THE WARSAW INSTITUTE REVIEW

Date: 4 November 2019 Author: Alexander Wielgos

V4 in Changeful Espionage

Albeit intelligence sharing is a praised notion, leverage-eliciting information is still exchanged for something else. Emphasis is growing on the cyber and private outsourcing angles. As smaller countries can play disproportionately larger roles, it is imperative for the V4 to keep up, and to do so symbiotically, together.

It aptly plays into the ‘two-level game theory’ environment of states, each juggling internal divisions at the same time as divisions between states. Friends and adversaries of the V4 are observing this and witnessing others doing the same. Furthermore, what is seen is that, at the official level, the V4 states still do not yet entirely see certain entities the same, namely Russia, but others too. It is an impediment despite otherwise remarkable political and diplomatic cohesion.

Left to right: Slovakian Prime Minister Peter Pellegrini, Czech Prime Minister Andrej Babis, Polish Prime Minister Mateusz Morawiecki, and Hungarian Prime Minister Viktor Orban pose for a family photo during their informal meeting of the heads of the Visegrad Group countries in the Prime Minister’s office in Budapest, Hungary, June 13, 2019. fot. AP Images/EastNews

In October 2019, a Slovakian cybersecurity firm, ESET, unmasked an espionage operation[1], ongoing since about 2013. ESET refers to the perpetrators as the ‘Dukes,’ directly linked to the Foreign Intelligence Service of the Russian Federation, or SVR. As recently as June 2019, the Dukes infiltrated the networks of the Ministries of Foreign Affairs of two Central European states and one EU state, including the network of said EU state in its Embassy in the US. There may be more than detected thus far.

ESET refers to this intrusion as ‘Ghost Hunt’. After a period of seeming quiet, the Dukes returned with a recalibration of malware to evade uncovering. Some of their ploys include: occupying lots of space with code to hide communications, a smaller malware to sneakily install a programme using information from social media, and subtly changing pixels in graphic images to convey messages. The malware relays information can last years and continue despite device changes.

Furthermore, as mentioned in a preceding article[2] of this issue of The Warsaw Institute Review (WIR), the Embassy of the Russian in Prague is a hub for intelligence officers[3] using diplomatic cover as well as conducting cyber-offensive operations in the Central Eastern European region. Guesses suggest something like 40% of diplomatic personnel in said Embassy could have a more clandestine nature. The Czech Counter-Intelligence Service, BIS, uncovered and dismantled a spy ring in 2018, which attacked its Ministry of Foreign Affairs and was also used for aggressive disinformation campaigns. Though BIS understands well, it is unwise to be certain that all threats from this activity are mitigated. Tactic changes are likely.

ESET’s recent findings may or may not be related. The Dukes have been called ‘Cozy Bear’ or ‘APT 29’ as well, designated as an ‘Advanced Persistent Threat’ by cybersecurity firms. If it rings a bell, it is because they are a relatively more sophisticated but lesser-known group which accompanied the daring ‘Fancy Bear,’ or ‘APT 28’, in breaching the Democratic National Committee of the US in 2016.

The Dutch Intelligence Agency, AIVD, was able to hastily alert the NSA-liaison at the US Embassy in the Hague of this attack, as well as another intrusion into the US State Department. Earlier, in 2014, AIVD had gained access to a building[4] close to the Red Square, possibly from the journalism department at 9 Mokhovaya St. of Moscow State University. Little did they know that from this, they would be monitoring the APT activity, even taking photographs of people visiting from the security camera. This enabled AIVD to identify the agents of the SVR, though other cybersecurity specialists believe the tracks go to the Federal Security Service, the FSB.

Besides intrusion, leaks are particularly relevant to harmfully altering the functionality of diplomacy. In July 2019, confidential cables of UK Ambassador to the US addressed to the UK Foreign and Commonwealth Office were leaked[5]. In them, the UK Ambassador’s description of a rather negative assessment of the incumbent US Administration led to his reallocation to a different positing.

What the aforementioned give insight to is the value of secrets.

Changeful Espionage

Forasmuch the V4’s contribution to European security is needed to excel not only on the official levels, how well they unofficially relate to the said value, will be one of the determinants of the V4’s position on the geopolitical chessboards.

The first insight would be that, because the UK Ambassador’s leaks highlighted the existing risk of such feats, as a Foreign Policy article[6] argues, a plausible effect is a self-censorship. An Ambassador’s honest views of developments in the state in which she or he is posted is vital in formulating the appropriate approaches. Uncertain whether this leak was deliberate or enabled by a hack, but because it cannot be ruled out, diplomats elsewhere noted the warning. Information is harder to obtain if it is purposefully omitted.

A second insight is that, whilst deepened intelligence sharing within the EU and NATO is praised as a notion, the happenings would suggest that the nature of this resembles in some ways almost that of a marketplace. The incentive of collecting secrets is that they can give leverage in both intelligence circles as well as political or diplomatic ones[7]. Besides cake and flowers, AIVD and its military counterpart, MIVD, met with the NSA and then-Director of National Intelligence of the US. In exchange for access to their uncovering, AIVD and MIVD received information on breaking into mobile phones of some high-level Russian intelligence officers, as well as a hint that they like to do a quick internet search for any indication their next attack could be anticipated.

It can go further and more formalised. In 2007, Estonia was targeted in a nationwide cyberattack. Plausibly state-sponsored by Russia, in retaliation over a political disagreement. Having made strides in digitisation, e-Government services, banks, voting, etc., the attack unveiled its vulnerabilities. Naturally, Estonia decided it was having none of that, its friends (including all V4 states) agreed, and the NATO Cooperative Cyber Defence Centre of Excellence was established in Tallinn, referred to just as the ‘NATO K5’. Since then, Estonia has significantly accelerated its excellence in intelligence, cybersecurity, and diplomatic circles.

Third, is the steadily increasing role of private firms. Similar to private military corporations, security contractors, and mercenaries playing increasingly larger roles in conflict zones. Retiring intelligence officers carry with them skill and know-how. Ex-CIA intelligence officers established consultancy firms and were hired by UAE government officials[8] to build their intelligence capabilities right from its very foundations. It conveys the extents to which the years of accumulated experience and training in the field can be made use of lucratively.

If not guiding and training the intelligence agencies of other governments, states can hire internet mercenaries to license their savvy instruments. Indeed, the private angle would seem able to overcome otherwise politically incompatible partnerships. Saudi Arabia had purchased services from a private Israeli firm, NSO Group, with a sophisticated array of surveillance tools[9] and their signature ‘Pegasus’ feature. NSO’s clientele includes the government of Mexico aiming to pursue cartels effectively. Sure, WhatsApp messages are encrypted, but a mechanism[10], revealed in May 2019, could be installed by a missed call or received message, which then erases itself, and then proceeds to copy messages before encryption or after decryption. Not to worry, the loophole has since been addressed. Probably.

Like most government-enterprise revolving doors, these entities act as an extension of the state, and can also be hired to simply carry out specific tasks on their behalf with a solid degree of deniability. DarkMatter, a UAE firm, competes with NSO’s software but is geopolitically motivated against Global Risk Advisors, which could be argued as a counterpart of Qatar.

Fourthly, as everyone is already well aware, is the changing technological advances that are both a cause and a symptom of the other insights. Human intelligence – HUMINT – is valuable because more than just secrets, it also gives intuition into a state’s intent[11]. The traditional go-to, costly, time consuming, and now, much riskier. Preparation requires identification of a tenable recruit, training, a plan to go in, a contingency plan to get out, formulating an identity that suits addresses, bank accounts, relatives, and much more, all of which are commodities up for trade. A Canadian architecture student in Moscow, who was seen chatting at the US consulate in Hong Kong about 3 years back on social media, has a phone which can be traced to sudden stops at benches in parks or going dark in the metro for a couple of hours[12].

Other methods, including using a freshly employed officer or a one-time asset, depending on the scope of the operation. The aim is so that the ‘asset’ being recruited by a ‘handler’ does not fully grasp the significance of their actions, or the things divulged. In 2018, it was revealed that the driver employed by a US Congresswoman steadily fed information[13] to the Chinese Consulate in San Francisco, for about 20 years. Possibly nothing classified. However, trends, attitudes, atmosphere, and intent may be just as useful. Supposedly, during a family visit in Asia, the driver was approached by a charismatic individual who befriended him, which turned out to be from the PRC Ministry of State Security[14].

Such feats risk an international scandal should an intercept occur – we all have heard some unsettling headlines like this here and there. This is less appealing to small states which are more vulnerable to retaliation. It is not farfetched to argue that it is becoming more and more difficult for Western states to spy on increasingly authoritarian, closed states, such as Russia and China. The reverse, however, would seem to face less obstacles. Therefore, it has probably crossed people’s minds that activities of Chinese and Russian intelligence for hints of sources and methods could be monitored, but from an at least neutral city, such as London or Paris, rather than directly from Beijing and Moscow[15], and vice versa.

Support Us

If content prepared by Warsaw Institute team is useful for you, please support our actions. Donations from private persons are necessary for the continuation of our mission.

Support

Signals intelligence – SIGINT – traditionally requires massive and expensive equipment, but as smaller aspiring entities have shown, be they from government agencies or outsourced firms, small pieces on this chessboard can begin to cast large shadows. Paradoxically, intelligence activities in Western states, including the V4, may find it beneficial to reveal more to remain relevant and credible, with ample justification for the security-orientated necessity of their actions[16], if they wish to refrain from becoming a totalitarian-like police state. Of course, only to the extent this does not jeopardise the operations, a line which is probably dumbfoundingly blurry.

Putting it into context, the reason for engaging at all in these is that it has a very real impact on the relevant geopolitical dynamics. Some extraordinary and tragic stories emerge post factum, like that of the Cambridge Five, Ashraf Marwan, Eli Cohen, and others – Poland has some truly legendary and daring stories too, like that of Witold Pilecki, Krystyna Skarbek, the German Enigma crackers Marian Rejewski et al, amongst many others. Nevertheless, it is the incessant accumulation and consistency of such efforts that have the potential to sway decision-making in a more apt course of strategy, particularly of a foreign and security policy.

fot. Flickr.com/martin louis

‘Two-Level Game Theory’

In 1988, Robert Putnam, a US political scientist and Harvard professor, put forward the generally widely understood, albeit rarely named, the concept of “two-level game theory”. In his paper[17], he attempts to aptly theorise the entanglement between domestic politics of a country and their foreign policy. While it is commonly acknowledged that the entanglement exists, it is difficult to anticipate how it varies on when, in what ways, and to which extents[18].

His research suggests, using an example of multilateral negotiations in 1978, that “first, that the key governments… adopted policies different from those that they would have pursued in the absence of inter-national negotiations, but second, that agreement was possible only because a powerful minority within each government actually favoured on domestic grounds the policy being demanded internationally[19].”

Without internal divisions in a negotiating side, it is unlikely that the foreign demands would have been met. Yet, without the pressure from the foreign side, it is even more unlikely that the internal division would tilt to favour that same direction[20]. This is what negotiating sides face in diplomacy, most especially in elements pertaining to security.

Observe Those Observing

Furthermore, as any geopolitical development is undergoing – any at all – the relevant international actors are observing it unfold: the decisions being made, the decisions not being made; actions which are initiatory or reactionary; the intentions behind them; its effects in the short term, medium-term and long-term; risks calculated and miscalculated; things seen and unseen, and by whom; the diversions consuming attention to and more crucial elements subtly evading it; spot-on analyses demonstrating acute understanding, completely missing the point, and all in between; and so on.

Their observations can be illustrated with questions, and here they contemplate: “how does this affect our interests?” They are also identifying other actors also observing the same development, and they ask themselves secondly: “who else is watching this?” They are considering what conclusions the other international actors will draw from how they observe this development, wondering: “those that are watching this, how do they think this affects their interests?”

Finally, the actors would strive to anticipate the other actors’ reactions to the said development in pursuit of furthering their own interests. “Considering how the others might think this affects their interests, how can we take advantage of this?” follows suit. Naturally, this notion pertains to state actors and non-state actors, both international and local. It also entails situations between close friendly partners with positive intentions, among neutral entities, as well as between hostile actors with aggressive or malicious intentions.

Furthermore, actors who consider the notion mentioned above would like to carefully consider how known their answers are looking like to other actors, probably as “what do the other actors think that we are thinking?” Responses can be conveyed clearly, ambiguously, deliberately deceivingly – or, most likely, a clever combination of all.

It is difficult to know the precise workings of intelligence agencies and privately-owned entities – nor we should be able to know beforehand – as per the nature of the work. Nevertheless, what is conveyed about the status quo via the attacks uncovered by the Slovakian firm ESET and the Czech Agency BIS, carried out by Russia, and the lessons learnt from the other instances, merit scrutiny through these lenses.

As the Foreign Affairs piece[21] argues, US intelligence agencies are striving to adapt and maximise use of their advantages. So are Poland, the Czech Republic, Slovakia, and Hungary adapting to the changeful espionage. Hence the argument for better intelligence sharing, building on top of, or from example of existing arrangements.

Intelligence Sharing

Probably the most renowned is the ‘Five Eyes’ intelligence alliance between the US, Canada, the UK, Australia, and New Zealand, with joint efforts in HUMINT, SIGINT, as well as geospatial imagery, defence, and security intelligence. The Pine Gap facility in the middle of the Australian outback attests finely to it.

Initially, the UK and US signed a communications intelligence agreement in 1943, followed up by another in 1946 to formalise the WW2-period agreements in this field. In 1948, Canada joined, as well as Australia and New Zealand in 1956, though their precise status would change.

Since then, certain states have been coordinating with Five Eyes in arrangements dubbed ‘Nine Eyes,’ or even ‘Fourteen Eyes’. Other highly specific and temporary instances of coordination include a total of 41 countries sharing military intelligence in the context of NATO missions in Afghanistan.

Other notable examples include Europol, the European Union Military Staff (EUMS), or beyond the institutions, the ‘Club de Berne,’ an informal and voluntary-based intelligence-sharing forum of the EU member states, Switzerland, and Norway, set up in 1971. Like its more specialised offshoot, the Counter-Terrorism Group (CTG), both communicate with the EU via the EU Intelligence and Situation Centre (EU INTCEN), part of the EEAS.

Indicative of such value could be a case in which severing an intelligence alliance is arguably more worrying than a state cumbersomely leaving a political-economic union. In 2011, Japan and South Korea began steps towards it, and formalised in 2016 a military intelligence alliance[22]; the General Security of Military Information Agreement, GSoMIA. Purposed to inform one another, two allies of the US, of military activity from North Korea which could be threatening to either.

Though an economic dispute intensified, it was internal pressure in South Korea[23] which prompted the unilateral withdrawal in August 2019, and perhaps a peep at other examples of unilateral withdrawal after-effects. Both sides may be losing sleep over GSoMIA, as Japan and South Korea are currently making efforts to rekindle bilateral relations, but it is not simple.

The ‘two-level game theory’ and ‘observing observers’ lenses put into context the wider picture of why the increasingly sophisticated tactics to serve a better strategy. To clarify: a ‘strategy’ is a direction of policy; and a ‘tactic’, is a specific means to pursue a strategy. If one does not maintain a strategy, and tactics to implement it, one becomes vulnerable to those which do.

That said, certain strategies of Poland’s multilateral-orientated foreign policies undertaken in partnerships: the Eastern Partnership (EaP), formed by Poland and Sweden; the Bucharest Nine (B9), formed by Romania and Poland; the Three Seas Initiative (3SI), formed by Poland and Croatia; and recently, the Warsaw Process, formed by Poland and the US; and although continuously improving, they are certainly worthy of applause. Continuous improvement is grounds for success.

Hence, the argument is that for the V4, the next, correct, and natural step is to, at the very least, seriously consider the concept to deepen intelligence cooperation, contemplating the points discussed.

Enhanced intelligence cooperation, not just on the military intelligence front, is necessary because the tactics used against the V4 are not limited to military intelligence. Having well-developed military intelligence cooperation already, namely via NATO, is a fundamental advantage which minimises the adversaries’ options.

It also pertains to timing, such as the UK and the intelligence sharing adjustments upon the departure, and the upcoming Presidential elections in 2020. In no specific order, the things conveyed – and the things observed – from just the intent of such is a message to adversaries that their previous efforts have been noted, they have been taken seriously, and future efforts will be impeded in multitude. Just as important as the actual capability to exert force in this field, is how the projection of power is perceived by other actors because that is what they will act accordingly to. Moreover, it would be unwise to think the V4 will not be challenged upon taking up such a feat.

The V4 would address this by being more refined. Not just concerning enhanced technical abilities against aggressive actions of Russia, or infrastructure protection with regard to China, but also a subtle yet apparently negative, power hogging German influence in European institutions, which from the perspective of Poland, accompanies a deliberate distortion of history which could indicate perhaps unfavourable intentions.

Moreover, the V4’s role in foreign and security policy in Europe is becoming clearer as it goes ahead upon sufficient alignment on both domestic and international fronts. So rather than waiting to first being better politically aligned and then deepening intelligence cooperation, it is the other way around: deepening intelligence cooperation will naturally lead to being better politically aligned. Sure, cohesion between each of the V4 states is not immaculately perfect, and it never will be. However, as the ‘two-level game theory’ tells us, that is a good thing. Even better, the political cohesion is nevertheless incredibly remarkable, so much so, that it is good enough. Perhaps, meetings at the Prime Minister or Presidential levels may become a tad more interesting.

It is also a clear message to friends, particularly those in existing frameworks, that this is a collection of reliable partners. Argumentation here is, in large part, an extension of the lines of existing V4 rhetoric. It is an endeavour which is achievable, considering the changing times and the potential of smaller states doing more, small states doing more together makes sense.

This is especially pertinent so that the V4 finds itself on the right side of the gap between countries successfully adjusting to the changing environments of espionage in all its foreseeable and unforeseeable dimensions with each day that passes. That is not to say the V4 states are not doing their bit – their efforts are recognisable, both in state intelligence agencies, private cyber-security firms, ministries (e.g. the 5-point plan of the Ministry of Digitisation of Poland, or the CyberMil of the Ministry of National Defence of Poland) – this is an encouragement to the V4 to keep going, and for the V4’s friends, to help out, because it is in their interest, too.

At the end of the day

In 1990, just preceding the First Gulf War, the CIA had six agents stranded in Iraq. The US appealed to select intelligence agencies in Europe, including France, the UK, and even the USSR for help. At the end of the day, it was only Poland to agree to the daring endeavour, dubbed ‘Operacja Samum’. A team of Poles went to their previously existing engineering firm in Iraq with half a dozen additional Polish passports. In the backdrop of suspicion from the Republican Guard, they made precarious way to Turkey with some company and some maps. As a result, the US helped alleviate half of Poland’s national debt, incurred of course, by the PRL.

Poland has demonstrated time and time again throughout its history that it is a reliable partner. The V4, in turn, has also demonstrated time and time again throughout its history that its cohesion has the capacity to make genuine, tangible differences on the international arena, and in standing up for the right thing.

The arguments for deepening intelligence cooperation between the V4 states are intricate and intertwined: the timing is pretty good (there is no absolutely perfect time), we like each other enough to set out rules that will be followed, the enhanced capabilities on a more specific front has much needed added value, joining efforts makes us keep up with the changing times like adjusting to technology and the private sector, as well as, the signal to friends and adversaries being quite clear.

In recent years more so than ever Poland has shown intent to stand up for partners in the Central Eastern European region, but not only. Doing so it is in the interest of each V4 state, to Central Eastern Europe, and possibly even to the world, providing an example to other states seeking cooperation, and to a larger extent, attesting to humanity being able to, and choosing to, prevent conflict and pursue advancement.

[1] Andy Greenberg, Stealthy Russian Hacker Group Resurfaces with Clever New Tricks, Wired, 17.10.2019

[2] p. x

[3] Ian Willoughby, Czech Agencies Smash Spy Ring Operated by “Very Aggressive” Russians, Radio Prague International, 21.10.2019

[4] Huib Modderkolk, Dutch agencies provide crucial intel about Russia’s interference in US-elections, de Volkskrant, 25.01.2018

[5] Isabel Oakeshott, Britain’s man in the US says Trump is ‘inept’: Leaked secret cables from ambassador say the President is ‘uniquely dysfunctional and his career could end in disgrace’, Daily Mail, 06.07.2019

[6] Robbie Gramer, Diplomats Fear Chilling Effect of British Ambassador’s Resignation, Foreign Policy, 09.07.2019

[7] Mark Galeotti, Size Doesn’t Matter for Spies Anymore, Foreign Policy, 31.01.2018

[8] Jenna McLaughlin, Deep Pockets, Deep Cover, Foreign Policy, 21.12.2017

[9] Mark Mazzetti, Adam Goldman, Ronen Burgman, Nicole Perloth, A New Age of Warfare: How Internet Mercenaries Do Battle for Authoritarian Governments, The New York Times, 21.03.2019

[10] Mehul Strivastava, WhatsApp voice calls used to inject Israeli spyware on phones, Financial Times, 14.05.2019

[11] Ali Younes, Gina Haspel’s CIA looks to recruit more foreign spies, Al Jazeera, 27.09.2018

[12] Edward Lucas, The Spycraft Revolution, Foreign Policy, 27.04.2019

[13] Marc Thiessen, Explain the Chinese spy, Sen. Feinstein, The Washington Post, 09.08.2018

[14] Matier & Ross, Feinstein had a Chinese spy connection she didn’t know about — her driver, San Francisco Chronicle, 01.08.2018

[15] Edward Lucas, The Spycraft Revolution, Foreign Policy, 27.04.2019

[16] Ibid.

[17] Robert Putnam, “Diplomacy and Domestic Politics: The Logic of Two-Level Games.”, International Organization 42, no. 3, published 1988, doi:10.1017/S0020818300027697., pp. 427–460

[18] Ibid., p. 427

[19] Ibid., p. 428

[20] Ibid., p. 429

[21] Amy Zegart, Michael Morell, Spies, Lies, and Algorithms, Foreign Affairs, 16.04.2019

[22] Grace Shao, South Korea is scrapping a security deal with Japan — here’s why it matters, CNBC, 23.08.2019

[23] Ibid.

All texts published by the Warsaw Institute Foundation may be disseminated on the condition that their origin is credited. Images may not be used without permission.