KREMLIN FILES: A brush of a hand towards a park bench with chalk; or, a bit {of electrical} tape left on a mailbox. Generally it’s a coded phrase buried in a routine electronic mail with an encrypted image. That is what Russian intelligence tradecraft appears to be like like: refined, disciplined, and constructed on indicators most individuals would by no means discover. With the marketing campaign of Russian hybrid struggle going down throughout the European continent, it’s extra essential than ever for NATO’s intelligence companies and most people to be conscious of Russian espionage tradecraft. That very same tradecraft can be shared – no less than in part– with a few of our different adversaries, together with Chinese language intelligence, Iranian IRGC (Revolutionary Guard) or different parts, and even terrorist teams. There has by no means been a greater time for Individuals to train vigilance relating to our adversaries and their intelligence companies.
For the Russian intelligence companies (RIS), over a century of experience– from the Cheka to the KGB and as we speak’s SVR and GRU– has helped refine the artwork of dealing with brokers in what they contemplate hostile overseas environments. Whereas expertise advances, the elemental rules stay largely unchanged: compartmentalization, deniability, endurance, and psychological management. The early Bolshevik revolutionaries needed to perceive spy tradecraft as a result of they have been main a serious conspiracy towards the Tsar. They have been enemies of the state, touring beneath false passports and following what they referred to as the “guidelines of conspiracy” to hold out their revolution.
Some facets of Russian agent dealing with have developed, however others stay the identical. In my upcoming guide on Russian intelligence tradecraft (out with Naval Institute Press, April 2026), I’ve a chapter dedicated to Russian “avenue tradecraft” or how they deal with their recruited brokers. CIA calls this observe “sticks and bricks.” The RIS practice on this closely at their intelligence academies, together with surveillance/countersurveillance methods, agent signaling and dealing with, and the usage of operational expertise in agent communications. These techniques have developed as nicely through the years to incorporate satellite- and pc/encrypted-based “covert communications,” or what the Russians generally name “spets-svyaz.”
Finding out these methods and their patterns is extra essential than ever with Russia unleashing a wave of covert motion and sabotage operations towards NATO and the West. Invariably, amongst these operations, there shall be dealing with of espionage penetrations of NATO nations and their governments. And after they have extremely positioned brokers, and even these positioned within the media, firms, or NGO’s, the SVR, GRU, and FSB will use the next sorts of tradecraft to deal with them.
Russian Agent Signaling and Dealing with Practices
Signaling is prime to any agent-handling operation (recall that the Russians, like U.S. companies, don’t seek advice from their officers as brokers—the time period agent is reserved for the asset, or overseas spy, being dealt with). Earlier than any message is exchanged, brokers and handlers should verify that it’s secure to speak after which sign that the fabric change has been profitable. Russians use what we regularly wish to name “city geography,” that means phone poles, mailboxes, park benches, or indicators. Issues that received’t usually transfer however are a part of our on a regular basis life and could be simply described to an agent, whereas nonetheless being distinct.
For instance, the KGB used phone and utility poles to mark indicators and packages for the recruited cryptographic spy John Walker within the Nineteen Eighties, whereas he was betraying the U.S. Navy within the case that grew to become generally known as the “Walker Household of Spies.” The utility poles had the benefit, because the KGB famous, of every bearing a selected metallic plate or identifier, which Walker may confirm earlier than dropping his reels of photographed paperwork, usually hid amongst numerous items of rubbish (similar to photographic reels positioned in empty soda cans).
Lifeless drops, or what our British colleagues name “useless letter packing containers,” are equally elementary to Russian agent dealing with. They name them “tainiki,” that means “hid” or “secret place.” The Russians will use sealed and hid containers — magnets beneath bridges, hollowed-out stones, or waterproof capsules (generally simply double-wrapped trash luggage) set in quiet areas or buried shallow in parks. These useless drops enable materials to be exchanged with out face-to-face contact. The strategy minimizes publicity: no assembly, no surveillance images, no conversations to intercept, and no threat of the FBI, British BSIS, or different overseas counterintelligence companies following the agent or the Russian intelligence officer (RIO) to the assembly, thereby compromising the op.
After which there are communications protocols. Traditionally, this meant one-time pads and burst radio transmissions utilized by Russian brokers all through the Chilly Warfare. All the Russian illegals who have been arrested within the “Ghost Tales” case publicized in 2010 have been skilled and utilized to some extent or one other in these techniques. They contain encrypted messaging apps, laptops wired for covert exchanges, steganography in digital photos, or covert Wi-Fi exfiltration from public areas.
With all these practices, the identical guidelines endure from the early days of the Bolshevik Chekists: assume compromise is inevitable, and design for resilience and redundancy in agent communications.
Surveillance Operations Overseas
Overseas, the SVR and GRU use surveillance extra selectively than at house. Russia is certainly a contemporary surveillance state, however overseas, the RIS are the hunted and watched. The FSB operates much less overseas than its overseas intelligence service and navy counterparts, but it surely has made extra forays into overseas work than ever, notably in particular operations and so-called “moist work.” The aim with surveillance, for all three companies, is to observe adversarial companies (i.e., all diplomats from NATO and different nations that Russia considers adversaries—a listing that’s rising), shield their very own officers, and, generally, use it to search out kompromat—compromising materials to intimidate potential recruits by way of extortion.
The SVR and GRU every have devoted surveillance groups that may deploy overseas beneath the guise of unlawful or different official or non-official covers. However most of the time, they make use of their very own IO (intelligence officer/workers officers) from Residencies already overseas to be able to conduct “pick-up” groups to surveil targets of curiosity. This isn’t a finest observe, however one they’re pressured into by the PNGs (declaration persona non grata), or expulsions, of tons of of their intelligence officers from NATO and different nations lately. The RIS now not have the staffing they as soon as did beneath official cowl at embassies overseas.
Naruzhka, because the Russians time period the surveillance artwork, is rarely nearly “following.” It helps countersurveillance, making certain GRU and SVR officers aren’t beneath adversarial monitoring earlier than a gathering or useless drop. Additionally, for the varied acts of operational safety with conferences, Russians use surveillance detection routes, which they name “marshrut proverki” or MP’s. After they have the assets to take action, simply as in Russia, the SVR, GRU, and generally even the FSB map the routines of overseas officers or enterprise leaders. Their aim is to find out whether or not these targets are viable recruits or potential targets for different operations, like their “direct motion” and assassination makes an attempt overseas.
Classes Discovered and Forgotten, From the Chilly Warfare
Good counterintelligence isn’t about chasing cinematic spy tales, however about recognizing patterns: refined signaling behaviors or uncommon compartmentation requests. These could be seemingly low-value contacts that, over time, map a community. U.S. and allied companies have disrupted refined networks run by the RIS through the years, many instances over. Nonetheless, the working setting has sadly solely develop into extra permissive for spying as strategies utilizing technical assets develop.
International mobility, digital platforms, tutorial openness, and enterprise capital ecosystems create frictionless entry factors that hostile companies exploit patiently and methodically. Which means counterintelligence tradecraft should be simply as disciplined. Allied companies must make use of sample evaluation, cross-domain collaboration, and knowledge integration. Defensive briefings have to be sensible, not paranoid or meant to intimidate staff. Early anomaly detection inside delicate applications is essential. And above all, we have to train our collective institutional reminiscence: understanding that these strategies aren’t new, solely repackaged.
Firms, universities, analysis facilities, and startups sit on the entrance strains, whether or not they understand it or not. Expertise recruitment, joint analysis proposals, convention networking, funding provides, and knowledge partnerships can all be reliable, or sometimes one thing else. The RIS and their Chinese language allies perceive that long-term entry is preferable to short-term theft. They domesticate relationships, not simply sources, they usually play on ego, particularly with lecturers, diplomats, and businesspeople. The Chinese language recruitment of former CIA officer Kevin Mallory is a living proof—recruited and contacted by the Chinese language by means of a job-hunting social media platform.
We’re targets — each within the United States and with all of our European allies. We’re so, not due to paranoia, however due to functionality and innovation which can be the envy of Russia. That and our democracy, which Putin fears. He can’t afford for the Russian folks to take pleasure in democracy and the freedoms we take pleasure in. If he allowed it, his reign couldn’t have lasted so long as the longest of the Tsars.
The Russians nonetheless use the time period “GP” (glavnii protivnik) to seek advice from the U.S. as the primary adversary. Ask any RIO, and they’ll rapidly state that the UK, Germany, and all our NATO allies rank 2,3,4 and many others. We have to be conscious, actively collaborate, and stay always vigilant. The comb of a hand towards a bench. A benign LinkedIn message. A visiting scholar with a narrowly outlined query set. Tradecraft hasn’t disappeared, however has tailored. Vigilance, transparency, and knowledgeable skepticism aren’t overreactions. They’re the trendy equal of checking the lampposts and utility poles for chalk marks.
All statements of reality, opinion, or evaluation expressed are these of the writer and don’t replicate the official positions or views of the US Authorities. Nothing within the contents needs to be construed as asserting or implying US Authorities authentication of data or endorsement of the writer’s views.
The Cipher Transient is dedicated to publishing a variety of views on nationwide safety points submitted by deeply skilled nationwide safety professionals. Opinions expressed are these of the writer and don’t signify the views or opinions of The Cipher Transient.
Have a perspective to share primarily based in your expertise within the nationwide safety area? Ship it to Editor@thecipherbrief.com for publication consideration.
Learn extra expert-driven nationwide safety insights, perspective and evaluation in The Cipher Transient
