How Russian Spies Get Flipped or Expelled, As Told by a Spycatcher
Photos: Szabolcs Panyi (VSquare) 2024-02-01
Photos: Szabolcs Panyi (VSquare) 2024-02-01
Caught a Russian spy? You may try to flip them first, perhaps offering work as a double agent—all with the help of the British, the French, or the Americans. If it doesn’t work out, you can still expel them and send them home to Moscow. In an in depth-interview, former Hungarian counterintelligence officer Ferenc Katrein—once a director of operations at Constitution Protection Office (AH)—goes into detail about how allied security agencies work together to identify and disrupt Russian intelligence activity under diplomatic cover.
SZABOLCS PANYI: Why is it so rare for Russian diplomats to get expelled for spying?
FERENC KATREIN: A counterintelligence agency always has to decide if they want to develop a “spy case” that could result in an expulsion—or if they want to flip the spy. For example, if counterintelligence officers managed to reveal the agent network of a Russian spy and already flipped two or three of those agents, an expulsion makes less sense. They could either use the flipped agents to feed false information to the Russian intelligence officer—or make an attempt to approach and recruit that Russian. It goes something like this: “Listen, brother, everything you reported to Moscow for the last two years has been misinformation we fed to your agents. You’ll either get into some serious trouble because of that—or you can work for us.” There is also a scenario where you make this move and try to recruit the Russian, and if it doesn’t work out, you can still expel them.
How do you convince them to flip?
When you already have a few flipped or recruited agents and tons of personal information on that Russian spy, first, you will likely sit down with a partner agency, especially if you’re from a small country’s counterintelligence service. This is because, if you want to recruit a Russian spy as a double agent, you have to offer them certain guarantees and opportunities. Besides a big bag of cash, you can typically offer medical treatments for sick family members, helping out with the kids’ schooling, and such stuff. But most of all, you have to guarantee their safety. And there are only really a few countries that can offer this: the British, the French, but most likely the Americans. So you may want to involve them, too.
Let’s go back to the basics. How do you check Russian diplomats seeking accreditation?
It is an automatic process. When a foreign ministry receives an accreditation request for a diplomat, they notify relevant counterintelligence agencies, who then run it through their networks. These agencies both check their own database to see if there is a known history of the diplomat, and send the diplomat’s name and personal data to all member states who are in the alliance and ask for information.
Everyone in the NATO alliance?
Everyone. Usually, it is either the case that the new diplomat has a history in our own database or that one of the partner intelligence services will notify us and will send a specific message that the person has been checked or even processed. If there is an indication that a diplomat is connected to an intelligence service, it is also important to know in which area or “line” the diplomat is working. This is broken down by category, and usually the category or line also determines whether the person is suspected of being FSB, SVR or GRU. The categories have names or codes. Line N, for example, is illegal intelligence, line X is espionage in technology, etc.
If the partner service’s response indicates which line they suspect, it therefore follows that the diplomat’s affiliation is also indicated. For example, the X or technical line very likely means that the diplomat works for the SVR. If, say, the accredited diplomat is assigned to the military attaché’s office, he or she is likely to be GRU. So the position also predicts which service it belongs to. Say, if a new security officer comes into the Russian embassy with new accreditation, that person is likely to be FSB.
Does a particular area predetermine whether the diplomat who comes there is, say, an SVR or a GRU officer?
Absolutely. Media, culture, and political department is basically SVR. Scientific-technology positions too. Defending and advancing Russian economic interests is also a typical SVR field. The consular department can be FSB, but there is always room for someone from the SVR. Military affairs, war grave management issues are GRU. Interior, law enforcement attaché, border security, migration issues are all FSB. But often it also depends on the individual’s personal history.
What about an exact position, what does it tell you? Is it true that certain positions, like, for example, deputy head of the commercial representation, always go to intelligence officers?
Yes, it’s common practice. If an intelligence officer finishes his or her posting after four years and leaves for Moscow, there is a good chance that the same position will also be filled by an incoming new intelligence officer. The reason is that—if we try to think like the Russians—it is easier for them to prepare their intelligence officers under diplomatic cover by teaching them in advance what they will be doing, and what the cover job will be. It’s important that the cover story is always there and credible, and that he or she can do the cover job without fail so that the cover is not blown.
And what are the categories in the identification process of an intelligence officer?
Mostly there is the category of “suspected intelligence officer” and “identified intelligence officer”. There is little point in maintaining any other category.
What is the percentage of suspected and identified intelligence officers among all Russian diplomats?
Previously, well before the war, I said that thirty-forty percent was usual. But this is a difficult question. When you can clearly state that someone has been identified, then you have documents, evidence. Of course, you usually have less such cases. You have identification when, for example, you had an operation which resulted in some evidence. For example, you obtain a payroll that has the list of employees of a hostile intelligence service.
Last year, we reported that Russian deputy ambassador and chargé d’affaires Kirill Logvinov was identified by Belgium’s counterintelligence as an undercover intelligence officer. Is it common for a Russian embassy’s second in command to also be a high-ranking spy?
Absolutely, but, in fact, it doesn’t matter how high up someone is according to their diplomatic cover. It can be a deputy ambassador, but can also be the lowest ranking diplomat. It’s just a cover anyway.
The European Commission refused to expel Logvinov and other suspected Russian spies from Brussels. How does that make sense?
There can be political reasons, of course—trying not to completely alienate Russia. There could also be a fear of retaliation. Then there is the possibility that these Russian intelligence officers are in fact acting as communication channels or backdoors to the Russian government. There might be regular discussions going on in the background, so that could be a legitimate reason. But if this is not the case, then not expelling them is only acceptable if Logvinov or similar Russian undercover intelligence officers are under complete surveillance, and the situation is controlled.
For example, it could be the case, as we discussed, that multiple agents in the Russians’ network are already flipped by the local counterintelligence. However, I’m not entirely sure that the EU’s own security apparatus has the ability and the competence to recruit a Russian asset. Of course, it’s also not impossible that foreign partners—for example, the British or the French—are helping them out and that they are the ones carrying out such tasks.
Ferenc Katrein. Photo: Szabolcs Panyi
What is the channel for sharing information on the background of Russian diplomats?
There’s a dedicated network, a central system that’s not connected to anything else, dedicated only for intelligence cooperation. It’s not just for checking diplomats, it’s for any kind of information exchange between partner agencies of the alliance.
Is it possible that, if a Russian diplomat turns out to be an identified SVR agent, the host country will still accept the diplomatic accreditation?
This is a political decision. You can tell the Russian foreign ministry to send someone else, but you can also accept their diplomat.
But does it also mean that you accept it because at least you can keep an eye on that person and you can follow what they are doing?
There can be such an operational consideration too, of course. It is only worth accepting if you have the capacity to do it. If you don’t have the capacity, the opportunity, then don’t take it. This does not only apply to diplomats, but also to the technical and administrative staff working there, and also to family members. With that, the number of those who need to be checked multiplies. Because it is also common practice to bring a wife or husband who may also be an intelligence officer.
Do family members enjoy the same full diplomatic immunity?
Some level, but not full. Their use for intelligence purposes is therefore riskier because they may have a different type of immunity. They are generally used for minor tasks, delivery, financial transactions etc. where the risk is also lower. Obviously they will not be used for the most sensitive tasks because of the lack of full protection.
How common is it for Russian intelligence officers to be sent with a spouse?
Usually they send them in pairs. It’s safer for everyone, it’s better to send them if they come with the right family background. But it also depends on what the mission is. Singles may be sent on a different mission, or they may not even be used for operations in the country to which they are accredited. The best spies are used in a third country. That is why cooperation between counterintelligence services of allied countries is necessary.
How typical is it that the Russian diplomats themselves are not the most important spies, that they are more like bait to keep the host country’s counterintelligence occupied?
This is being deliberately done by the Russians sometimes. This is when it is important to mention that there are unofficial, non-diplomatic covers as well. Diplomatic cover gives you protection through diplomatic immunity, meaning whoever gets caught red-handed can be evacuated. If there is no immunity, prosecutors and the counterintelligence have much greater possibilities. However, when you don’t have diplomatic cover, and you have a better chance of staying out of the spotlight, you may not attract the attention of the counterintelligence, so you have greater opportunities for espionage. With bigger risks come bigger gains.
What is the procedure for expelling diplomats?
The counterintelligence service gathers the information, clearly identifies the hostile intelligence agent, and when the Russian activity goes beyond a threshold or the spy starts to build ties with political or economic actors who are really sensitive or high-up, there is pressure on the counterintelligence to act. In such cases, the counterintelligence files a proposal to the political leadership to let them first identify and catch in the act the intelligence officer, and then ask the political leadership to expel him.
But first, the politicians must also approve identifying, “catching” the spy. It is a decision on the level of a cabinet member, minister, sometimes even the prime minister, since the government has to communicate the consequences at the political and diplomatic level. It can have serious political and economic consequences. It is not an issue anymore, but this was the case previously, for example, with the fear of the gas supplies being turned off by Russia.
What is the typical Russian reaction?
There is a “mirror response,” for sure, and that has to be calculated in. To retaliate, Russia will also ban someone, typically the same type and same number of diplomats.
What are the types of expulsion?
There is the “quiet expulsion,” where the director-general of the counterintelligence summons the diplomat, the Russian embassy’s liaison officer, or the Russian ambassador, and suggests that the diplomat should go home. Maybe the director-general also shows the ambassador a photograph or two, just to explain the reason for the expulsion. This always works.
There’s also a solution where, say, at a diplomatic reception or party, the minister of foreign affairs starts a chat with the Russian ambassador and says a few words. It’s more subtle, more elegant, and less provocative. It could also be a way of avoiding a “mirror response.”
A more subtle degree of quiet expulsion is when the foreign minister summons the Russian ambassador and says a few words. But that’s still the silent category, informally asking to be sent home.
Isn’t there always a mirror response to a quiet expulsion?
It’s a gentleman-to-gentleman conversation, “we’ll sort it out ourselves.” The Russians can also delegate someone else to replace the expelled diplomat. In such cases, there’s not always a mirror response.
What happens during an official expulsion?
In those cases, the ambassador is summoned and the foreign ministry hands over a written note that a diplomat has been declared persona non grata, which has a legal consequence as well. This note is usually handed over by the foreign minister. In principle, the expulsion is only valid from the host country, but in more serious cases, a recommendation can be made that the expulsion applies to the Schengen area. This version also binds the allies to some extent.
Ferenc Katrein. Photo: Szabolcs Panyi
What is the deadline for leaving the country?
It depends on how serious the case is. Sometimes it is immediate, so basically within one or two days. But when it is a quiet expulsion, usually the host country takes family circumstances, like that the children have to be taken out of school, into consideration. So, for example, maybe in that case the Russian ambassador is told that the diplomat should leave by the end of the month. But for formal expulsions, there are set rules on how it should work.
In the 48 or 72 hours between expulsion and departure, is the diplomat still under surveillance by counterintelligence?
Of course, until their very last movement! At that time, counterintelligence keeps an even closer watch to find out what follow-ups the diplomat has to do. That’s another bonus piece of information for counterintelligence. Who the diplomat is going to say goodbye to, where they are going to pick something up, drop something off. That’s why, no matter how much time the expelled Russian diplomat is given to leave the country, the diplomat’s own bosses will likely get them on a plane to Moscow as soon as possible.
VSquare’s Budapest-based lead investigative editor in charge of Central European investigations, Szabolcs Panyi is also a Hungarian investigative journalist at Direkt36. He covers national security, foreign policy, and Russian and Chinese influence. He was a European Press Prize finalist in 2018 and 2021.