KREMLIN FILES: A brush of a hand in opposition to a park bench with chalk; or, a bit {of electrical} tape left on a mailbox. Typically it’s a coded phrase buried in a routine e-mail with an encrypted image. That is what Russian intelligence tradecraft seems like: delicate, disciplined, and constructed on alerts most individuals would by no means discover. With the marketing campaign of Russian hybrid battle happening throughout the European continent, it’s extra necessary than ever for NATO’s intelligence companies and most of the people to be conscious of Russian espionage tradecraft. That very same tradecraft can also be shared – not less than in part– with a few of our different adversaries, together with Chinese language intelligence, Iranian IRGC (Revolutionary Guard) or different parts, and even terrorist teams. There has by no means been a greater time for People to train vigilance relating to our adversaries and their intelligence companies.
For the Russian intelligence companies (RIS), over a century of experience– from the Cheka to the KGB and right this moment’s SVR and GRU– has helped refine the artwork of dealing with brokers in what they think about hostile overseas environments. Whereas expertise advances, the basic ideas stay largely unchanged: compartmentalization, deniability, endurance, and psychological management. The early Bolshevik revolutionaries needed to perceive spy tradecraft as a result of they have been main a significant conspiracy in opposition to the Tsar. They have been enemies of the state, touring underneath false passports and following what they known as the “guidelines of conspiracy” to hold out their revolution.
Some features of Russian agent dealing with have advanced, however others stay the identical. In my upcoming e-book on Russian intelligence tradecraft (out with Naval Institute Press, April 2026), I’ve a chapter dedicated to Russian “avenue tradecraft” or how they deal with their recruited brokers. CIA calls this apply “sticks and bricks.” The RIS practice on this closely at their intelligence academies, together with surveillance/countersurveillance methods, agent signaling and dealing with, and using operational expertise in agent communications. These techniques have advanced as properly through the years to incorporate satellite- and laptop/encrypted-based “covert communications,” or what the Russians generally name “spets-svyaz.”
Learning these methods and their patterns is extra necessary than ever with Russia unleashing a wave of covert motion and sabotage operations in opposition to NATO and the West. Invariably, amongst these operations, there will probably be dealing with of espionage penetrations of NATO nations and their governments. And after they have extremely positioned brokers, and even these positioned within the media, corporations, or NGO’s, the SVR, GRU, and FSB will use the next varieties of tradecraft to deal with them.
Russian Agent Signaling and Dealing with Practices
Signaling is prime to any agent-handling operation (recall that the Russians, like U.S. companies, don’t seek advice from their officers as brokers—the time period agent is reserved for the asset, or overseas spy, being dealt with). Earlier than any message is exchanged, brokers and handlers should verify that it’s protected to speak after which sign that the fabric trade has been profitable. Russians use what we frequently wish to name “city geography,” which means phone poles, mailboxes, park benches, or indicators. Issues that received’t usually transfer however are a part of our on a regular basis life and will be simply described to an agent, whereas nonetheless being distinct.
For instance, the KGB used phone and utility poles to mark alerts and packages for the recruited cryptographic spy John Walker within the Eighties, whereas he was betraying the U.S. Navy within the case that grew to become referred to as the “Walker Household of Spies.” The utility poles had the benefit, because the KGB famous, of every bearing a selected steel plate or identifier, which Walker might confirm earlier than dropping his reels of photographed paperwork, usually hid amongst varied items of rubbish (similar to photographic reels positioned in empty soda cans).
Lifeless drops, or what our British colleagues name “useless letter packing containers,” are equally basic to Russian agent dealing with. They name them “tainiki,” which means “hid” or “secret place.” The Russians will use sealed and hid containers — magnets underneath bridges, hollowed-out stones, or waterproof capsules (generally simply double-wrapped trash luggage) set in quiet places or buried shallow in parks. These useless drops enable materials to be exchanged with out face-to-face contact. The strategy minimizes publicity: no assembly, no surveillance pictures, no conversations to intercept, and no threat of the FBI, British BSIS, or different overseas counterintelligence companies following the agent or the Russian intelligence officer (RIO) to the assembly, thereby compromising the op.
After which there are communications protocols. Traditionally, this meant one-time pads and burst radio transmissions utilized by Russian brokers all through the Chilly Warfare. All the Russian illegals who have been arrested within the “Ghost Tales” case publicized in 2010 have been skilled and utilized to some extent or one other in these methods. They contain encrypted messaging apps, laptops wired for covert exchanges, steganography in digital photos, or covert Wi-Fi exfiltration from public areas.
With all these practices, the identical guidelines endure from the early days of the Bolshevik Chekists: assume compromise is inevitable, and design for resilience and redundancy in agent communications.
Surveillance Operations Overseas
Overseas, the SVR and GRU use surveillance extra selectively than at dwelling. Russia is certainly a contemporary surveillance state, however overseas, the RIS are the hunted and watched. The FSB operates much less overseas than its overseas intelligence service and army counterparts, nevertheless it has made extra forays into overseas work than ever, significantly in particular operations and so-called “moist work.” The aim with surveillance, for all three companies, is to observe adversarial companies (i.e., all diplomats from NATO and different nations that Russia considers adversaries—a listing that’s rising), defend their very own officers, and, generally, use it to seek out kompromat—compromising materials to intimidate potential recruits through extortion.
The SVR and GRU every have devoted surveillance groups that may deploy overseas underneath the guise of unlawful or different official or non-official covers. However as a rule, they make use of their very own IO (intelligence officer/employees officers) from Residencies already overseas with a purpose to conduct “pick-up” groups to surveil targets of curiosity. This isn’t a greatest apply, however one they’re pressured into by the PNGs (declaration persona non grata), or expulsions, of a whole lot of their intelligence officers from NATO and different nations in recent times. The RIS not have the staffing they as soon as did underneath official cowl at embassies overseas.
Naruzhka, because the Russians time period the surveillance artwork, is rarely nearly “following.” It helps countersurveillance, making certain GRU and SVR officers should not underneath adversarial monitoring earlier than a gathering or useless drop. Additionally, for the assorted acts of operational safety with conferences, Russians use surveillance detection routes, which they name “marshrut proverki” or MP’s. Once they have the sources to take action, simply as in Russia, the SVR, GRU, and generally even the FSB map the routines of overseas officers or enterprise leaders. Their aim is to find out whether or not these targets are viable recruits or potential targets for different operations, like their “direct motion” and assassination makes an attempt overseas.
Classes Realized and Forgotten, From the Chilly Warfare
Good counterintelligence isn’t about chasing cinematic spy tales, however about recognizing patterns: delicate signaling behaviors or uncommon compartmentation requests. These will be seemingly low-value contacts that, over time, map a community. U.S. and allied companies have disrupted subtle networks run by the RIS through the years, many occasions over. Nonetheless, the working atmosphere has sadly solely turn into extra permissive for spying as strategies utilizing technical sources broaden.
World mobility, digital platforms, educational openness, and enterprise capital ecosystems create frictionless entry factors that hostile companies exploit patiently and methodically. Which means counterintelligence tradecraft should be simply as disciplined. Allied companies have to make use of sample evaluation, cross-domain collaboration, and knowledge integration. Defensive briefings have to be sensible, not paranoid or meant to intimidate workers. Early anomaly detection inside delicate applications is necessary. And above all, we have to train our collective institutional reminiscence: understanding that these strategies should not new, solely repackaged.
Firms, universities, analysis facilities, and startups sit on the entrance strains, whether or not they notice it or not. Expertise recruitment, joint analysis proposals, convention networking, funding affords, and knowledge partnerships can all be legit, or often one thing else. The RIS and their Chinese language allies perceive that long-term entry is preferable to short-term theft. They domesticate relationships, not simply sources, and so they play on ego, particularly with teachers, diplomats, and businesspeople. The Chinese language recruitment of former CIA officer Kevin Mallory is a living proof—recruited and contacted by the Chinese language by a job-hunting social media platform.
We’re targets — each within the United States and with all of our European allies. We’re so, not due to paranoia, however due to functionality and innovation which might be the envy of Russia. That and our democracy, which Putin fears. He can’t afford for the Russian individuals to take pleasure in democracy and the freedoms we get pleasure from. If he allowed it, his reign couldn’t have lasted so long as the longest of the Tsars.
The Russians nonetheless use the time period “GP” (glavnii protivnik) to seek advice from the U.S. as the principle adversary. Ask any RIO, and they’ll shortly state that the UK, Germany, and all our NATO allies rank 2,3,4 and so on. We have to be conscious, actively collaborate, and stay continually vigilant. The comb of a hand in opposition to a bench. A benign LinkedIn message. A visiting scholar with a narrowly outlined query set. Tradecraft hasn’t disappeared, however has tailored. Vigilance, transparency, and knowledgeable skepticism aren’t overreactions. They’re the fashionable equal of checking the lampposts and utility poles for chalk marks.
All statements of truth, opinion, or evaluation expressed are these of the creator and don’t replicate the official positions or views of the US Authorities. Nothing within the contents needs to be construed as asserting or implying US Authorities authentication of data or endorsement of the creator’s views.
The Cipher Temporary is dedicated to publishing a variety of views on nationwide safety points submitted by deeply skilled nationwide safety professionals. Opinions expressed are these of the creator and don’t symbolize the views or opinions of The Cipher Temporary.
Have a perspective to share based mostly in your expertise within the nationwide safety subject? Ship it to Editor@thecipherbrief.com for publication consideration.
Learn extra expert-driven nationwide safety insights, perspective and evaluation in The Cipher Temporary
