January 13, 2021
IntelBrief: Russian Intelligence Operations Gone Rogue
Revelations that Russia’s Federal Security Service (FSB) attempted to assassinate opposition activist Alexei Navalny in August 2020 using Novichok nerve agent have highlighted broader questions about the Kremlin’s choice to use such lethal nerve agents, despite the risks they pose to operational security. The failed assassination of Sergei and Yulia Skripal in Salisbury, UK, in March 2018, revealed that Russia favors Novichok as a tool of assassination; nonetheless, the poisoning of an individual through the use of a nerve agent has been recognized by the OPCW as use of a chemical weapon, prohibited by international law. The poisoning of Navalny, a frequent critic of Russian President Vladimir Putin, raised obvious suspicions about the role of Russian intelligence services like the FSB and the Main Intelligence Directorate (GRU), Russia’s military intelligence. Using Novichok to kill is a more cumbersome method than others that frequently occur in Russia, where dissidents and journalists regularly die from ‘falling out of windows.’ But the state’s willingness to inflict the slow and painful death from such a nerve agent is designed to send a clear message to others who dare consider challenging Putin and his grip on power. Consequently, Novichok is now synonymous with Russian state-sanctioned assassination attempts, the go-to method of eliminating perceived political rivals when the Kremlin wants to send a particularly clear message.
The attempt on Navalny’s life failed, but just barely, with Navalny surviving because of quick action by a doctor and pilot. Last month, working with CNN and Bellingcat and using a phone number that spoofed an official FSB landline, Navalny himself spoke with one of his would-be assassins. During the conversation, Konstantin Kudryavtsev—who believed he was speaking to a high-ranking FSB official conducting an after-action report of the failed operation—disclosed previously unknown details. The team had applied Novichok on the inside of Navalny’s underwear, where it would be most quickly absorbed through the skin. FSB teams with Novichok had been trailing Navalny for three years as he traveled across Russia. After the attempt, officers went to the town of Omsk, where the pilot had made an emergency landing, in order to retrieve Navalny’s clothing and dispose of any evidence. By attempting to poison Sergei Skripal and his daughter Yulia on British soil, Russia also demonstrated its apparent lack of concern over a response from the United Kingdom specifically, or the international community more broadly, reaffirmed in both the United Nations and the OPCW in recent months. Given that the Skripals and Navalny survived and their would-be assassins were identified, what some have questioned as sloppy tradecraft may in reality be part of the intended message: Russian intelligence services are confident enough to murder opposition figures in foreign countries. Other brutal autocrats, including Saudi Crown Prince Mohammed bin Salman, have acted in a similar manner, dispatching teams of assassins around the globe to murder critics of the Kingdom. MBS may have even been emboldened to act after witnessing the muted reaction to Russian state-sponsored assassination attempts.
The Navalny affair highlights the manner in which the Kremlin operates under Putin. The Russian president dismissed the evidence of Moscow’s involvement, calling it ‘a planned provocation aimed at discrediting the FSB of Russia,’ and asserted that if Moscow had wanted Navalny dead, Russia ‘would've probably finished it.’ Yet the evidence is clear that Putin did want Navalny dead, and wanted to do it in a painful and public way. From a tradecraft standpoint, the unraveling of one of the presumably elite FSB teams demonstrated the difficulty of conducting truly clandestine operations even inside one’s own country. Cell phones and travel records, among other open and semi-open source information, is proving to be extremely effective in delineating the contours of these plots. The same applies to the Russian downing of flight MH17 over eastern Ukraine in July 2014. Intelligence services are adjusting to a dynamic operating environment where open source intelligence analysts and investigative journalists have access to troves of publicly available data. Yet, the willingness to disregard international obligations, and the lack of accountability for states that do so, enable states to continue to perpetrate such acts and weaken the rules based international system.
Russia’s rogue actions reflects the Kremlin’s increased confidence in operating beyond traditional boundaries. This has direct implications for the United States and raises questions about any roles in association with the anti-government violence in Washington D.C. and beyond. In 2016, Russian nationals paid Americans to attend pro-Trump rallies and in one case, to dress up as Hillary Clinton locked inside a mock cage. The counterintelligence challenge has never been more urgent. In one of the videos from the storming of the Capitol in Washington D.C. last week, an individual within the mob that breached the building can be heard yelling in Russian. Another rioter required a Russian interpreter to understand what she was being charged with. Laptops and documents were stolen from the Capitol during the violent siege, and a full accounting of what went missing remains incomplete. Some items may be harmless but the penetration of such an important government site may also signal future opportunities to gather sensitive materials for malign actors. To date, there has been no hard evidence that Russian intelligence agents were among the violent mob that overran the Capitol, but given Moscow’s penchant for pushing the envelope, it cannot be entirely ruled out either.