shared what he witnessed there with the Russians.
They arrested and extradited him to Britain.
According to media reports, he has denied the allegations.
Ralph G. may also have acted out of political conviction.
The lieutenant colonel of the German armed forces reserves has been on trial at the Düsseldorf Higher Regional Court since August.
According to the indictment, he allegedly provided information to Putin's GRU military intelligence agency from no later than October 2014 up until March 2020.
The Federal Prosecutor's Office considers him to be a man who acted out of sympathy for Russia.
G. met his presumed GRU handler at the Air Force Ball in Bonn.
Around 1,800 guests from the military, politics and business attended the magnificent dance event at the city's Beethovenhalle.
The women wore ball gowns, the men wore tuxedos or uniforms.
Also among them was Mikhail Starov, a man accredited as an air force attaché at the Russian Embassy in Berlin, but apparently only as a cover.
A few months after the rousing evening, Starov visited the German reservist at his home in Erkrath in the state of North Rhine-Westphalia.
After that, G. allegedly provided the Russian with inside information about the German reservist system for the first time.
Investigations by the Federal Prosecutor's Office have revealed that the lieutenant colonel met with his suspected GRU handler more than a dozen times, for example in Berlin at the Dressler restaurant, in Kröv an der Mosel – and several times at the Russian Embassy in Berlin.
Internal Bundeswehr Material Revealed
Ralph G. is thought to have provided Russia with excerpts from an unpublished Bundeswehr white book from 2016 outlining the German government’s security policy guidelines, a document that has received extensive revisions following Moscow’s annexation of the Crimea.
He also allegedly provided tips to the GRU regarding senior Bundeswehr officials who he thought might be sympathetic to Russia – so that Russia could approach them.
After Starov left Germany, others took over the contact.
In 2018, the German military’s counterintelligence service, known as MAD, got wind of the situation.
And G. made it rather easy for the investigators, having communicated openly with his contacts using email addresses registered with web.de and Gmail.
In a telephone conversation intercepted by German officials, he said that his contacts in the Russian Embassy belonged to GRU.
During a later interrogation, he nevertheless denied knowing of the men’s intelligence backgrounds.
G. allegedly received no money for his services, but he did travel to Moscow on several occasions for a security conference.
According to the indictment, the Russians took care of his airfare and hotel costs.
His lawyer did not respond to queries from DER SPIEGEL.
The Russian Embassy contends that this and other cases of suspected espionage is mere "speculation that has been grabbed out of thin air."
The "climate of Russian espionage-mania stoked in Germany” is "deeply regrettable," said an embassy spokesman.
In truth, however, the willingness of some Germans to assist Putin’s Russia have gone far beyond the provision of information.
Two men from Saxony and Bavaria enabled Moscow to circumvent European export sanctions.
They belonged – allegedly without their knowledge – to a clandestine procurement network run by Russian intelligence services that German officials have been able to expose.
Ever since the EU embargo imposed after the annexation of Crimea, it has become more difficult for Russia to purchase technology that could also be used for military purposes.
In response, Putin’s henchmen went on a secret shopping spree.
According to German federal prosecutors, a Russian named Sergei K. was at the heart of those efforts, seeking to establish contacts to German companies at trade fairs and on business trips.
Machines for the Defense Industry
Sergei K. posed as the general director of the anodyne-sounding "Center for Scientific and Technical Development" (URIC), based in Yekaterinburg.
In fact, it is thought that the intelligence agency FSB had its hands firmly on the controls – and the coveted technology ended up with state-owned defense companies.
German courts have now focused on the network in two trials.
Alexander Sch., a businessman from Augsburg, was convicted for having delivered special milling machines worth 7.9 million euros.
The documentation listed recipients in the oil and gas industry, but the high-tech machines were in fact delivered to the defense manufacturer OKB Novator, which produces nuclear-capable Iskander cruise missiles, among other items.
The second court case involved a man named Alexander S. from the town of Markkleeberg, located near Leipzig.
He was convicted of selling laboratory equipment to Yekaterinburg that is necessary for the production of chemical or biological weapons.
In this deal, too, the true recipient was concealed in order to mislead German officials.
DER SPIEGEL has learned that a German arrest warrant has been issued for Putin’s suspected procurement officer Sergei K.
The alleged cancer patient Adela K. was also closely linked to the Kremlin, as passport data shows.
Her identity papers are from a number series which, according to reporting by DER SPIEGEL and its partners, has also been used by members of a strictly confidential elite unit of the military intelligence agency GRU.
But the detachment, known as Unit 29155 and founded in 2009, is not chiefly focused on the collection of information, which was Adela K.’s primary aim.
Rather, the 20 former soldiers under the leadership of a highly decorated major general are Putin’s kill team.
They are responsible for committing attacks with explosives and assassinations – and thus for triggering unrest and fear in the West.
To liquidate their victims, they rely on firearms or the nerve agent Novichok.
Among the commando’s suspected victims is the Bulgarian arms dealer Emilian Gebrev, who provides weapons to Russia’s enemies, such as Ukraine.
Following a dinner in 2015, he began feeling unwell, fell into a coma and only barely survived the poisoning.
Investigations into the case are still ongoing.
Three years later, the elite agents poisoned former Russian spy Sergei Skripal and his daughter in the British town of Salisbury. Investigations have revealed that members of the intelligence agency GRU were in the area of both crime scenes – and all were members of Unit 29155.
Doing the Dirty Work
The agents who belong to this unit do the dirty work.
They are trained for sensitive foreign operations like sabotage, coup d’états and assassinations.
They are all between their late-30s and mid-40s and graduates of respected state institutions, and most of them have battlefield experience, such as in the wars in Chechnya or Ukraine.
Many of them have served in special forces units.
The connection data of calls made during their missions indicate that they have at times received direct instructions from officials close to the Russian president.
It is difficult to reconstruct where and how often members of the secret unit have struck in Europe. GRU agents travel under assumed names to many EU countries, and lackadaisical controls mean it is quite simple for them to obtain tourist visas.
In 2014, the year of the Crimea annexation, a munitions dump in the Czech Republic exploded, a site where material for Ukraine was likely also stored.
Indications point to Putin’s elite force.
Unit 29155 is also thought to have been involved in the attempted putsch in Montenegro in 2016.
Meanwhile, the Spanish judiciary is looking into suspected GRU involvement in the conflict over Catalonian independence, with the apparent aim of destabilizing the country.
The domestic intelligence agency FSB also maintains its own killing unit, its most prominent victim being the opposition politician Alexei Navalny, who collapsed in August 2020 on a flight out of the Siberian city of Tomsk.
Reporting conducted by DER SPIEGEL, Bellingcat and The Insider revealed that agents poisoned him with the nerve agent Novichok.
Navalny has been held in a Russian prison camp for the last year and a half.
The agency doesn't limit its operations to Russian territory either.
And the organization also includes military special forces, such as the Vympel Unit, which goes by the name of Department V in the FSB.
Reporting by DER SPIEGEL and Bellingcat seems to show that the FSB commissions contract killings through former members of the unit.
Vadim Krasikov, for example, who shot and killed a former Chechen fighter on August 23, 2019, in a Berlin park, had contact to Vympel and spent time at FSB properties on several occasions.
In December 2021, he was found guilty by Berlin’s highest court, the Berlin Kammergericht, of having shot his victim at the behest of Russian state actors.
As the verdict clearly states: "It was a case of state-sponsored terrorism."
The Russian Embassy in Berlin has said the verdict was "politically motivated."
Was that murder an isolated case?
It is considered a certainty that FSB agents also murdered a former Chechen fighter in Istanbul in 2015.
In January 2020, German domestic intelligence agents were watching in Hamburg as high-ranking FSB agent Igor Egorov met with a suspected contract killer.
An arrest planned for March failed after Ukrainian intelligence learned of the case and published their suspicions on the internet, whereupon Egorov elected not to make any more trips to Germany.
Moscow’s agents and spies, though, don’t just threaten critics and enemies.
They also endanger critical infrastructure in the hated Western world by way of hacking and sabotage.
"We must be aware of the fact that Russia is in our networks," Wolfgang Wien, vice president of the Bundesnachrichtendienst (BND), Germany’s foreign intelligence agency, said at a recent security conference in Potsdam.
His agency, he said, has solid insight into the cyberworld, and what they see there is unnerving.
"We have to assume that they are also preparing something for us," Wien said.
"Clandestinely, in the networks."
What the BND deputy head addressed in his public comments is the nightmare of every German agency: Hackers burrow into sensitive areas of public infrastructure and install malware, which can then be activated at will to manipulate or destroy the systems they have infected – whether it is hospital electronics, the IT systems of German agencies or even power plants.
The fact that such considerations are not just dystopian chimeras is demonstrated by a group that Western security experts and agencies call Berserk Bear.
The group is less prominent than other Russian hacker groups, because their operations appear to be less spectacular.
But they are extremely comprehensive and have been discovered in 135 different countries in recent years.
The hackers are dangerous because the access they have prepared could one day be used by Russia in a global operation.
The attacks on the Viasat satellites and Ukrainian defense systems were but a small taste.
Recently, faces and a postal address have even been attached to the group, with the U.S. Justice Department having pressed charges against three suspected members of Berserk Bear in March.
They are thought to be members of the FSB’s Unit 71330, which is known as Center 16.
The U.S. investigators have charged the trio with having spent years targeting the control systems of critical infrastructure in the West.
The goal was to obtain permanent access to their computer systems through a kind of backdoor.
The Justice Department believes they were successful in installing their malware in more than 17,000 instances.
"Access to such systems would have provided the Russian government the ability to, among other things, disrupt and damage such computer systems at a future time of its choosing," reads the indictment.
The hackers had already managed to find their way into the bookkeeping system of a nuclear power plant in Kansas.
German companies have also been targeted by the Russian hacker group.
The Federal Office for the Protection of the Constitution (BfV), Germany’s domestic intelligence agency, warned in 2018 of an impending campaign by the group.
Telecommunications provider Netcom BW did, in fact, discover telltale indications in its own network that investigators believe came from Berserk Bear.
German public prosecutors have since issued an arrest warrant for a man who has been indicted in the U.S. as a hacker for the Russian intelligence agency FSB.
Fear of digital sleeper cells in the most important infrastructure and power plant networks is not new. But it has never been quite as great as it is currently.
Cyber defense experts with the BfV have developed a quartets card game with the most dangerous state-sponsored hacker groups in the world.
There are five cards for Russian hacker groups in the deck.
Russian intelligence hackers; espionage targets including the nuclear plant in Kansas (left), the German Bundestag and former German Chancellor Angela Merkel. [M] Ole Schleef / DER SPIEGEL; Schoening / ddp, M. Reinstein / Shutterstock, C. Spicker / IMAGO, S. Gollnow / picture alliance /dpa
In the game, Berserk Bear has a "pain factor" of 8.5 out of 10.
Another Russian group, known as Fancy Bear, which is linked to the Russian military intelligence agency GRU, has a "danger index" rating of 9.5 out of 10.
In 2015, the group attacked German parliament, the Bundestag, and siphoned off data from several parliamentarians, including from the parliamentary office of Angela Merkel, who was chancellor at the time.
An additional card in the quartets game is reserved for Venomous Bear, which is more widely known under the alias Snake, due to the craftiness of its members, who are thought to be under FSB control.
In 2018, they found their way into the highly secured network of Germany’s Foreign Ministry.
In the BfV card game, the group has been assigned 9 out of 10 points in the "capabilities" category.
Moscow’s cyberwarriors rely on a variety of different techniques.
There are the more sophisticated methods, such as stealing data, quietly analyzing it and perhaps never making it public.
There is the more savage approach of publishing the stolen data on the internet for all to see, such as in the case of the emails stolen from Hillary Clinton’s Democrats in 2016.
And then there is sheer destruction and sabotage, such as in 2015, when the Ukrainian power grid collapsed.
Other hackers focus their attentions on launching smear campaigns, disseminating fake news and spreading disinformation.
The most important of these groups is called Ghostwriter, and German officials believe the GRU is behind it.
Ghostwriter has targeted German politicians.
They rely on phishing emails to infiltrate and take control of email and social media accounts.
DER SPIEGEL has learned that around a dozen lawmakers in federal and state parliaments in Germany, or members of their staffs, have fallen for the group’s rather unsophisticated tactics.
An example in Poland demonstrates how nasty the group’s campaigns can be.
Hackers there were able to gain access to the Facebook account of Marcin Duszek, a parliamentarian from the national-conservative Law and Justice (PiS) party, and to post compromising photos of his alleged secretary.
The hackers also took control of the Twitter account belonging to politician Joanna Borowiak and, in her name, insulted supporters of abortion rights as "drug addicted prostitutes and child murderers."
On the Twitter account of Marek Suski, a senior PiS parliamentarian, Ghostwriter published a photo of a local politician wearing red lingerie.
Since the Russian invasion of Ukraine, members of Ghostwriter have been posting lies about the war on Facebook using hijacked accounts.
One video, for example, seems to show a group of Ukrainian soldiers coming out of a forest and waving white flags as they surrender to the Russians.
Security experts from Meta, Facebook’s parent company, later said the video was fake.
Germany’s Failures
State-sponsored hackers, spies with diplomatic passports, assassination units: Putin’s hidden attack on the West takes place on a number of different levels.
How can the state defend itself?
Germany ignored the problem for too long, and now the deficits are difficult to make up for, at least according to former CIA agent John Sipher.
His verdict on German counterespionage is scathing.
"During my time working with a wide variety of services to track and defend against Russian subversion, I found the German services to be far less helpful and capable than most of their European counterparts," Sipher says.
"I don't recall any serious cooperation."
"After reunification, German largely terminated its counterespionage efforts, whereas other countries continued doing what they had been doing during the Cold War," says Konstantin von Notz, a Green Party parliamentarian and head of the body that exerts parliamentary control over Germany’s intelligence agencies.
"We were careless and didn’t pay attention to the details.
And now, we have a significant security problem."
Dependence on Russian natural gas and oil, the hope that economic ties would produce political change and a romanticized view of Russia: All of that prevented Germany for many years from reacting to obvious hostility.
"To be honest, we completely neglected the Russia issue," says a former senior member of the BfV.
Germany slightly intensified its approach to Russia following the hacking of the German parliament and the murder committed in the Berlin park, but efforts have now been significantly ramped up in response to the invasion of Ukraine.
Previously, Germany used to only occasionally expel suspected Russian spies who were accredited as diplomats.
More recently, though, Berlin targeted 40 employees of the Russian Embassy.
Still, Germany wants to be careful with such expulsions out of concern that it would lose leverage in Russia.
After all, Moscow tends to respond to such ejections by throwing an equal number of Germans out of Russia.
The problem with that, according to the German government, is that the German Embassy in Moscow is far smaller than the Russian representation in Berlin.
Other countries, like the United Kingdom, nevertheless made the decision years ago to throw all identified spies out of the country immediately.
Officials in Britain and elsewhere say that doing so is far better from a counterespionage point of view.
In total, European countries have expelled more than 400 suspected Russian spies since the invasion of Ukraine.
At the BfV, counterespionage has only returned as a significant focus in recent years.
Whereas there were almost 400 people working in the agency’s counterespionage division at the end of the Cold War, that number quickly began dropping over the years and reached its lowest point since 1990 in 2014, the year in which Russia annexed Crimea.
Essentially, the department was cut in half – despite numerous warnings from security experts.
Last year, the agency received authorization to hire an additional 350 people, with some of the new jobs dedicated to counterespionage.
MAD, the military intelligence agency, also intends to go on a hiring spree to fill the counterespionage roster, with many of the more than 100 jobs in the department currently unfilled.
But it isn’t easy to find good and reliable people.
Spying Operations in Germany
Among politicians in Germany, awareness of the dangers presented by Russia has increased dramatically since Feb 24.
The hacker incursions at Green Party headquarters in May and June, which seem to be linked to Russia, have also played a role.
In the Bundestag, Green parliamentarians have recently taken rather unusual measures.
Foreign and security policy experts along with three parliamentary state secretaries have decided to give up their prestigious offices looking out on the central Berlin boulevard Unter den Linden.
Intelligence experts from the BfV told the politicians that such offices were easy to spy on, since they were right across the street from the Russian Embassy.
The offices are now used by fellow party members with less sensitive areas of policy focus.
German officials are now examining scenarios that were unimaginable just a short time ago.
One confidential paper from the security apparatus warns that there "could be increased spying on state and parliamentary targets" in Germany.
The paper notes that the focus of such efforts will be on the Chancellery and on key ministries, such as the foreign, interior, defense and economy portfolios.
Bundestag committees are also at risk, and security officials are likewise concerned about possible sabotage operations in Germany targeting, for example, weapons deliveries to Ukraine.
It can also not be excluded, say officials, that the Russians may attempt to create unrest in Germany, such as through the delivery of explosives to terrorists or false flag operations.
Military intelligence agents were recently able to witness just what Russian spies in Germany are still capable of.
The U.S. and Germany had hardly announced their intention this spring to train Ukrainian soldiers to use Western weapons before Moscow’s agents became active.
German officials suddenly began seeing suspicious vehicles in front of two military installations where U.S. and German soldiers are training Ukrainian recruits.
Agents believe that they could have been using a scanner to intercept mobile data from the Ukrainians.
Mini-drones outfitted with cameras were also seen flying over the training grounds before quickly disappearing again.
Officials believe that Russian opposition activists who have fled to Germany could potentially be at risk, with Putin’s agents perhaps targeting them.
The same holds true for deserted Russian soldiers and defectors from the Russian military and security apparatus who may flee to Germany.
Putin’s henchmen could even resort to assassinations as a way of dissuading others from deserting as well.
Just how fraught the situation is among German officials is illustrated by a recent incident in Berlin.
One evening in August, police officers and firefighters were dispatched in the western part of the city, along with specialists for biological and chemical weapons.
In their orange protective clothing, the men and women looked like they were straight out of a catastrophe film.
The response came out of concern that Putin’s stooges may have targeted a Russian opposition activist.
In Russia, the woman was declared a "foreign agent" and she escaped to Berlin a few months ago.
At a time when she wasn’t home, a neighbor called the authorities to report that someone was in the woman’s apartment and that voices could be heard speaking Russian.
Then, the neighbor reported, several people ran out of the apartment and climbed into a black car.
Officials took the report seriously and experts searched the apartment for explosives and toxic agents.
Thus far, nothing has been found, though the search for bugs is ongoing.
Still, it looks as though it may have been a false alarm.
This time.
0 comments:
Publicar un comentario