In the 2nd Century BCE, the Roman poet Juvenal asked “Quis custodiet ipsos custodes?” This question of who watches the watchmen has become a common one in an age where governments are increasingly the beneficiaries of an imbalance of power between the governing and governed. But that grander question does not interest me here. Instead, I ask “Quis custodiet ipsos interfectores?” Who watches the killers? And for my purposes, I’m only concerned with the answer to one very specific variation of that question: Who watches the killers (and other members) of the Main [Intelligence] Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU)?
In Russia, it turns out it’s a pretty straightforward answer: the Directorate of Military Counterintelligence of the Department of Military Counterintelligence (UVKR) of the Counterintelligence Service of the Federal Security Service of the Russian Federation (FSB). To keep it simple all the way along, I’ll refer to this entity more simply as just UVKR.
In the Soviet period, the function of military counterintelligence came into its own during World War II in the form of the infamous SMERSH but, as time and bureaucracies moved on, it eventually fell to the KGB’s Third Chief Directorate (TCD). KGB TCD was exclusively devoted to such tasks through both a formal presence of billeted officers and a clandestine network of informers throughout the entire Soviet military. The GRU maintained a limited internal counterintelligence element during that time, but the GRU as a whole was subject to the superseding investigative authority of KGB TCD.
During the turbulent 1990s the new Russian Ministry of Defense (MOD) attempted to bring all responsibilities for military counterintelligence into the ministry itself, but repeated coup attempts ensured that KGB TCD would metamorphose in FSB UVKR. During the 1990s, when it had around 6,000 staff, UVKR was subsequently involved in a number of significant espionage and corruption cases involving military officers across the service branches and had its position as the military’s watchdog further entrenched by a statute signed by then-Prime Minister Vladimir Putin in 2000. It seems reasonable to me to theorize that UVKR’s size and clout has likely grown a considerable amount over the last 20-odd years, particularly given the siloviki status of former senior UVKR officers like Aleksei Molyakov, Vladimir Petrishchev, and Vladimir Osipov as detailed by Vadim Birstein.
More recently, UVKR has been described as playing a pivotal role in the joint FSB-GRU investigation into the activities of Sergei Mikhailov, a former senior officer of the FSB’s Information Security Center (a.k.a. Center 18). UVKR was certainly entangled in some of the events that ending up driving the Mikhailov investigation. That investigation has been the subject of significant coverage, but for my purposes I just want to note that it seems apparent that interagency rivalry between the FSB and GRU played a role in the more concrete events that have been attributed to Mikhailov’s “rogue” actions. As of December 2018, the current chief of UVKR is Colonel-General Nikolai Yuryev.
Per the very detailed profile on Andrei Soldatov and Irina Borogan’s Agentura.ru (via GoogleTranslate), the duties of UVKR relevant to my purposes here include:
Counterintelligence activity, which refers to the activities of security agencies in the army within its authority, aimed at solving problems of identifying, preventing and suppressing intelligence and other activities of special services and organizations of foreign states, as well as individuals, aiming at damaging the security of the Russian Federation, The Armed Forces of the Russian Federation, other troops and military formations, as well as their command and control bodies.
Under Russian law, this includes all branches of the armed services, portions of the Ministry of the Interior (MVD), and the GRU — the operational personnel of which (surprise) all hold military rank and are considered active duty members of the Armed Forces of the Russian Federation. According to Agentura.ru, the same law also extends UVKR’s authority to include:
Administrative and legal activities that are aimed at solving problems of ensuring proper administrative and legal regime, namely: detection, prevention and suppression of administrative offenses, initiation and (or) consideration of cases in which are assigned to the Federal Security Service…
To execute these very broad remits — and I emphasize I’ve cherry-picked the two responsibilities I find most relevant to what I want to say here — UVKR can:
Establish on a confidential basis cooperative relations with persons who have given their consent;
Carry out operational investigative and counterintelligence activities;
Conduct inquiries and preliminary investigations in cases of crimes related to the jurisdiction of the federal security service;
[Introduce] to the military administration bodies and officials mandatory representations on the elimination of causes and conditions conducive to the realization of threats to various types of security and the commission of crimes…
In short, it’s reach extends into every nook and cranny of the Russian military — including dedicated field offices in all military units of a battalion level and up — and that reach is couched in ample justifications for just about anything UVKR or its masters in the Lubyanka can dream up.
Do you see where I’m going with this?
Since July 2018, the GRU has been the subject of bruising public setbacks:
- On July 13, 2018, the U.S. Department of Justice charged 12 GRU officers has having conducted cyber operations aimed at interfering in the 2016 U.S. presidential election. The indictment was exceptionally detailed, providing a stunning window in the structures and activities of GRU Units 26165 and 74455. Subsequent reporting provided many details regarding the individuals charged.
- On September 5, 2018, the Metropolitan Police of London announced arrest warrants for the two GRU officers who attempted to assassinated former GRU officer Sergei Skripal with a nerve agent in March 2018. This failed attack had already resulted in huge amounts of backlash for Russia, including economic sanctions that the Kremlin claimed were actually affected the economy. But the announcement of these arrest warrants was soon followed by a cascade of investigations from Bellingcat on the GRU that exposed undercover officers’ identities and a smorgasbord of sloppy tradecraft. (In the spirit of transparency, I should that note that I have previously hypothesized that the FSB could have leaked materials associated with those investigations to Bellingcat in order to undermine the GRU.)
- On October 4, 2018, a coordinated effort between the U.S., U.K., and Dutch governments exposed a number of GRU cyber and close access technical operations. This included an indictment that, like its July predecessor, contained a significant amount of detail on the activities of Units 26165 and 74455 as well as a PowerPoint compiled by Dutch defense intelligence that laid bare a disrupted close access technical operation from April 2018.
What do each of these events have to do with FSB UVKR? All of them lend credence to the theory that, right now, UVKR is likely rampaging around inside the GRU and not minding if it breaks anything in the process.
- The July and October indictments, along with all the operations blown along with them, could suggest that the GRU has been penetrated by American intelligence via human and/or technical means.
- The October exposure of the April operation in the Netherlands, as well as the September arrest warrants, also could suggest that the GRU may have been similarly penetrated by British intelligence.
- The Bellingcat exposés could suggest that the GRU may have individuals within, or associated with, it providing sensitive information to journalists.
Given that UVKR’s job is to prevent such penetrations and leaks from occurring, as well as cauterizing any that are identified, after the July indictments alone it would have been only natural for UVKR to begin a counterintelligence investigation into the GRU’s Sixth Directorate (its SIGINT arm that houses Units 26165 and 74455), if not into other elements of the GRU as well. This investigation would only have gathered steam throughout the fall: as the depth of Western visibility into the GRU crystallized with each new disclosure, so too would UVKR’s justification for expanding and deepening its investigation gather strength.
Now, it is no secret that the FSB and GRU compete carnivorously with one another and the FSB has no better tool with which to inflict pain and suffering on the GRU than UVKR. I suggested as early as August and as recently as October that a second-order effect of these public setbacks for the GRU would be a need to fight a rearguard action against justified-but-malign UVKR investigations. Through the powers I outlined above, UVKR can engage in all manner of invasive, disruptive, or downright destructive activities within the GRU apparatus as long the Lubyanka has a good enough excuse as a “roof” for its maliciousness. The potential malicious actions open to UVKR in a case like this are too numerous to list, but a few include: sidelining selected personnel on grounds of suspicion for all manner of offenses; uncovering, or outright fabricating, evidence of collateral malfeasance such as corruption (embezzlement is a GRU tradition); and shining a light on other GRU failures that may also require UVKR’s counterintelligence “assistance” to unravel. And I could not imagine better top cover for running such a sprawling, indiscriminate counterintelligence investigation than the events of the last six months.
What specifically would the FSB hope to gain by making turning the UVKR bull loose into the GRU’s cyber operations china shop? That’s a question that invites a lot of speculation — and I hope you do speculate — but I have four specific guesses of my own and they are not mutually exclusive.
- The FSB may be looking to further weaken the GRU’s primacy in the near-abroad operational portfolio, a coveted expansion of the FSB’s Fifth Service responsible for operations in the former Soviet republics. Hampering GRU cyber operations may be seen as a key to providing the FSB’s foreign operations and cyber operations units breathing room to deliver results in this realm that could turn the Kremlin in favor of expanding the FSB’s formal responsibilities at the expense of the GRU’s.
- It may be that the FSB is looking for an edge in cyber-specific competition with the GRU more generally, and that havoc in the Sixth Directorate is seen as providing a competitive advantage for FSB units like the Center for Information Security and the Center for Electronic Communications Surveillance. (While the FSB generally fields more sophisticated cyber capabilities than the GRU does, the GRU’s cyber enterprise is much larger.)
- That the GRU’s cyber capacity is larger than the FSB’s — which is rooted in the GRU’s size and historical role as the main SIGINT and CNO entity for the entire Russian military — could be seen as more of a general threat by the FSB. Degrading it, even marginally, could be seen as a broad-spectrum advantage by the FSB in the interagency brawl that is the Russian intelligence community. It’s worth noting that consequences of a real UVKR attempt to undermine the capabilities of units like 26165 and 74455 could potentially manifest as changes in observable Russian state-nexus cyber activity — such as via shifts in tempo, tactics, or general sophistication.
- Lastly, and most self-evident, is the fact that the FSB may believe that the only way to be sure that UVKR does its actual job of identifying any penetrations of the GRU may be by taking a scorched earth approach. The FSB leadership fears the Kremlin’s wrath as much as anybody else and UVKR failing to uncover now a penetration associated with these disclosures that is revealed later would be a haunting nightmare for any Chekist.
On December 17, 2018, the FSB celebrated the centennial of Russian military counterintelligence with the unveiling of a series of commemorative stamps. I wonder if the UVKR officers present were celebrating anything else that day?