German Counterintelligence: There are Spies Active in Germany

German counterintelligence officials highlight the activities of Russia, China and Iran in the annual report prepared by the Bundesamt für Verfassungsschutz (BfV), the domestic intelligence service of the Federal Republic of Germany. The report highlights counterintelligence efforts vis-à-vis nation-state espionage and influence operations within Germany.

The 359-page German language report (and the 47-page English synopsis) dissect the modes operandi of Russia, China and Iran and identifies the espionage and influence operations of several other countries: Turkey, Syria, India, Switzerland and Vietnam.

Cyberattacks

The BfV calls out the hazard faced by the nation’s critical infrastructure to cyberattacks. To counter this threat, the BfV in conjunction with the National Cyber Defense Center (Cyber-AZ) has increased the level of domestic and international cooperation focused on increasing cyber defenses and thwarting attacks.

Both China and Russia have been detected as conducting cyberattacks against German interests and, more recently, Iran. These nation-states “clearly show the attempt to strategically spy on politics and federal administration.”

Additionally, documented attempts to compromise managed service providers in Europe, to access the provider’s customer data has been attributable to both Russia and China. Iran has attempted to compromise official German presence in Iran including its personnel.

Russia

The BfV minces no words: the Russians are very active within Germany, with the focus on all areas of “politics, economics, science and technology, and the military.” In addition, special emphasis has been detected by the BfV on the political attitudes of the federal government toward the Russian Federation.

To that end, not surprisingly, the BfV highlights the Russian disinformation campaigns and attempts to influence domestic election outcomes and are viewed as an attempt to destabilize the federal government and “weaken its position” with respect to EU sanctions against Russia.

HUMINT (human intelligence) operations continue to target German citizens and officials both inside Germany and during visits to Russia for the purposes of developing the individual as a clandestine source of the Russian intelligence services. The prognostication by the BfV is this activity will not diminish in the years to come.

China

The BfV notes that the activities of China’s intelligence services is focusing toward “political espionage,” targeting entities such as the EU and G20 Summit. In addition, high-tech espionage continues, as does the attempts to purchase German companies with the goal of closing the technological gaps.

The report specifically calls out: “China acquires sensitive data through the acquisition of security-related companies and thus gained knowledge detrimental to German security interests.”

The Chinese modus operandi includes:

  • Open source collection from referral interviews by legal residents in Germany and through journalists.
  • Social network exploitation and social engineering, specifically LinkedIn for large-scale operations, with he technique having little variance from case to case: “Supposed scientists, job brokers and headhunters make contacts with people who have a meaningful personal profile. They are lured with tempting offers and finally invited to China; there they are engaged by the Chinese intelligence apparatus.”
  • Chinese think tanks are used for targeting young students, diplomats and business persons. “The think tanks gather sensitive information, not least to prepare cyberattacks, but also to select suitable targets and disguise intelligence activities.”

Iran

Iran’s Ministry of State Security (MOIS) has been primarily focused on Iranian exiles, while the Iranian Revolutionary Guard Corps (IRGC) Quds Force has been actively engaged in spying on pro-Jewish or Israeli entities. In March 2017, a Pakistani national was sentenced to prison for intelligence activities on behalf of Iran, for preparing targeting packages on a number of targets for the Quds Force.

Turkey

The BfV details in great detail the efforts of the Turkish security services within Germany, which are focused primarily on learning about the Turkish political opposition and conducting influence operations. The services placed an officer, under journalist cover, within the Kurdish community. The individual was identified by the BfV, arrested and tried, and is serving two years in prison. Interestingly, the individual never confessed, but his mobile phone’s content provided sufficient evidence to convict within the German courts.

Switzerland

A Swiss citizen, Daniel Moser, was arrested and tried for being an agent operating on behalf of the Swiss intelligence service sent to Germany to obtain information on three German tax investigators who were investigating German tax evaders.

Syria

Even though the state of Syria is in utter disarray, the Syrian intelligence services continue to operate abroad, and within Germany specifically. The BfV reports that as the number of Syrian refugees increases, so does the number of “new structures and agent networks within Germany” controlled by the Syrian intelligence apparatus. In 2017, a number of Syrian diplomats were expelled for conducting espionage operations within Germany.

India

According to the BfV the Indian intelligence services, Research and Analysis Wing (RAW), India’s foreign intelligence agency and the Intelligence Bureau (IB), India’s domestic service, have accredited officers at their mission in Berlin and several undeclared employees. India’s activities are centered on monitoring and infiltrating the Sikh community in Germany. In 2017, arrests of Indian intelligence officers and their confidential informants were made by the German government.

Vietnam

Vietnam’s intelligence organizations kidnapped a high-ranking politician (Trinh Xuan Than) off the streets of Berlin July 23, 2017. The unnamed individual had been accused of corruption in Vietnam and had escaped to Germany where he had requested political asylum. Two Vietnamese Embassy officials were expelled from Germany and a local accomplice (Long N.H.) was arrested, admitted his part in the kidnapping is serving four years in prison.

Than resurfaced in Hanoi a few days later. Vietnam claims he voluntarily returned to his homeland and turned himself in to authorities, which differs from the account in Germany, which has Than being kidnapped at gunpoint. Than was subsequently convicted of corruption for the losses and failures of the PetroVietnam Construction JSC and is serving a life sentence in Vietnam.

Is Germany’s Experience Unique?

The experiences of the BfV are no doubt being played out within the counterintelligence efforts of the United States and its allies. The BfV report will serve those government entities and private sector security personnel with evidence that they are actively being targeted by nation-state entities focused on western technology and political activities.

Featured eBook
The State of Open Source Vulnerability Management

The State of Open Source Vulnerability Management

The rise in open source usage has led to a dramatic rise in open source vulnerabilities, bringing to the fore interesting developments in open source security. The report drills down into the deeper layers of the open source phenomena and provides the latest insights on how organizations are handling vulnerabilities and what the future holds. 4 Key ... Read More
WhiteSource

Christopher Burgess

Christopher Burgess (@burgessct) is a writer, speaker and commentator on security issues. He is a former Senior Security Advisor to Cisco and served 30+ years within the CIA which awarded him the Distinguished Career Intelligence Medal upon his retirement. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century”. He also founded the non-profit: Senior Online Safety.

burgesschristopher has 68 posts and counting.See all posts by burgesschristopher