Russia and other states have taken to hiring street gangs and thugs to do the sort of dirty work that even spies don’t want to touch.
12 June 2017
Following the WannaCry ransomware cyberattack, which shut down computers around the world from Russia to Taiwan last month, fingers have been pointed at North Korea. Sort of.
To be more exact, they’ve been pointed at the cybergang known as the Lazarus Group, the group of hackers linked to the 2014 attack on Sony Pictures and the theft of $81 million from a Bangladeshi bank. But journalists have tended not to draw any distinction between the Lazarus Group and the regime of Kim Jong Un, which is understandable. North Korea has relied on such criminals and thugs to do its bidding for years.
This puts the Hermit Kingdom, for once, ahead of the curve. There’s growing evidence that other states — particularly Russia — are increasingly turning to organized crime groups as proxies, intelligence assets, and sometimes even as hired killers.
Welcome to the modern age of hybrid war, when even crime has been weaponized.
The gangster-spook nexus
There’s no doubt that North Korea has led the way in turning organized crime toward state ends. Its infamous Bureau 39 is essentially the government’s mafia office, dedicated to generating resources by illegal means to support the state (especially its nuclear program) and keep the Kims in imported luxuries. It arranges for methamphetamines to be brewed inside government chemical works, the state mint helps produce some of the highest-quality counterfeit bank notes in the world, and the state-owned Korea National Insurance Corp. (KNIC) runs systematic insurance frauds abroad.
Thae Yong-ho, a former diplomat who was the highest-ranking defector in 20 years, claimed in 2017 that these schemes earn Pyongyang “tens of millions of dollars” annually. (In 2009, KNIC managers in Singapore reportedly sent then-leader Kim Jong Il $20 million in cash as a birthday present.) Turning to cybercrime has been a logical step. Cheap, potentially lucrative, and not relying on physical contact, cybercrime is the ideal operation for an impoverished and isolated pariah. Other states committed to challenging the international order are learning from Pyongyang’s example, though — if with a little more subtlety. Unlike the North Koreans, they are typically cutting deals with the underworld rather than simply moving into it themselves. Gangsters, after all, have all kinds of skills and capacities that can be of value to intelligence agencies and covert operations in the modern world, whether moving goods or people untraceably across borders, raising funds for political purposes, or simply putting a bullet into an inconvenient enemy of the state.
Of course, intelligence agencies have long used criminals as proxies from time to time. The Sicilian Mafia provided local knowledge and muscle for the Americans before the Allied invasion of Sicily in 1943. In the 1990s, Pakistan’s Inter-Services Intelligence agency used the D-Company criminal organization to launch terror attacks in India.
In the main, though, these connections tended to be quite rare, one-off necessities more than actual policy. After all, criminals are essentially self-interested and intrinsically untrustworthy.
Increasingly, though, states are turning to this on a more regular basis. The Turkish security forces have used rival heroin-smuggling gangs as weapons against the Kurdistan Workers’ Party to penetrate Turkish expatriate communities, for example. Chinese triads are being used by Beijing’s Public Security Bureau to intimidate protesters and gather intelligence abroad. And when the Iranian Revolutionary Guard wanted to kill the Saudi ambassador to the United States in 2011, they used someone they thought was a Mexican drug cartel hit man. (He was actually an agent for the Drug Enforcement Administration.)
However, as they look to prosecute their “political war” against the West, the Russians are emerging as the most enthusiastic users of gangsters’ services. Given that their intelligence services are now up to Cold War levels, it seems ironic that they would even need such amateur auxiliaries. However, so ambitious and numerous are their operations that even they sometimes need some extra capacity or deniability.
Mobilizing Moscow’s mob
Some of the instances when Russia has used criminals as proxies are well known. Russia’s seizure of Crimea, for example, and the subsequent undeclared war in Ukraine’s Donbass region were carried out not just by Russian special forces, but by local gangsters serving as so-called self-defense volunteers. Similarly, many Russian cyberattacks, especially large-scale ones, involve mobilizing criminal hackers. (Indeed, the cyberespionage division of the Federal Security Service has actually recruited hackers by giving them the choice of prison or service.)
But most of this state-sponsored organized crime is more low-profile. We are seeing more and more cases, especially in Europe, where local counterintelligence services believe gangsters are acting as occasional Russian assets. Some work on behalf of the Russia state willingly. In other cases, these criminals have been turned into assets without their knowledge, thinking they are simply doing a service for a Russian gang. And yet for others, they are made an offer they can’t refuse. In a recent report for the European Council on Foreign Relations, I call these “Russian-based organized crime” — whether ethnically Russian or not (because many are Georgians or the like), they are criminals with business or personal interests back in Russia, a fact the Kremlin can use as leverage.
To be sure, most of the time direct links between criminals and the Russian state are hard to establish. What good would it be to hire them if they weren’t? But in some cases, the politically convenient patterns are plain to see. In Istanbul, Russian gangsters have killed Chechen rebel supporters, according to Turkish intelligence. In Ukraine, only a few days ago, a Chechen gangster tried to kill an anti-Russian militia commander.
In the Czech Republic, the authorities warn of the links between Russian intelligence and questionable businesses involved in corruption and money laundering. In Finland, the security police suspect Russian criminals are buying up strategically placed properties from which military facilities can be monitored or even attacked.
Criminal hackers — those not recruited straight into the intelligence services — are being used for both targeted information heists and crude cyberattacks. Putin has even hinted, with a nod and a wink, that such “patriotically minded” cybercriminals may have been behind the Democratic National Committee hack.
Remember Anna Chapman, the brunette bombshell in the circle of “illegals” whom deep-cover Russian spies uncovered in the United States in 2010? The likely ringleader and most serious of the team was Pavel Kapustin, who went by the name Christopher Metsos. When the FBI finally came calling, he was no longer in the country. He was later arrested in Cyprus, where he was bailed out and then disappeared. According to intelligence sources, he may have been spirited out of Cyprus under the CIA’s nose by people traffickers.
The use of criminals on the part of the Russian government even seemingly leads to the provocative cross-border raid into Estonia by Federal Security Service (FSB) commandos in 2014, during which they snatched Estonian security officer Eston Kohver. He was convicted on trumped-up espionage charges before being swapped for a Russian spy in an Estonian prison, but the main aim appears to have been to disrupt his investigation into a cigarette-smuggling ring. The criminals were moving untaxed or counterfeit cigarettes over the frontier with the FSB’s protection. In return, the Russians got a cut of their proceeds as chernaya kassa — “black account” — secret funds that could be used to pay off friends or support convenient political movements without revealing Moscow’s fingerprints.
A dangerous gambit
So what’s not to love? Why shouldn’t everyone, Washington included, get into the gangster-spook game? Apart from the ethical issue, there is the political cost. Criminals make unreliable agents, prone to unprofessionalism in action, and an eager willingness to tell all in return for a lighter sentence when caught. Pyongyang hardly has any credibility or legitimacy to lose, but countries routinely engaging in these activities risk being considered pariahs.
Then there is the risk of blowback. While the state is working out how to use the criminals, the criminals are working out how to exploit the state. The result is often a vicious circle of further corruption and criminalization. When Canadian naval intelligence officer Sub-Lt. Jeffrey Delisle began selling secrets to the Russians, for example, he was given the shopping list of secrets that Moscow wanted. Over time, there were unexpected additions. Moscow wanted to find out what the Canadians knew about the Russian gangsters operating there. The odds are this wasn’t because the Kremlin itself was interested, so much as that someone in the chain of command saw an opportunity to get hold of information that could then be sold to the criminals.
But this is the age of so-called hybrid war, of the blurring of the boundaries between war and peace, overt and covert, espionage and information. And what could be more hybrid than the gangsters? Certainly for the foreseeable future they will remain assets not just in the shadow war between Russia and the West, but a range of geopolitical struggles carried out by countries that are looking to outsource operations from espionage to sabotage to these deniable mercenaries of the underworld.