How Russia is bringing the cost of global sabotage to zero
A Q&A with Daniela Richterova on operatives in the gig economy
This week, I sat down with political scientist Daniela Richterova, co-author of the recent report “Russian Sabotage in the Gig-Economy Era.” We discuss Moscow’s doctrine of sabotage; why the country is recruiting operatives like you hail Uber drivers; and how the United States can respond.
This Q&A has been edited for length and clarity. For more of our conversation, please subscribe to the Riskgaming podcast.
Danny Crichton:
You've done a lot of work in the Czech archives and elsewhere. What have you seen around Russian sabotage doctrine and how the Russians approach gray zone activities?
Daniela Richterova:
Over the past 15-20 years, we've seen somewhat of a revolution in declassification of historical material from the various Central Eastern European states that used to be a part of the Warsaw Pact or the Soviet Bloc. And basically, part of these democratic governments' way of dealing with the past was to declassify many of the documents their security and intelligence services created during the 40 years of the Cold War.
In most of these countries, the legislation is a lot more liberal than it is in the States and in the UK. In the UK, the MI6 famously doesn't declassify any documents. The CIA does declassify a lot of documents, but there's very little—if anything—operational. But when you go to the archives in Central Eastern Europe, you get a lot of detail. You see officers’ files, from the first day they were recruited to their last day in office. You see target files, you see minutes of meetings with key partners, such as KGB.
I started working with the archives about 10 years ago. But about three or four years ago, I stumbled across a fascinating set of documents on a special unit that was created in Prague in the sixties as part of its state security service. This unit was designed to come up with various sabotage plans to, for example, blow up pipelines or attack NATO headquarters in Brussels.
And the unit wasn't set up out of Czechoslovakia's own volition, but it was done in tandem with the Soviets, with the KGB. There are beautiful, detailed documents talking about meetings between the KGB and their Czechoslovak counterparts going over how to run these operations. From the documents, I was able to reconstruct the Soviet doctrine of sabotage.
Danny Crichton:
You’re in the archives, looking at the sixties and seventies, now you are changing your gaze to the present day. It's very hard to prove that this is of Russian in derivation, but there’s a new pattern of sabotage attacks that seem to align with Russian goals, and the attacks are both lightweight enough to be deniable but also seem too frequent to be coincidental and too focused not to be targeted. Are you seeing in this a continuity of Russian doctrine from the Cold War into the present day?
Daniela Richterova:
Let's take it from the top.
First, I think there are parallels regarding which states are targeted. The plans I saw from the Cold War were targeted against major Western states—those that would've been crucial for any war effort if war broke out between the West and the East in Europe. And we see parallels between that and the states today, where multiple governments have now experienced what they have called sabotage operations carried out by Russian intelligence services.
The second parallel is regarding the operational targets. If we look at the Cold War list—communications, energy pipelines, all of that stuff—we're basically seeing fires and attacks on the same.
I also think that there's a parallel in terms of timing. For Moscow then and now, there seems to be a doctrinal difference in terms of how you run a sabotage operation before wartime, during a time of escalation crisis, and during a war. And I would argue that we have seen an intensification of attacks from Russia over the past year. The escalation basically started after the West increased its financial and military support for Ukraine. Plus, after the United States basically allowed the Ukrainians to use Western weapons on Russian territory.
Of course, these two points of escalation were notable, but it's still not war yet, right? It was from these two points on when we started seeing a wave of attacks that seemed sub-threshold. These are the accident-style attacks that the Soviets would've planned 60 years ago for before war or in the absence of it. So that's the timing bit.
There's also continuity in that it's not just physical kinetic attacks, arson attacks, or explosions that we're seeing, but we see that these are accompanied by what the Soviets then and what the Russians now would also call active measures. My co-authors and I have called it strategic vandalism.
These would be various graffiti operations or the so-called coffin affair in Paris, where someone dropped a bunch of coffins wrapped in French flags close to the Eiffel Tower after President Emmanuel Macron suggested that France might be sending soldiers to Ukraine. Like the sabotage operations, these kinds of attacks are meant to amplify social divisions—to undermine the unity of the hostile camp.
And the last thing I'll say: there is a model then and now for outsourcing sabotage operations. We know that some of the riskiest operations we've seen in Soviet or Russian history were carried out by actual officers. But we have also seen many cases in the past where Soviet services have used agents: so-called agents saboteurs or agents executioners. The goal here is plausible deniability.
Take, for instance, the very famous case of the killing of a dissident named Georgi Markov in 1978 on Waterloo Bridge, which is just outside my office here. He was allegedly poisoned after being stabbed by an umbrella. This attack was carried out by someone we could call an agent executioner—not employed by the Bulgarian Intelligence Services, but their agent.
Danny Crichton:
In your recent paper, you noted a structural change in how Russia is managing the agents who conduct its sabotage acts. Rewind back to the seventies and eighties, and you had well-trained KGB operatives who may have had years of experience, learned multiple languages, were building up a track record. They would get something akin to an apprenticeship to learn their trade craft over a long period of time. That model seems to be changing. What's happening?
Daniela Richterova:
That's exactly right. We're seeing a shift from well-trained and tested agents executioners to amateurs being recruited from all walks of life and from all sorts of countries. There was one case from Latin America. Several Eastern Europeans have been recruited too, and so have western and other nationals. From what we have seen, this recruitment happens online. That's where the gig economy idea comes from.
On Google platforms such as Telegram, individuals can sign up for a job. They are told how much the job would pay, and where it would take place. They're not always told what the purpose is. They can bid for a job as if they were an Uber driver. The main shift we're seeing is that these guys are not well-trained. They often don't know what they're doing. And even if they are told what they're doing, they might not really know what it takes to do it. I would argue that's also why we've seen so many arrests.
As for why this is happening, one reason appears to be that this is a cost-saving exercise. We've seen that the people who are hired aren't being paid thousands and thousands of dollars. Is often a couple hundred dollars paid in cryptocurrency. This model introduces quite a lot of flexibility, and it allows for a change is scale. In the past, it would've taken a long time to train someone to make sure they understand the operational environment. I found cases in archives where they talked about agents executioners and how they would be trained in whatever method they would be using to conduct sabotage operations, be it chemical attacks, be it arson, be it explosions.
We don't see any of this training with these gig economy saboteurs here. And that's why I think we've seen quite a lot of amateurish work. For instance, the attack on the bus depot in Prague before the summer—this was allegedly carried out by someone from Latin America who didn't know the environment very well, and just out of the blue started trying to set a bunch of buses on fire.
The last thing that I'll mention is that the gig economy model increases deniability. We'll see how this plays out in the long run, because we'll see whether governments investigating the agent saboteurs who have been caught recently will be able to get into the suspects’ mobile phones and get into their accounts to follow the breadcrumbs all the way to Moscow. I'm not entirely sure, but it seems likely this online gig economy model makes sabotage more deniable.
Danny Crichton:
We've seen the gig economy model in other circumstances outside of Russia. A couple of years ago, Kim Jong-nam, who was the eldest son of Kim Jong Il, was traveling at the Malaysia airport. Two women ran up to him, sprayed something on his face, and he died a little bit later. We learned that these two had been handled by four North Korean intelligence agents. They were part of a TV prank series where they did pranks around Malaysia for a week, and they were like, "Okay, here's a guy. Let's go up and spray paint them." They were given, basically, a chemical weapon to go up and rub on his face, and it killed him.
As we learned after, they had no idea what was going on. They didn't understand what they were part of. And so suddenly, there was this whole challenge of how do you prosecute them? How do you prosecute the four North Koreans who had by then flown back to Pyongyang? Now we're seeing this at a massive scale.
But when I think of an intelligence agency, I think of a place that is always struggling between risk and control. I want to control the outcome. I want to control the people I work with. I want to be well-trained. I want trade craft. I want to know everything going on. I need to manage my risk. To me, what's interesting here is this sort of loosening up. But I feel like no U.S. intelligence agency could ever give up that level of control.
Daniela Richterova:
That's a good point. But you know what my question is, Danny, would they be so risk averse if they were fighting a war? And a war that they didn't want to fight or thought that they'll win within a week.
I think that the calculations in Moscow are quite different to those that we'd be making. Now, without wanting to seem too dramatic, I think this is the most intense sabotage war we've seen since World War II. And I think that there are a few reasons Moscow is so willing to take the risk.
One is that the presence of Russian officers and even agents in Europe and in the United States has been significantly downgraded since the kickoff of the war in Ukraine. So without taking this risk, they would otherwise would not be able to run or carry these operations.
The second reason is that, just like you said, the goal of this wave of sabotage is not to carry out one or two attacks really well with a large and long-lasting impact. It's to spread chaos and try to make it seem like there's a hidden Russian hand everywhere. And you can do that through smaller scale attacks that are carried out by people who don't always know what they're doing.
If half of the perpetrators get arrested, they get arrested. You don't really care. They don't know where you live, and you pay them 20 to 200 Quid to do it. But still it's going to sow discord. It is going to make some governments a bit wary about their support of Ukraine.
And finally, it will take resources for the West (or anyone) to respond to being attacked. So it's an incredible burden at a time when there's obviously major political shifts happening, and when the war in Ukraine is still ongoing.
Danny Crichton:
At Riskgaming, we spend a lot of time talking about risk, both new risks that are coming to us and how to create an immune system to risk. The question is: How do you change the risk calculus for Russia so they don't attack in the first place?
Daniela Richterova:
There's far more qualified people who study Russian domestic affairs and study Putin. And even they struggle with knowing what he's going to do next.
But there are a couple of things the West has done since the war in Ukraine started. Some countries are changing legislation to be able to prosecute sabotage. In the UK, we weren't able to because we didn't have a specific legislation. They introduced that I think earlier this year. Other countries are putting millions into basically their versions of counterintelligence, bits of their secret state to be able to monitor these operations.
NATO has set up various liaison channels that are focused on sabotage-specific things, such as exchanging information on arson attacks or ship monitoring routes. So this has now really gone up in the agenda. Some people have argued that you should hit back to show Putin he can't do this. Other people say that you should try not to exaggerate Putin or Putin's role in all of these fires. I don't know what the right approach is. I think we'll just have to see it in the long run. But I think in some ways we were, or the West, is prepared thanks to 20 years of counterterrorism. Counterterrorism opened the door for unprecedented collaboration between security and intelligence agencies.
Danny Crichton:
There used to be this notion in the sixties, seventies, and eighties of a tit-for-tat. If we are starting to sabotage, they will sabotage us. If we assassinate their agents, they're going to assassinate ours.
It's interesting to me that we went from tit-for-tat—a culture that you sort of learn of what is acceptable, what are all the lines, what are the red lines, what are the gray lines, what are the black lines, etc. And now it's just a free for all. It's a mess. That's what Putin and the security services want in the West. And we don't seem to be able to deliver it back.
And so there is an open question of what do we do next?
Daniela Richterova:
Things will either stay the same, or they will get better, or they will get worse. I think online recruitment isn't going anywhere and not just when it comes to sabotage, so I think this is the new normal.
But one final thing that I'll say is that the key risk is whether we understand—and how the Russians understand—our thresholds. The lines are changing, the red lines are changing. That's something that is quite sensitive, and I think no one really knows where their threshold is. So hopefully this will de-escalate soon.