So I tried to make dankness while the sun shown about the newest sanctions that are going to hit Russia (delayed as they might be), but I'd like to take a moment to seriously address just how bad this all is for the GRU. #counterintelligence /1 nytimes.com/2018/08/09/wor…
The GRU's poor OPSEC has been a consistent driver among the naming-&-shaming and sanctions against Russia lately. Going all the way back to 2014, GRU - which has never been the most OPSEC conscious outfit - has been in the spotlight as Russia's primary meddling instrument. /2
Let's leave aside the ~2014 stuff about Crimea and Donbas because I have other work to do and focus on the more recent stuff. First, the identification of GRU as behind the Novichok attack in the UK was a double-edged sword for them. On one hand, it creates fear (Putin likey) /3
On the other hand, it spiraled out of control and led to a global campaign degrading Russian intel abroad the likes of which haven't been seen since UK's Operation FOOT in the 1970s. This pisses Putin off. It's heavy blowback due to sloppiness. /4
And then there are the sanctions related to Novichok. The chemical weapons ones, announced yesterday, have the potential to further damage the Russian economy and continue to put a tighter stranglehold around Russian procurement of key technologies. /5
Keep in mind Nikolai Patrushev - probably the 2nd most powerful man in Russia - has recently admitted sanctions are already straining Russia's ability to access energy technology. /6
Add on to this the fact that the HMG might decide to pull a Mueller and use the extradition request for GRU officers and/or assets involved in the Novichok attack to burn a substantial portion of GRU infrastructure. Again, that's embarrassing for a Chekist like Putin. /7
Shifting gears, the Mueller indictments were a huge shitshow for the GRU boyos in the Tower and the Aquarium. They were embarrassed in the most public way possible, by the country Putin loathes the most. That amount of detail also has counterespionage implications for GRU... /8
See, GRU doesn't run its own counterespionage investigations solo. It has to dovetail with the Department of Military Counterintelligence of FSB's First Service. GRU's main rival is now leading a molehunt and security check inside its cyber divisions. Bad news bears. /9
This is a win for FSB director Bortnikov and SVR director Naryshkin over GRU director Korobov. Bortnikov enjoys direct patronage from Patrushev and Putin, and Naryshkin has aligned himself with Bortnikov against the GRU. Korobov's only patron is Shoigu from MOD. /10
Right now, these failures - along with other embarrassments like MH17 and GRU's sloppy running of deniable forces in Syria - are wasting all the good will GRU built up during the tenure of its last director, Sergun, who oversaw Crimea & the initial stages of the war in Donbas /11
And Korobov is not political the way Bortnikov and Naryshkin are. His last job before becoming GRU director was head of GRU HUMINT, which is the sloppiest of the three HUMINT services in Russia (SVR is the best, FSB is a mixed bag). He's fighting a losing battle already. /12
Now, sanctions directly related to his officers' poor OPSEC and planning are directly affecting the value of ruble. It's obvious how that's bad for him. But a caveat: don't expect his decline to reach the public eye. Putin wouldn't allow it. /13
Putin will try and turn all this to Russia's advantage: sow fear on the down low (we can get to you) while also playing the victim up front (mean ol' West beating up on Russia). But he doesn't want to have to do this. He wants to appear strong & make the West look weak. /14
So Korobov & co.'s disciplining will be private. Some generals will get fired. Maybe a few line officers will end up in jail or posted to Siberia as scapegoats. But all the while, Korobov's stock will drop and FSB + SVR will reassert dominance over key portfolios. /15
FSB and SVR both want more primacy in near-abroad covert action (like what GRU screwed up in Montenegro), SVR wants more primacy in covert action in the Americas (like what GRU did sloppily in 2016), and both want to push GRU cyber down the ladder. /16
I think we might be seeing the inflection point where responsibilities become more clearly separated or at least realigned between the services. SVR as more the lead in far abroad influence ops, FSB doing the same w/ similar near-abroad stuff, and GRU pushed back into wetwork /17
Cyber-wise is a trickier question. GRU has more resources than FSB or SVR does, but FSB is more skillful. SVR is capable but operates a very small cyber shop that is shared in some way with FSB. But, I do think GRU won't get any new critical cyber portfolios any time soon. /Fin.
An addendum: @BTRTSR pointed out to me that all of this should be couched in context of Russia having a higher risk tolerance in their ops & that Putin does actively foster inter-service competition. So my comments should be taken as focused on GRU’s standing w/i that competition
• • •
Missing some Tweet in this thread? You can try to
force a refresh
John is right: if the intent of this disrupted black-bag job against the Spiez lab really was sabotage as opposed to espionage, it raises some curious potentialities about Russian motives. In a midnight analysis, it feels to me vaguely like some kind of desperation. 1/9
In my mind, the question is: what would make the increasing aggressive Russian services - in this case (apparently) the GRU - feel its necessary to engage in this particularly high-risk type of operation against a very hard target like a leading government CBRN facility? 2/9
I cannot overstate that deploying operators equipped with cyber sabotage tools to get physical/close, access to the networks of a Swiss chemical weapons laboratory when your service is already under scrutiny after a failed operation = just about all the moving parts. 3/9
To be very clear: I think that the “GRU are clowns” narrative is that is emerging is counterproductive and ill-informed. But I believe GRU’s aggressive “can do at all costs” attitude appears to have had a trending negative impact on the quality of its tradecraft. /1
Major data points that I think support this argument include the failed coup in Montenegro, the activity covered in the Mueller indictments, and the Skripal attack. Each presents it’s own examples of some subpar tradecraft and each has created substantive blowback. /2
As @jckichen has noted, tradecraft is not monolithic & should not be expected to applied equally/evenly throughout a given operation or across multiple operations. But I think these cases each had instances of subpar tradecraft that have since proven to be consequential. /3
In furtherance of the #counterintelligence discussion around the GRU and its competency, I want to address some recent reporting and analysis. Two articles - and one shared question - come to mind. /1
The 1st article takes the kind of argument I've made - the GRU has been sloppy resulting even successes generating some effects one would associate with qualified failures - and runs with it to the extreme. /2 bloomberg.com/view/articles/…
I have done my best to put as much nuance into my threads on this. I don't think so much that the GRU is incompetent (they have achieved numerous significant mission objectives) as that their tradecraft and OPSEC leaves much to desired, with that likely hurting them w/ Putin. /3
In today's edition of "The GRU don't need no stinkin' tradecraft", which is becoming a #counterintelligence tradition, we have the UK charging of the 2 GRU officers who carried out the Skripal attack. Here's the timeline assembled by Scotland Yard. /1 news.met.police.uk/news/counter-t…
This thread by @BBCDomC lays out the movements and footage described the Met in a very digestible thread. I highly recommend taking a look at it for reference alongside the Met's dry recitation of same. /2
The amount of detail and evidence the Met amassed about these officers' (Petrov & Boshirov) movements recalls the exposure of the Mossad operation that killed Mahmoud Al-Mabhouh in Dubai. This feels very much like that, which should embarrass the GRU. /3 spiegel.de/international/…
A #counterintelligence thread in the sense that I'm analyzing a foreign intelligence situation: I've been reading some very interesting analyses on the #Zakharchenko assassination and it's gotten me thinking about how this incident may or may not relate to FSB's role in Donbas /1
The first analysis I found useful was from @MarkGaleotti, and it emphasizes that it is doubtful that #Zakharchenko's death is move the situation towards peace. He mentions Dmitry Trapeznikov and Denis Pushilin as possible successors. /2 themoscowtimes.com/articles/war-p…
This article mentioned the thread I'm going to be pulling on here: the fact that #Zakharchenko and Alexander Timofeev, Z's tax minister sidekick who was injured in the blast, orchestrated the takeover of major illegal economies in Donbas - putting targets on their backs. /3
Active measures pivot: Microsoft indicates that the APT28/GRU has tried to spoof the websites of conservative think tanks known for advocating democracy promotion, examining corruption, and/or criticism of Trump. My #counterintelligence commentary /1 nytimes.com/2018/08/21/us/…
NYT has this right "The shift to attacking conservative think tanks underscores the Russian intelligence agency’s goals: to disrupt any institutions challenging Moscow and President Vladimir V. Putin of Russia." Russia doesn't care about our partisanship except to exploit it. /2
GRU needs to be doing something different to earn favor in the Kremlin right now. I recently explored how they are definitely not on Putin's good side these days (see included thread), and while this isn't "new" it is still a change of tact. /3