Foreign Interference Research Center

2.8K posts

Foreign Interference Research Center banner
Foreign Interference Research Center

Foreign Interference Research Center

@ForIntOrg

Tracking and analyzing foreign interference worldwide.

Washington, D.C. Beigetreten Mayıs 2022
225 Folgt1.4K Follower
Foreign Interference Research Center
Most spies during this period weren't recruited. They walked in. That's the central finding buried in the Defense Personnel Security Research Center analysis archived through DTIC and the DNI's National Counterintelligence and Security Center, and it matters more than it might initially seem. Volunteer rates ran between 79 and 85 percent across rank categories, from lower enlisted grades through the officer corps. The foreign intelligence services weren't hunting these people down. American servicemembers and cleared civilians were proactively approaching Soviet handlers, often with material already in hand. The counterintelligence community in the early 1980s was structured around a fundamentally different assumption: that the KGB and GRU were the active party, identifying targets, cultivating relationships, and eventually pitching them. Catch the foreign intelligence officer, disrupt the recruitment pipeline, protect the cleared workforce. Standard doctrine. The PERSEREC data said that model was backward. The threat wasn't coming from the outside in. It was already inside, sitting on its own motivations and waiting for an opportunity. This is the kind of finding that sounds obvious in retrospect and was apparently very difficult to act on in real time. The motivation shift is equally significant. During the 1940s and 1950s, the dominant driver was ideology. The Rosenbergs, Alger Hiss, the Cambridge Five on the British side, these were true believers who understood themselves to be advancing a cause. Whatever you think of their politics, there was a coherent internal logic to what they were doing. By 1982, that framework had largely collapsed. The PERSEREC analysis establishes financial motivation as the primary driver in this later period. Not principle. Not grievance with American policy. Not coercion or blackmail, at least not predominantly. Money. Personal financial stress combined with access to classified material had become the defining high-risk profile. That requires a different response than the ideological threat model. You can't screen for financial desperation the way you screen for Communist Party membership or foreign contacts. People's financial circumstances change after they're cleared. The behavioral indicators are subtler and more dynamic. The cases active around the 1982 period illustrate the pattern clearly enough. Edwin Gibbons Moore II was a CIA officer whose espionage ran 1976 to 1977, reflecting the broader penetration operations Soviet services had been running against the intelligence community throughout the late 1970s and into the early 1980s. Samuel Loring Morison was a Navy civilian analyst who began passing classified imagery intelligence in 1984. Morison is worth pausing on because he's a genuinely strange case: he leaked photographs from a KH-11 satellite showing a Soviet aircraft carrier under construction at the Nikolayev shipyard, and he passed them not to a foreign government but to Jane's Defence Weekly, where he also worked as a part-time editor. The motivation wasn't straightforwardly ideological or straightforwardly financial. It was something messier, a combination of wanting recognition in his professional field and believing the information should be public. He was convicted under the Espionage Act in 1985, the first person to be convicted under that statute for leaking to the press rather than a foreign power, and he received a presidential pardon from Clinton in 2001. The Morison case is a useful reminder that the PERSEREC categories, tidy as they are, don't fully capture the range of human rationalizations people bring to betrayal. Still, as a statistical framework for the broader population of espionage cases, financial motivation really did dominate. What came after 1982 bore this out completely. John Walker had been spying for the Soviets since 1967, but the ring he operated, which included his brother Arthur, his son Michael, and Jerry Whitworth, was discovered in 1985. Walker's motivation was essentially entrepreneurial. He treated the relationship with Soviet intelligence as a business arrangement, recruited family members as subagents, and ran it for nearly two decades. Robert Pelton, a former NSA employee, approached Soviet intelligence in 1983, motivated by financial difficulties following his bankruptcy. He was arrested in 1985. Edward Lee Howard, a CIA officer dismissed from the agency in 1983, walked into the Soviet embassy in Vienna and began providing information about CIA operations in Moscow. He fled to the Soviet Union before the FBI could arrest him, in 1986, and died there in 2002. All three cases fit the volunteer-financial archetype the PERSEREC research had identified. None of them were recruited in the traditional sense. None were ideological converts. All of them initiated contact themselves, and all of them were substantially motivated by money or financial grievance. The Reagan administration used the PERSEREC data framework to develop enhanced security clearance procedures during this period. The Personnel Reliability Program for nuclear weapons custodians drew directly on this research. The idea was to systematize behavioral monitoring in ways that could catch the internally-driven threat that the old recruitment-focused counterintelligence model was poorly positioned to detect. Whether those procedures were adequate is a separate question. The Walker ring had been active for eighteen years when it was finally rolled up, and it was surfaced not by counterintelligence work but by Walker's ex-wife contacting the FBI. Pelton was identified after a Soviet defector provided information. Howard escaped entirely. The apparatus that PERSEREC's analysis was meant to improve kept getting beaten by luck, defectors, and personal animosities rather than systematic detection. That's the thing about the volunteer problem. If you're waiting to catch a foreign intelligence officer running a recruitment operation, you have an external event to detect. If the threat is a cleared employee who has already decided to make contact and is doing so on their own initiative, the detection window before damage is done is extremely narrow. The PERSEREC framework moved counterintelligence thinking toward monitoring internal behavioral indicators, which was the right direction. But the gap between having the right analytical framework and actually catching people before they cause serious damage remained wide throughout the decade. The Andropov era context matters here too. Yuri Andropov became General Secretary in November 1982 after fifteen years running the KGB. He knew the intelligence game at a granular level in a way none of his recent predecessors had, and Soviet intelligence operations in the early 1980s reflected institutional sophistication and operational tempo that made the American volunteer problem more consequential. You didn't need to mount a risky recruitment operation when cleared Americans were approaching Soviet residencies on their own schedule. The KGB's counterpart problem was vetting and managing a flood of walk-ins and volunteers, some genuine, some dangled by U.S. counterintelligence. Andropov's KGB was experienced at that problem. The intelligence services of a country that had spent decades worrying about internal enemies knew something about distinguishing genuine traitors from provocateurs. The PERSEREC analysis is a period document. It reflects what was known and thinkable in 1982 about American espionage patterns, and its limitations are real. The sample sizes for some categories are small. The categories themselves reflect the assumptions of the era. But the core finding, that the cleared workforce was generating espionage cases from within rather than being victimized primarily by external recruitment, held up. The 1985 arrests confirmed it. The post-Cold War cases would continue to confirm it. Aldrich Ames approached Soviet intelligence in 1985. Robert Hanssen started in 1979. Both volunteers. Both financially motivated in significant part, though Hanssen's psychology was genuinely more complex. The volunteer problem didn't go away when the Soviet Union collapsed. It just acquired new recipients. foreigninterference.org/post/defense-p… #foreigninterference #AssetRecruitment #MilitaryEspionage #IntelligenceSelling #PersonnelSecurityEnhancement
English
0
0
0
70
Foreign Interference Research Center
Yuri Andropov ran the KGB for fifteen years before he ran the Soviet Union. That fact alone tells you something about what November 1982 was going to look like. Brezhnev died on November 10th. Andropov was confirmed as General Secretary on the 12th. The speed of it was not accidental. The man had spent 1967 to 1982 building the apparatus, the networks, the doctrine. He didn't need a transition period. He already knew where everything was. The CED Museum's 1982 timeline is interesting precisely because it's contemporaneous. It's not retrospective analysis cleaning things up for a tidy narrative. It captures what the technology and security landscape actually looked like during those October-November weeks, before anyone knew how the Andropov period would unfold or what the intelligence community's concerns would later be validated as. And the landscape was genuinely complex. You had Reagan's arms reduction overture from the Eureka College address in May sitting awkwardly alongside NATO missile deployment debates that were tearing up European parliaments. The nuclear freeze movement hit its political peak in November 1982, ballot initiatives across multiple U.S. states, parliamentary pressure building in West Germany and the Netherlands. Moscow was not unaware of this. Active measures operations had been feeding that pressure for years. The technology piece is where the timeline becomes most useful for understanding the period's actual stakes. Personal computing, semiconductors, telecommunications: all of it was moving fast in 1982, and Soviet intelligence was not watching from the sidelines. KGB Directorate T and the GRU's technical intelligence units ran what the Soviets called Liniya T, the Technology Line, which was a systematic acquisition effort targeting Western industrial and military technology. Not opportunistic. Systematic. There were target lists. We know about the target lists because of FAREWELL. The French intelligence operation, known internally as Farewell Dossier, had recruited Vladimir Vetrov, a KGB officer who handed over documentation of Soviet technology acquisition priorities. The CIA received this material. The target lists showed exactly which Western technologies Soviet intelligence was tasked to obtain, by what methods, and through which front organizations and cutouts in Western Europe. The Reagan administration used this intelligence to feed compromised and degraded technology into channels the Soviets were using to acquire it. The pipeline became the vulnerability. FAREWELL wasn't publicly revealed until years later. But in October-November 1982, the counterintelligence operations it enabled were running quietly in the background, alongside tightened COCOM restrictions on dual-use technology exports to the Soviet bloc. COCOM, the Coordinating Committee for Multilateral Export Controls, was the multilateral framework Western governments used to restrict technology transfer. The Reagan administration pushed hard on enforcement. Not everyone in Western Europe was enthusiastic, partly because their companies wanted the business and partly because the nuclear deployment politics made any U.S. pressure feel loaded. That friction mattered. Soviet acquisition networks in Western Europe ran partly through legitimate commercial channels, through third-country intermediaries, through academic and scientific exchanges. Tightening the controls was harder than announcing them. What Andropov's elevation specifically meant for this environment is worth sitting with. The declassified U.S. intelligence assessments from this period, documented later, show genuine concern about what KGB-influenced leadership meant for Soviet information operations targeting Western institutions. Andropov had built the active measures infrastructure. He understood it from the inside. Giving that person control over Soviet foreign policy was not, from an American counterintelligence standpoint, a neutral development. The RYAN system is also worth mentioning here. RYAN was a Soviet intelligence collection program, Raketno-Yadernoye Napadenie, nuclear missile attack, designed to provide early warning of a Western first strike. Andropov had overseen its development at the KGB. By 1982 it was generating significant collection requirements against NATO targets, which in turn was producing some genuinely alarming misreadings of Western military exercises and deployments. The 1983 Able Archer exercise would bring this tension to a head. But the architecture for that near-miss was already in place by November 1982. The illegals programs were also Andropov's work. Deep-cover Soviet intelligence officers operating under false identities in the United States and Western Europe had been developed and expanded under his KGB tenure. The counterintelligence challenge those programs presented to the FBI and allied services was substantial. You're not looking for someone behaving suspiciously. You're looking for someone who has spent years building a legend that holds up to scrutiny. None of this was new in November 1982. The machinery had been running for a long time. What changed was that the man who built it was now running Soviet foreign policy, and the competition over technology, information, and strategic positioning was, if anything, accelerating. The CED timeline documents a moment, not a revelation. But moments matter. The October-November 1982 window is one of those points where several things were happening simultaneously that would compound into something larger. The succession, the freeze movement, the technology acquisition operations, the FAREWELL intelligence, the RYAN collection pressure. None of it was visible in its totality to any single observer at the time. That's usually how it works. foreigninterference.org/post/ced-timel… #foreigninterference #InfluenceOperations #DisinformationCampaigns #TradeSecretTheft #TechnologyTransfer
English
0
0
0
23
Foreign Interference Research Center
Someone pointed me to an academic paper this week tracing state-sponsored cyber operations from 1982 through 2014, and the framing is actually useful for something people keep getting wrong about where this is all heading. The short version of what the paper covers: the 1982 CIA-linked Siberian pipeline sabotage via compromised SCADA code, the KGB's recruitment of West German hackers from the Chaos Computer Club in the mid-80s (Cliff Stoll's Cuckoo's Egg documents this in detail), and then the long arc through Stuxnet and Chinese APT campaigns against the U.S. defense industrial base. Continuous escalation, documented inflection points, 32 years of it. Here's why the framing matters for what comes next, not just what already happened. The paper makes a point about institutional continuity that most technical threat reporting glosses over. The organizations running aggressive cyber espionage today are not new. The SVR is the KGB's foreign intelligence successor. The PLA's cyber mission grew directly out of doctrine developed in the 1990s around what Chinese military theorists called "informationized warfare." These aren't startups. They have forty-plus years of muscle memory around what they want, who has it, and roughly how to get it. That's a different problem than stopping a novel actor who's still figuring out their targeting priorities. So when you think about trajectory, start there. The targeting logic is mature and stable. What's still evolving is the method, and the method is evolving fast in a particular direction. The 1982-to-2014 arc the paper documents moved from one-off physical sabotage and opportunistic network intrusion toward persistent access and scalable intellectual property theft. Stuxnet in 2010 was the public landmark for the physical effects side. The PLA Unit 61398 indictments in 2014 (the five officers DOJ named, Gu Chunhui, Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu) were the public landmark for the industrial-scale IP theft side. Those two lines haven't converged yet. They will. What does convergence look like? It looks like persistent access to critical infrastructure combined with the willingness to use it, not as a standalone attack, but as leverage or as a component of a broader operation during a geopolitical crisis. Russia already pre-positioned in U.S. energy and water infrastructure, that's documented in multiple DHS and CISA advisories going back to 2018. China's Volt Typhoon activity, which CISA and NSA flagged in 2023, is explicitly pre-positioning in communications and transportation networks. Neither of these is the attack. Both of them are the setup. The trajectory the paper traces from 1982 forward ends in 2014, but it points directly at where we are now: actors who have moved past the question of "can we get in" and are sitting on persistent access they acquired years ago, deciding when and whether to use it. For defenders, the actionable read is that the threat model has to account for accesses that were established years before they become relevant. A network intrusion that happened in 2019 might matter enormously in 2026 depending on what happens in the Taiwan Strait or in Ukraine. Incident response framing, which is built around detecting and ejecting an active threat, is structurally underequipped for this. You need to be hunting for dormant implants and legacy access paths that nobody tripped an alert on because nothing happened after they were placed. That's a different workflow and a significantly more expensive one. For officials and policymakers, the paper's point about strategic motivation is the part that doesn't get enough attention. These operations persist because the underlying strategic goals haven't changed. China wants defense technology, advanced manufacturing processes, and political intelligence about U.S. decision-making. Russia wants to degrade Western cohesion, maintain leverage over energy-dependent states, and preserve its ability to escalate. Patching vulnerabilities and indicting individual operators addresses none of that. The 2014 PLA indictments didn't slow Chinese IP theft in any measurable way. The operations just shifted to different infrastructure and different cover organizations. The next move for both actors is going to be further laundering of state operations through proxies and criminal-adjacent groups. Russia is well down this road already. GRU and FSB have used criminal hackers as cutouts since at least the early 2010s, and the overlap between the Sandworm cluster and EvilCorp-linked infrastructure has been documented by researchers at Mandiant and others. China is catching up. The Winnti cluster has commercial-facing components. The operational benefit is obvious: it adds a layer of deniability, it makes attribution harder, and it lets state agencies access criminal capability (ransomware infrastructure, money laundering, logistics) that they don't have to build themselves. For voters and for anyone trying to understand what election-period operations look like going forward: the escalation arc in this paper ends before the 2016 interference operations, before the GRU's hack-and-leak campaign through DCLeaks and Guccifer 2.0, before the IRA's social media operation. Those weren't departures from the historical pattern. They were the historical pattern applied to a new target set using updated tools. The same institutional actors, the same underlying motivation (degrade U.S. influence and internal cohesion), updated methods. The 2024 cycle saw Iranian actors targeting both campaigns, Chinese actors probing congressional and campaign infrastructure, and ongoing Russian influence activity. None of that is surprising if you've read the 1982-to-2014 arc. What should concern people about 2026 and 2028 isn't that foreign actors will try to interfere. They will, they always have, the paper literally documents 40 years of it. The concern is that the access they've already pre-positioned in U.S. infrastructure gives them a coercive option that goes beyond information operations. Disrupting election administration systems, degrading communications, creating enough visible chaos to undermine confidence in results without actually changing vote tallies. That's the next level, and the access to attempt it exists right now in networks that defenders haven't fully mapped. The paper frames 2014 as operational maturity. That's right. What we're in now is the deployment phase. foreigninterference.org/post/cyber-war… #foreigninterference #CyberEspionage #AdvancedPersistentThreatOperations #CriticalInfrastructureMapping #TradeSecretTheft
English
0
0
0
61
Foreign Interference Research Center
The playbook is older than most people realize. A declassified October 1982 State Department cable, sitting in Jack Matlock's files at the Reagan Library, shows the NSC already running systematic tracking of Soviet active measures against Western Europe. Front groups, TASS amplification, KGB targeting of West German opinion ahead of the Bundestag missile vote. The whole stack. This predates the Active Measures Working Group by roughly four years. The infrastructure for countering Soviet disinformation didn't appear in 1986 because someone had a new idea. It appeared because the groundwork was already there. foreigninterference.org/post/reagan-er… #foreigninterference #DisinformationCampaigns #InfluenceOperations #ComputationalPropaganda #ForeignInformationManipulation
English
0
0
0
12
Foreign Interference Research Center
Election interference isn't a new threat. It's a permanent feature of the competitive landscape that powerful states have exploited for decades. The Heinrich Böll Foundation just mapped the architecture across multiple actors: Russia's IRA-style propaganda operations, Iran's disinformation network (the U.S. seized 36 of their websites in June 2021 alone), covert campaign finance laundering, domain impersonation. Different players, same toolkit. The part that should stick with you: the U.S. has been systematically dismantling the defensive infrastructure that counters this stuff, right as the offensive capabilities of adversaries are well-documented and intact. foreigninterference.org/post/heinrich-… #foreigninterference #CampaignFinanceViolations #CounterDisinformationFrameworkElimination #CovertMediaFunding #DisinformationCampaigns #ElectionInterference
English
0
0
0
7
Foreign Interference Research Center
42 years ago today, the Reagan administration was quietly building a playbook for something they didn't have clean language for yet: what do you actually do when a hostile foreign intelligence service has dug into your country so thoroughly that normal law enforcement responses aren't enough? The answer, apparently, was a 17-option framework. CIA documents, later declassified, show that Judge William Webster, then FBI Director, brought this proposal to the table as part of a broader effort to get the government's arms around Soviet-bloc intelligence activity on U.S. soil. Seventeen specific options to limit and control what they were calling "hostile foreign presence." That's a phrase worth sitting with. Not "suspected spies." Not "illegal activity." Presence. The problem had grown large enough that it needed its own category. The Cold War context matters here. By 1984, Soviet intelligence operations in the United States had been running for decades. The KGB and GRU had assets in government, in academia, in industry. The Walker spy ring, which handed over U.S. Navy cryptographic secrets for years, wouldn't be rolled up until 1985. Robert Hanssen was already inside the FBI. The problem was not hypothetical. What made the Webster framework notable wasn't that the government was trying to counter foreign spies. Obviously they were doing that. What stood out was the scale of the coordination problem they were acknowledging. Seventeen options suggests they didn't have one clean answer. Multi-agency review processes, jurisdictional questions, resource allocation across the intelligence community. The documentation points to a government realizing that compartmentalized responses weren't cutting it anymore. You couldn't just have the FBI handle it on the law enforcement side while CIA handled the foreign intelligence side and hope the picture came together. That coordination failure, by the way, didn't get solved in 1984. It was still a central complaint in the 9/11 Commission report nearly two decades later. The framework also reflects something specific to that moment: the tension between operational effectiveness and constitutional guardrails was live and contested. These weren't theoretical concerns. COINTELPRO had ended just over a decade earlier, and the Church Committee had exposed what unchecked domestic intelligence operations looked like. The Reagan administration was trying to be more aggressive about foreign intelligence threats while operating in a post-Church Committee legal environment. That's a genuinely hard problem, and the documentation's emphasis on "legal and constitutional safeguards" wasn't just boilerplate. It was a direct response to recent history. Forty years on, the operational problem has metastasized in ways Webster's framework wasn't built to anticipate. "Hostile foreign presence" in 1984 meant people. Human intelligence, recruited assets, illegal officers running networks. The physical presence of foreign intelligence officers under diplomatic cover. The framework was designed around that world. The presence problem now includes infrastructure that has no physical footprint in the traditional sense. Influence operations running through domestic social platforms. Capital flowing through investment structures that obscure beneficial ownership. Academic exchange programs that function as technology transfer pipelines. Legal entities registered in the United States that serve foreign intelligence objectives without a single foreign national ever setting foot in a sensitive facility. The jurisdictional headaches Webster was navigating in 1984 look almost manageable compared to what counterintelligence agencies are dealing with now, where the question of which agency owns a particular threat vector is genuinely unresolved in some cases. Treasury, FBI, ODNI, DHS, DOJ's National Security Division. The interagency coordination problem that prompted a 17-option memo four decades ago spawned a permanent bureaucratic ecosystem that still hasn't fully cracked it. One concrete thing that did change coming out of this era: FISA, the Foreign Intelligence Surveillance Act, had passed in 1978 and was just settling into operational use by 1984. The Webster framework was being built in the early years of a legal structure that would later become central to every major counterintelligence debate, including the ones about surveillance overreach in the 2000s and beyond. The institutional architecture we fight about now has roots in exactly this period. The 17 options themselves remain classified in their specifics. What we know is the shape of the problem they were designed to address, and that shape is familiar. Foreign intelligence services treating American institutions as operational terrain. The question of how aggressively to respond without becoming something you'd rather not be. The bureaucratic friction of getting multiple agencies to work a problem together. Some things don't change. The terrain does. foreigninterference.org/post/reagan-ad… #foreigninterference #CounterintelligenceOperations
English
0
0
1
41
Foreign Interference Research Center
43 years ago today, a forged NSC memorandum was circulating in the Spanish press claiming the CIA had been secretly coordinating with Poland's Solidarity movement. The forgery ran in Tiempo on February 7, 1983. By July of that year, the Reagan administration had pulled together enough documentation to map out the operation in detail, and the picture that emerged was methodical. The Soviet playbook at this stage wasn't subtle so much as it was disciplined. Fabricated documents seeded into sympathetic or simply credulous outlets. Existing political fractures in Western Europe, particularly the fierce domestic debates over NATO missile deployments, treated as distribution infrastructure. You don't need to create the tension if it's already there. You just need to feed it something that looks like a document. The Solidarity angle was shrewd targeting. By 1983 the movement had enormous moral credibility across Western Europe's left. If you could tie it to the CIA, you didn't just discredit Solidarity. You handed every Western peace activist who was already suspicious of American intentions a reason to look away. The forgery wasn't aimed at Poles. It was aimed at West Germans, Italians, Spaniards. The people whose governments Washington needed to keep in line on the intermediate-range missile question. What the NSC files actually captured, beyond any single operation, was the architecture. How Soviet active measures units coordinated across multiple European outlets. How timing was calibrated to political moments. How the feedback loop worked between initial placement and secondary amplification. That analytical work mattered. The framework the Reagan team built for cataloging these techniques became the template for how Western counterintelligence thought about state-sponsored disinformation for the next decade, and honestly the conceptual vocabulary hasn't changed as much as people assume. The threat did change, though. Dramatically. What required a foreign intelligence service running a forgery operation through a Madrid newspaper in 1983 now takes an afternoon, a few synthetic accounts, and a news cycle willing to move faster than verification. The discipline is largely the same. The barrier to entry collapsed. That's the uncomfortable throughline from those NSC files to the present: the doctrine aged well. The infrastructure costs did not. foreigninterference.org/post/reagan-ad… #foreigninterference #DocumentForgery #MediaImpersonation #StateMediaCoordination
English
0
0
1
22
Foreign Interference Research Center
Hasina is sitting in India, publicly declaring she'll be back in Bangladesh before the end of 2026, and New Delhi is letting her run that campaign from their soil while simultaneously refusing to honor Bangladeshi extradition requests. That's the baseline fact here. Everything else follows from it. She was ousted in August 2024 after security forces killed protesters during a mass uprising. Criminal proceedings in Bangladesh are ongoing, covering precisely that violence. India's response has been to provide sanctuary and, apparently, a platform. Her recent statements about returning to fight for "the people's political rights and democracy" weren't made in a vacuum. They're being made from the territory of a neighboring state that has a documented interest in her political rehabilitation. The foreign interference attribution question isn't subtle. When a former head of government conducts a public campaign to return to power, from the soil of a neighboring country, while that country refuses extradition, the host state is a participant in the campaign whether it formally endorses her statements or not. New Delhi's posture isn't neutral. Hosting Hasina while she makes these declarations and blocking the legal mechanisms Bangladesh is trying to use against her are active choices. The Bangladeshi interim government under Muhammad Yunus has protested this through diplomatic channels repeatedly. It hasn't changed anything. What makes the regional picture more complicated is that China has been explicit about this. Xi Jinping's direct pledge of support for Bangladesh's sovereignty and his rejection of "foreign interference" during meetings with Yunus were assessed by basically everyone paying attention as pointed commentary on India's Hasina situation. Beijing rarely speaks that plainly without purpose. Framing Indian political support for Hasina as foreign interference is tactically useful for China because it simultaneously positions Beijing as the principled actor and delegitimizes New Delhi's influence operations without China having to do much beyond showing up diplomatically. China also has BRI investments running through Bangladesh, so the economic cultivation is layered in alongside the rhetoric. So Bangladesh is currently managing: Indian state-facilitated political interference via Hasina's sanctuary and India's extradition refusal, Chinese economic leverage through BRI, Chinese diplomatic cultivation of Yunus framed explicitly as anti-interference solidarity, and the overlay of U.S. democratic governance programming that comes with any transitional government the West decides to take an interest in. Three major external actors, three distinct interference vectors, and a fragile transitional government trying to stabilize domestic politics while all of this is happening around it. The analytical problem is that there's no framework that handles this cleanly. Transnational repression frameworks are built mostly around authoritarian states pursuing dissidents across borders. Hasina isn't a dissident. She's a former autocrat seeking return to power with apparent backing from a democratic regional hegemon. Standard foreign interference analysis tends to focus on covert influence operations, information campaigns, election interference. What India is doing here is largely overt. It's just choosing not to extradite and allowing her to speak. The covert/overt distinction matters for how international law and norms apply, and right now India is operating mostly in the overt space, which makes it harder to call out through the usual channels. China's move is sharper in some ways. The explicit sovereignty rhetoric coming out of Beijing gives the Yunus government political cover to push back on India while accepting Chinese economic engagement. From Dhaka's perspective, China is offering something India is currently withholding: affirmation that Bangladesh's domestic political situation is Bangladesh's to manage. Whether you believe China's stated position has anything to do with its actual interests is a separate question, but the tactical value to Yunus of having Xi publicly on record against "foreign interference" is real. The 2026 timeline Hasina has set for herself matters. Bangladesh is supposed to be working toward elections under Yunus. If she's signaling a return, the question is whether she's signaling a return as a political candidate or as a figure seeking to destabilize the electoral process before it produces a result that forecloses her future. Either scenario requires her to have continued Indian backing, and India's calculation on whether to maintain that backing is going to be driven by its own assessment of who they'd rather deal with in Dhaka long-term. The Bangladeshi legal proceedings against her are the leverage point that neither side can quite control. If the cases proceed and produce convictions, her return becomes much harder to legitimize even with Indian support. If proceedings stall or are perceived as politicized, India has more room to position her return as a democratic restoration rather than a fugitive's comeback. The framing war around those proceedings is happening in parallel to everything else. For anyone tracking transnational interference, the Hasina situation is a reasonably clean case study in state-facilitated political interference operating in the open. India isn't running a covert op here. It's just using the ordinary tools of state power, including jurisdictional refusal and territorial access, to shape political outcomes in a neighbor's domestic environment. The fact that it's overt doesn't make it less consequential for Bangladesh's transitional government. It might actually make it more so, because there's no operation to expose and disrupt. foreigninterference.org/post/sheikh-ha… #foreigninterference #DiplomaticSanctuary #InfluenceOperations #AntiInterferenceRhetoric #GovernmentDestabilization #PoliticalInfiltration
English
0
0
1
52
Foreign Interference Research Center
Day 1586 of the Russia-Ukraine war. Katya Soldak is still filing for Forbes. The war is old enough that most Western outlets have rotated correspondents multiple times, which makes the continuity of this kind of reporting more useful than it probably gets credit for. The dispatch covers ground worth unpacking, because several threads are running simultaneously and they intersect in ways the summary-level coverage tends to flatten. Start with the Belarus relay stations. Russia has physically installed drone relay infrastructure on Belarusian territory to extend strike range into Ukraine. This is not a theoretical arrangement or a diplomatic abstraction. The hardware is there, it is functional, and it is being used. Ukraine's response has been to issue Lukashenko something close to an ultimatum: disable the infrastructure or face the consequences of being treated as an active participant in the strikes, not a passive host. The military logic is obvious. The information warfare logic is at least as important. Kyiv is not primarily trying to get Lukashenko to comply. He almost certainly will not, because the Russian security relationship leaves him functionally no room to. What Ukraine is doing is building the public record. Every time the demand is made and refused, every time a strike is traced back through Belarusian-hosted relay infrastructure, the case for treating Belarus as a co-belligerent gets incrementally stronger in front of European and American audiences. The ultimatum is the message. Lukashenko's non-compliance is the content Ukraine is generating. This is fairly textbook information operation design, and it is being run in parallel with a genuine military problem Ukraine is trying to solve. On the cyber side, Google's exposure of the Turla STOCKSTAY backdoor campaign is the kind of disclosure that deserves more attention than it usually gets in conflict coverage. Turla is one of Russia's most mature APT operations, associated with the FSB and active for roughly two decades. STOCKSTAY is a backdoor targeting Ukrainian systems, and Google's Threat Intelligence Group publishing on it serves a dual purpose: it puts defenders on notice with technical indicators, and it is itself an attribution operation that publicly ties Russian state infrastructure to espionage against a country Russia is simultaneously bombing. The exposure is the counter. You degrade the operation's usefulness by burning the tooling, and you do it publicly because the public burn has information value that a quiet patch cycle does not. Ukraine has been running its own offensive information capabilities for a while now, and a few of them are worth naming specifically. TrophyLab is an open-source intelligence platform Ukraine built to release captured Russian military intelligence to external researchers and governments. The theory is sensible: Ukraine has ground truth that outside analysts want, and rather than gatekeeping it, they publish it in ways that build attribution capacity internationally. If you can get allied governments and independent OSINT communities working off the same primary source material, you get a more durable and distributed attribution ecosystem than any single intelligence service could produce alone. This is partly pragmatic, Ukraine does not have unlimited intelligence bandwidth, and partly strategic, because the more governments that independently corroborate Russian actions, the harder those actions are to diplomatically bury. The catfishing operations are less elegant but apparently effective. Ukrainian intelligence has been running romantic persona operations against Russian frontline troops, using fabricated social media identities to develop relationships with soldiers and extract geolocation data. This is not a new technique in the history of intelligence operations. What is notable is deploying it at scale, systematically, against a standing army during active combat operations. The yield is targeting data. A soldier who tells someone he thinks is a girlfriend where he is stationed has provided actionable coordinates, and the intelligence pipeline from that conversation to a strike decision is apparently not long. The CIA partnership context matters here. Ukrainian intelligence services have had a decade-long working relationship with the CIA, and reporting has established that this relationship substantially upgraded Ukrainian counter-espionage and intelligence collection capability before the 2022 invasion. The sophistication of operations like TrophyLab and the catfishing programs is not coincidental to that partnership. Ukrainian intelligence is running these at a level that reflects serious institutional development, not improvisation. RT's European operations in the current period deserve a separate note. The reporting documents RT exploiting the UK Starmer arson crisis for disinformation operations. The specific mechanism matters: RT and affiliated channels have been using real crisis events in target countries as amplification hooks, inserting narratives into genuine public anger rather than manufacturing crises from scratch. This is more resilient than pure fabrication because fact-checkers correcting false claims do not address the emotional core of real grievances that the disinformation is attaching itself to. The UK arson incidents involved real events, real public anxiety, and real political tension. RT's involvement is about steering and amplifying that existing material, not inventing it. The DoppelGänger campaign, which CYBERCOM has documented, operates on similar logic at a broader geographic scale. DoppelGänger is a Russian-linked influence operation that creates fake versions of legitimate news websites and uses them to launder fabricated content into the information environment. CYBERCOM's documentation is notable because it represents the US military's public attribution infrastructure being deployed against an information operation. That is a relatively recent development in how the US government handles this, and it reflects a shift toward treating public exposure as a tool rather than a security cost. The operational picture at day 1586 is a conflict in which the kinetic, electronic, and information domains are not running in parallel, they are integrated at the tactical level. Relay infrastructure on Belarusian soil is simultaneously a targeting asset, an escalation signal, and an information warfare opportunity depending on who is using it and how. A cyber backdoor that gets exposed publicly is no longer just an espionage tool, it becomes an attribution asset for the country being targeted. A catfishing operation that extracts coordinates feeds a fire mission. None of these functions are separable in practice. The lesson that adversary states are taking from this is straightforward. If you are assessing hybrid warfare doctrine for a potential conflict with a Western-aligned state, Russia's Ukraine operations provide a detailed operational record of what integration looks like at scale and under sustained pressure. Some of it has worked. Some of it has failed conspicuously. All of it is being watched, documented, and studied. The fact that we are at day 1586 and this level of operational complexity is still being maintained on both sides is itself a data point. This is not a war that has degraded into attrition with information operations as an afterthought. The information domain is still being actively contested with new tooling and new techniques on both sides, while the artillery is still firing. foreigninterference.org/post/forbes-uk… #foreigninterference #DisinformationCampaigns #CyberEspionage #CommunicationJamming #DroneSurveillance #InformationDomainOperations #MultiDomainWarfareCoordination
English
0
0
0
57
Foreign Interference Research Center
Araghchi was in Baghdad last week meeting with Iraqi officials and pitching what he called a "collective regional security" framework. The timing was not accidental. Active U.S.-Iran military exchange ongoing, Hormuz negotiations live, Iranian proxies running operations against Bahrain and Kuwait simultaneously. That's the context for the diplomatic charm offensive. Here's what's actually being built, and where it goes from here. Baghdad has been Iran's preferred staging ground for influence projection for years. The Iraqi political system is riddled with factions that maintain direct institutional ties to Tehran, which means when Araghchi shows up and holds "high-level meetings," he's not pitching skeptics. He's activating infrastructure that's already in place. The meetings formalize relationships that were already operational. That's an important distinction because it means the diplomatic visit is less about persuasion and more about signaling: to Washington, to Gulf capitals, and to Iraqi factions that Tehran is coordinating across domains even while taking military hits. The "collective regional security" framing is the part that deserves more scrutiny than it's getting. Iran has run this rhetorical play before. You define regional security as something that belongs to the region's own nations, you position any outside military presence as by definition illegitimate interference, and you present yourself as the mature, constructive actor calling for indigenous solutions. It sounds reasonable on the surface. That's the point. The cognitive objective is to shift the political vocabulary in Arab capitals so that U.S. military partnerships gradually become harder to defend domestically. Not overnight. Over several years of repetition. The audience for this framing right now is specifically the Arab Gulf states. Saudi Arabia, the UAE, Kuwait. All of them have U.S. security relationships that Tehran wants to erode. Tehran knows it can't simply bully those states into dropping Washington. But it can complicate the domestic and regional politics of those relationships, especially if it can get Iraqi officials to echo the "collective security" language at multilateral forums. Iraq is an Arab League member. If Baghdad starts amplifying Iranian-origin framing about regional security architecture, that's not Iran talking anymore. That's an Arab government talking, which plays very differently in Riyadh. So watch for that: Iraqi officials at regional forums adopting language that mirrors Araghchi's talking points without direct attribution to Tehran. That's the laundering mechanism. It's not sophisticated in a technical sense. It's just patient and it works. The dual-track operation running right now is worth mapping out explicitly. On the kinetic side, Iranian proxies are conducting military operations against Gulf states. On the diplomatic side, the Iranian FM is in Baghdad calling for peace and regional cooperation. These are not contradictory strategies running in parallel by accident. Iranian information warfare doctrine, documented across multiple operations over the past decade, treats military pressure and diplomatic legitimization as coordinated tools. The military operations create urgency and fear. The diplomatic framing offers an exit ramp that happens to be structured entirely on Iranian terms. Gulf states get to choose between continuing to absorb proxy attacks or embracing a regional security framework that marginalizes U.S. presence. That's not a good faith negotiation. It's a coercive architecture dressed in diplomatic language. What should U.S. officials and Gulf partners actually watch for in the near term? First, whether Baghdad begins formally echoing "collective security" language in official communications or bilateral meetings with Gulf states. Iraqi PM Sudani has been trying to walk a line between Washington and Tehran for his entire tenure. If his government's public language starts drifting toward the Araghchi framing, that's a tell about which direction the pressure is winning. Second, whether Iran uses any ceasefire or negotiation period around Hormuz to accelerate this diplomatic campaign rather than pause it. Periods of de-escalation are historically when Iran's influence architecture expands fastest, because pressure from Washington decreases and Iraqi political space opens up. If talks begin and Araghchi or his counterparts immediately schedule follow-on meetings in Baghdad or Beirut or Damascus, that's the pattern activating. Third, and this is for the Gulf states specifically: watch your own domestic media and think tank ecosystem for "collective regional security" language appearing without clear sourcing. Iran has used front organizations and friendly academics in Gulf countries before to launder messaging. The current campaign gives that content a fresh hook. For U.S. planners, the harder problem is structural. The Iraqi political system's entanglement with Iranian-aligned factions is not something that gets fixed in a news cycle or even a policy term. It's been fifteen years in the making. The Baghdad meetings this week aren't a crisis. They're a status report on an architecture that's been under construction since 2005. What's new is the brazenness of running the diplomatic track in parallel with active proxy military operations against U.S. partners. That's a calibration. Tehran is testing whether the current U.S. posture will tolerate the dual track or push back on it directly. So far the answer appears to be: tolerate it. And Iran will draw conclusions from that. foreigninterference.org/post/iran-s-re… #foreigninterference #InfluenceOperations #AntiInterferenceRhetoric #DisinformationCampaigns #ProxyMilitaryAttack #RegionalInfluenceOperations
English
0
0
0
54
Foreign Interference Research Center
Peter Van Orselen went after Mike Burgess in the Daily Mail Australia this week, and it's a critique worth sitting with even if you don't fully agree with it. Burgess is the Director-General of ASIO. He's been increasingly public, increasingly prominent, and by any honest measure has become one of the more authoritative voices in Australian public life on security questions. Van Onselen's argument is that this is itself a problem, regardless of whether Burgess is right about any particular thing. His framing: a democracy should be worried when an unelected intelligence chief becomes "one of the country's most authoritative public moral commentators." That's the nub of it. The timing matters. Burgess had just made headlines with some significant disclosures, including that a former Australian resident had directed an attack on a Melbourne synagogue. That kind of revelation lands hard. It's exactly the sort of thing that reinforces Burgess's public standing and makes it politically difficult for anyone to push back on his broader commentary. Van Onselen did it anyway, which at minimum takes some nerve. The tension Van Onselen is poking at is real, and it's not unique to Australia. Intelligence agencies across the Five Eyes have been pushed, rightly, to communicate more openly about foreign interference threats. The rationale is solid: you can't build public resilience against foreign manipulation if the public doesn't know the manipulation is happening. ASIO has documented Chinese influence operations extensively. It has identified what it calls unprecedented convergence of espionage, foreign interference, and transnational repression threats. The case for a more communicative ASIO is not a weak one. But here's where the accountability question bites. When an intelligence chief speaks, they speak with enormous institutional weight behind them. Assessments don't just inform debate, they can effectively settle it. And unlike a minister or a senator, the Director-General of ASIO isn't sitting across from anyone in question time. He's not defending his framing to a parliamentary committee every time he makes a public statement. The expanded public role has not been matched by expanded parliamentary oversight of that role. That's a genuine structural gap, not a hypothetical one. The foreign interference legislation that has expanded ASIO's operational mandate has also amplified its institutional voice. As the statutory authority on what counts as foreign interference, as the agency that briefs politicians and brief the press and names threats by name, ASIO under Burgess has a platform that operates largely on its own terms. Van Onselen's concern is that this slides from threat communication into something closer to political agenda-setting, without the democratic circuit-breakers that we'd expect to apply to anyone else with that kind of reach. Whether Burgess has actually crossed that line is a separate question, and Van Onselen isn't necessarily claiming he has. The critique is more structural than personal. But the structural critique is the sharper one. You don't need a rogue spy chief for this to be a problem. You just need the architecture to be set up in a way where the incentives and the accountability mechanisms don't line up properly, and over time the role expands because there's nothing to stop it from expanding. This tension shows up across Five Eyes nations in slightly different forms. In the UK there have been similar debates about GCHQ and MI5 directors using public speeches to weigh in on policy questions. In the US the DNI's public posture has been a recurring political flashpoint. The Canadian and New Zealand equivalents have had their own versions of this. The common thread is that agencies tasked with countering foreign interference have necessarily become more public-facing, and the oversight frameworks haven't kept pace. For people who track foreign interference specifically, the accountability question isn't some abstract civics concern. It cuts to the heart of how democracies defend themselves without hollowing out the features that make them worth defending. If the counter-interference institutional architecture concentrates too much interpretive authority in unaccountable hands, that's a vulnerability, not just a governance imperfection. Foreign influence operations are very deliberately aimed at eroding public trust in democratic institutions. An ASIO that overreaches, or is credibly perceived to overreach, does some of that work for them. Van Onselen's critique won't be the last word on this, and Burgess has defenders who will argue the expanded public role is a proportionate response to a genuinely unprecedented threat environment. They have a point too. But the debate itself is healthy and overdue. foreigninterference.org/post/peter-van… #foreigninterference #OversightReform #DemocraticInstitutionProtection #CounterInterferenceLegislation
English
0
0
0
56
Foreign Interference Research Center
Iran-Contra broke in November 1986 and handed Moscow a gift no forger could have manufactured. The Reagan team had spent five years running the Active Measures Working Group, publishing attribution reports, exposing Soviet fabrications. Then it turned out the same administration was secretly selling arms to Iran. The Soviets didn't need a disinformation campaign after that. The credibility damage was self-inflicted, and they knew exactly how to pour salt in it. foreigninterference.org/post/reagan-er… #foreigninterference #CounterDisinformationFrameworkDevelopment #DisinformationCampaigns #ForeignInformationManipulation #InformationDomainOperations #StateMediaCoordination
English
0
0
0
28
Foreign Interference Research Center
The short version: Reagan Library archival papers from November 1986 document the month Iran-Contra broke publicly, and they illuminate something that gets underplayed in the standard scandal narrative. The Soviets didn't need to make anything up. The authentic contradictions were the weapon. That's the part worth sitting with, because it keeps happening. The KGB's active measures apparatus in late 1986 was handed material that no forgery shop could have produced. The Reagan administration had spent years building genuine credibility exposing Soviet disinformation, running what was arguably the most effective counter-disinformation operation any U.S. government had mounted to that point. The Active Measures Working Group, State Department public diplomacy, the whole infrastructure. It worked. Soviet forgeries were getting debunked publicly, systematically, with documented evidence. And then November 25th arrived, Edwin Meese stood at a podium, and the administration disclosed that it had secretly sold arms to Iran, a government it had publicly called a terrorism sponsor and tried to isolate internationally, and had diverted the proceeds to the Nicaraguan Contras through channels specifically engineered to hide from Congress. No fabrication required. The thing Soviet active measures operators most wanted, a narrative of American hypocrisy that couldn't be debunked, had been handed to them gratis by American decision-makers. The lesson isn't complicated, but it keeps getting relearned. Foreign adversary information operations are not primarily a fabrication problem. They're an exploitation problem. The best disinformation isn't false. It's true material placed in a frame, amplified at the right moment, directed at the right audience. The KGB understood this. The contemporary successors to that institutional knowledge understand it too, arguably better, with distribution infrastructure that 1986 Soviet operators would have found incomprehensible. So here's what the November 1986 documents actually signal, not as a historical curiosity but as a forward-looking diagnostic. The oversight circumvention model keeps recurring, and each time it does, it creates the same vulnerability. The Iran-Contra operations were run through the NSC staff rather than the CIA precisely because CIA covert actions required congressional notification under the post-Church Committee framework. That was a deliberate architectural choice, not a management failure. Oliver North and John Poindexter were not incompetent people who stumbled into oversight violations. They engineered around the oversight requirements intentionally. And the consequence wasn't just a domestic political crisis. It was an intelligence counterintelligence disaster. Multiple foreign intelligence services, including Soviet services, knew about the Iran arms sales before the American public or Congress did. Think about what that means operationally. Adversaries had months to prepare exploitation strategies while the target government was still operating under the illusion of secrecy. That gap, between when an adversary learns something and when a democratic public learns it, is a window. It's been a window in 1986. It was a window in 2016, when Russian intelligence services had extensive knowledge of hacked material before its public release, allowing for coordinated timing of dumps. The window is structural, not accidental. Classification and covert action create it. Oversight circumvention widens it. The trajectory from 1986 runs in two directions that are worth tracking separately. On the tradecraft side: modern foreign interference operations have internalized the Iran-Contra lesson at scale. The Internet Research Agency's most effective content in 2016 wasn't invented grievance. It was authentic American political conflict, amplified, sorted by audience, and timed. The GRU's most effective operation in 2016 wasn't the hack. It was the selective release, the framing, the way authentic emails were curated and packaged. Russian active measures in 2016 were better than Soviet active measures in 1986 partly because the distribution technology was better, but also because the underlying doctrine had been refined over thirty years. Find the authentic contradiction. Exploit it. Don't fabricate when you can curate. The next evolution of this, which is already visible in current Russian, Chinese, and Iranian operations, is the synthetic amplification of authentic material. Fabricated accounts, AI-generated personas, coordinated inauthentic behavior, all in service of amplifying things that actually happened. The content is real. The apparent consensus around it is manufactured. This is Iran-Contra doctrine running on 2024 infrastructure. On the governance side: the oversight architecture that Iran-Contra broke, and that the subsequent congressional investigations tried to repair, is under sustained pressure again from multiple directions. The specific mechanism matters. When covert or sensitive operations are deliberately routed around oversight bodies, whether congressional intelligence committees, inspectors general, or interagency review processes, the operational security fiction they create is visible to adversaries before it becomes visible to overseers. That's not a theoretical vulnerability. It's documented. It happened in 1986. The congressional investigations found that Soviet and other services had penetrated knowledge of the operations. The overseers were the last to know. Anyone tracking foreign interference in 2024 and beyond should be watching specifically for this pattern: operations or policy decisions that are structured to limit oversight not incidentally but architecturally, as a design feature. Those create the widest and longest adversary exploitation windows. And adversary services are patient. They don't always exploit immediately. Sometimes the value is in holding the knowledge, waiting for the domestic political moment when its release causes maximum disruption. The Soviets in 1986 were playing a long game with Iran-Contra material. There is no particular reason to believe current adversaries are less patient. A few more specific things to watch. The "authentic material" vulnerability is getting worse, not better. In 1986, the Soviets needed human sources or signals intelligence to learn what the U.S. government was actually doing covertly. In 2024, covert activities leak through contractors, through metadata, through procurement records, through the social media activity of people adjacent to operations. The surface area for adversary collection of authentic material has expanded dramatically. Which means the supply of authentic contradiction available for exploitation has also expanded. Any democratic government running a gap between its public commitments and its actual conduct, on any issue of significance, should assume that gap is either already known to adversary services or will become known, and should plan accordingly. Not just for the domestic political exposure but for the foreign exploitation. The credibility infrastructure problem is worse too. The Active Measures Working Group that the Reagan administration built in the early 1980s had genuine credibility when it debunked Soviet forgeries, partly because the administration had itself maintained a degree of credibility. After November 25, 1986, that was gone. The same counter-disinformation officials who had spent years saying "that Soviet document is a fabrication" were now operating in an environment where the Soviet response was, essentially, "and your government secretly sold arms to Iran, so." The asymmetry is brutal. It takes years to build counter-disinformation credibility. It takes one authenticated scandal to substantially degrade it. The current U.S. counter-disinformation infrastructure, such as it is after years of political attack, budget pressure, and the shutdown of GEC and related programs, starts from a weaker credibility position than the Reagan-era apparatus did. Which means the exploitation window for authentic-material operations is wider. Foreign adversaries know this. Russian and Chinese state media have been consistent and systematic in targeting the legitimacy of any U.S. government body that calls out disinformation. That's not accidental. Degrading the referee is part of the game plan. One last thing the November 1986 documents surface that deserves more attention than it usually gets. The Iran-Contra operations were not just a domestic oversight failure. They were a strategic intelligence failure with counterintelligence dimensions that took years to fully understand. The fact that multiple foreign services knew about the arms sales before Congress did means that the operational security assumptions underlying the entire enterprise were wrong. People were making policy decisions, taking risks, building operational structures, based on a belief in their own secrecy that wasn't justified. That's a decision-quality problem. If you're designing an operation partly around the assumption that it won't become public, and adversaries already know about it, you've made your risk calculations on false premises. The forward-looking version of this concern is about the relationship between operational security assumptions and actual adversary knowledge in any sensitive context. Policymakers who believe they're operating in secret when they're not will make different, often worse, decisions than policymakers who account for the possibility of exposure. And democratic governments in particular face a structural problem: the people most likely to find out what your government is doing covertly include both your domestic oversight bodies, which you might trust, and adversary intelligence services, which you should not. If you route around the former to preserve secrecy, you don't actually get secrecy. You just lose the oversight while the adversaries keep their access. November 1986 was thirty-eight years ago. The specific characters and operations are history. The structural dynamics are not. foreigninterference.org/post/reagan-ns… #foreigninterference #DisinformationCampaigns #ForeignInformationManipulation #InfluenceOperations #CovertFacilityOperation #CounterDisinformationFrameworkDevelopment
English
1
0
2
99
Foreign Interference Research Center
Burkina Faso's military junta severed diplomatic ties with France, and Paris is now weighing reciprocal measures. The French Foreign Ministry confirmed it is considering a retaliatory response. That's the headline. The more important story is the one that's been running for about three years now, and at this point it's less a surprise than a checklist item. Mali went first. Then Niger. Now Burkina Faso. Each followed roughly the same script: accusations of neo-colonial interference, expulsion of French military personnel and diplomatic staff, pivot toward Russian partnerships, and a domestic information environment increasingly saturated with narratives that happen to align precisely with what RT and affiliated outlets have been pushing into Francophone Africa since at least 2021. The Burkina Faso junta also expelled the EU envoy earlier, after a human rights resolution it didn't appreciate. That one got less attention than it deserved. The "neo-colonial interference" framing is worth dwelling on for a moment, not because it's factually baseless in every instance (France's history in the Sahel is genuinely complicated and African publics have real, legitimate grievances), but because of how precisely and consistently it maps onto Russian state media's regional information priorities. RT's coverage of the diplomatic rupture frames France's alleged neo-colonial conduct as the cause, full stop, with no apparent curiosity about who benefits from that framing or what fills the vacuum after French forces and intelligence assets leave. That framing didn't emerge organically in three separate countries in three separate years through three separate political crises by coincidence. Influence operations don't require fabricating grievances. They require finding real ones and making them louder at strategically useful moments. Wagner Group successor organizations, operating under rebranded structures after Prigozhin's death, have been the on-the-ground component of this. Russian state media has been the narrative layer. The juntas themselves are not puppets in any simple sense, but they are governments whose political interests have aligned conveniently with Russian regional strategic goals, and that alignment has been cultivated, not accidental. What Russia gets out of this is straightforward. Every French expulsion degrades French intelligence collection capacity in a region where jihadist activity is significant and where France has been one of the primary Western intelligence presences. Every diplomatic severance expands Russian access, whether in terms of military basing conversations, resource extraction negotiations, or simply the informational vacuum that opens when Western diplomatic relationships collapse. The Sahel is not incidental to Russian strategy. It's a demonstrable success story for an influence operation playbook that has now worked three times in sequence. France's dilemma is structural and doesn't have a clean answer. Reciprocal measures, the option Paris is currently weighing, carry the obvious problem that they tend to confirm the narrative being used against France. If you're being accused of neo-colonial interference and your response is to escalate diplomatically against a small African state, you are not winning the information battle. Passive acceptance, on the other hand, signals that this approach works, which is not a signal you want to send when European intelligence analysts are already describing the Burkina Faso case as a potential template for dismantling Western diplomatic infrastructure across vulnerable regions. There are other countries in Francophone Africa where the same playbook could run. The Burkina Faso junta government came to power in a coup. So did Mali's. So did Niger's. These are not democratic governments with deep popular mandates who arrived at anti-French positions through careful policy deliberation. They are military governments whose legitimacy is fragile domestically and who have found that anti-Western posturing, amplified by a willing Russian media ecosystem, functions as a substitute for that legitimacy. That's a useful thing to understand when assessing how durable these alignments actually are, though durability is a separate question from immediate strategic damage, and the immediate strategic damage is real regardless. France is not entirely a passive victim in this story either. Decades of Françafrique, military interventions, support for governments that were convenient rather than legitimate, and a general posture of treating former colonies as a managed sphere of influence created the soil in which these narratives grow. Russian state media didn't invent anti-French sentiment in West Africa. It found sentiment that existed, invested in amplifying it, and timed its amplification to coincide with moments of political instability when juntas needed external legitimization and a foreign enemy. That combination is what makes this kind of operation effective. It's very hard to counter a narrative that contains enough truth to be credible. European intelligence services watching this sequence are not, I think, primarily worried about Burkina Faso specifically. They're worried about what comes next and whether Western governments have a coherent response to a playbook that has now demonstrated three consecutive successes. The answer to that question is not obvious from the outside, and France's current posture of weighing reciprocal measures without any visible strategic counter-narrative initiative suggests Paris itself hasn't fully worked it out. foreigninterference.org/post/france-es… #foreigninterference #DisinformationCampaigns #DiplomaticSeverance #RegionalInfluenceOperations #AntiInterferenceRhetoric #StateMediaCoordination
English
0
0
0
30
Foreign Interference Research Center
Estonia explicitly accepting Ukrainian drone incursions into its airspace "as the price of hurting Russia" is one of those sentences that would have been unthinkable in 2019. It's now just a policy position, stated plainly, reflecting how much the normative ground around airspace sovereignty has shifted since full-scale invasion. The NATO drone exercise documented by Military.com, with analysis from Airwayz Executive Chair Yaron Rosen, is worth unpacking because it sits at an intersection that doesn't get treated as a unified problem nearly often enough: drone warfare, electronic warfare, and what airspace sovereignty actually means when an adversary can reach into it without crossing a physical border. Start with what Russia has already demonstrated it can do. Electronic warfare operations redirecting Ukrainian naval drones into NATO territory. Persistent GPS jamming across Baltic and Nordic airspace. These aren't theoretical capabilities being war-gamed in a think tank. They're operational. The jamming campaigns targeting Baltic states have been running long enough that aviation authorities in Finland, Estonia, Latvia, and Lithuania have been issuing navigational warnings as a matter of routine. Commercial pilots have reported GPS spoofing. The interference is real, it's persistent, and it is, by any reasonable definition, foreign interference in critical navigation infrastructure. The Belarus angle deserves more attention than it typically gets. Belarus functions as a drone relay and staging platform for Russian operations, which means a NATO-adjacent territory is being used to extend the operational reach of Russian hybrid warfare without Russia having to take direct visible ownership of every action. That's a familiar structure for anyone who tracks how covert and hybrid operations work: you use a third country's territory to add a layer of deniability and complicate attribution. Belarus isn't a new story but its role as an extension of Russian drone operations is a concrete, documented example of third-country territory being weaponized in ways that don't fit neatly into conventional alliance defense frameworks. The multinational coordination challenge the exercise focused on reflects lessons being learned the hard way in Ukraine. Drone proliferation at the scale seen there creates layered airspace management problems that didn't exist in any prior NATO operational context. You have military systems, commercial systems, systems that started as commercial and got militarized, systems operated by state actors, systems operated by volunteer units, and now autonomous systems capable of being redirected by adversary electronic warfare. Deconflicting all of that across multiple national militaries with different doctrine, different communication systems, and different rules of engagement is genuinely hard. The exercise is an institutional acknowledgment that the alliance needs shared doctrine for this, because the alternative is finding out the hard way what happens when you don't have it. The intelligence dimension is underappreciated in most public discussion of drone exercises. When military drone operations occur in contested airspace, they create collection opportunities. Adversary states can observe flight patterns, identify coordination procedures, map electronic signatures of detection and countermeasure systems, and potentially intercept communications. An exercise involving the integration of commercial drone detection with military electronic warfare systems is generating exactly the kind of operational data that foreign intelligence services invest significant resources to obtain. The dual-use nature of commercial detection systems matters here: the same capabilities that can support border security and foreign interference detection can also expose the technical parameters of allied defensive systems to anyone watching carefully. Rosen's framing of commercial drone detection integration with military electronic warfare as a dual-use capability cuts both ways, and that's worth sitting with. The integration is necessary. Civilian airspace and military airspace aren't cleanly separable in practice, particularly in small countries with dense populations and significant commercial air traffic. Estonia, Latvia, Lithuania: these are not large countries with vast unpopulated buffer zones. GPS jamming that affects military navigation also affects commercial aviation and maritime traffic. So any serious doctrine has to account for the civilian infrastructure dimension. But building that integration also creates a larger attack surface and a more complex system to secure against adversary interference. The Estonia-Ukraine arrangement is the most interesting normative precedent to watch. An EU and NATO member state explicitly accepting that drones from a non-member conducting offensive operations against a third state may enter its airspace as a tolerated operational cost. That's not how airspace sovereignty traditionally works. It represents a pragmatic accommodation to operational reality, but it also sets a precedent that cuts in multiple directions. If allied nations can accommodate offensive drone incursions from partners, the legal and normative framework for what counts as a violation of sovereign airspace becomes considerably more complicated to enforce in other contexts. Adversaries and their lawyers notice these things. NATO airspace management doctrine now has to account for an adversary capability that didn't factor into its foundational frameworks: the ability to redirect autonomous systems through electronic means without physically crossing a border. That's a different kind of sovereignty violation than anything the alliance's original architects planned for. You can't intercept a GPS spoofing signal the way you intercept an aircraft. The response has to be technical, doctrinal, and diplomatic simultaneously, which is why exercises like this one matter even when the public-facing reporting on them is fairly thin on operational detail. The broader pattern here is the gradual normalization of airspace as an active domain of geopolitical competition, not just a medium through which competition happens. Russian jamming operations, Ukrainian drone incursions accommodated by Baltic states, Belarus as a relay platform, commercial systems being militarized at scale in Ukraine: these aren't isolated incidents. They're data points in a sustained effort by Russia to establish that airspace control can be contested, degraded, and weaponized through means that fall below the threshold of acts of war requiring a formal alliance response. That's the hybrid warfare logic applied to a domain that is simultaneously military, civilian, economic, and sovereign. The alliance is responding. The exercise is evidence of that. Whether doctrine and coordination can keep pace with the rate at which adversary electronic warfare capabilities are being demonstrated in live operational conditions is a different question, and the honest answer right now is that it's not obvious they can. foreigninterference.org/post/nato-dron… #foreigninterference #CommunicationJamming #DroneSurveillance #MultiDomainWarfareCoordination #InfrastructureAttacks
English
0
0
0
67
Foreign Interference Research Center
The Soviets didn't need to invent everything. Sometimes they just waited. The State Department's 1986-87 active measures report details how KGB Service A pre-positioned forged documents and fabricated stories in low-scrutiny Third World outlets, then let citation chains launder them into credibility over time. The report notes analysts explicitly flagged this: narratives designed to surface "at an opportune moment," not land immediately. Then Iran-Contra broke, and suddenly Service A had real material to work with. No forgery required. The counter-disinformation program's biggest structural problem wasn't Soviet sophistication. It was Washington's own conduct handing Moscow a free amplifier. foreigninterference.org/post/state-dep… #foreigninterference #DisinformationCampaigns #DocumentForgery #CovertMediaFunding #ForeignInformationManipulation #InfluenceOperations #UnwittingAmplification #CounterDisinformationFrameworkDevelopment
English
0
0
0
15
Foreign Interference Research Center
The Walker family spy ring was prosecuted in 1985. The Pollard arrest was 1985. By 1986, U.S. counterintelligence was supposed to be on alert. Then Michael Hahn Allen, a Navy civilian, was arrested on December 4, 1986, for passing intelligence to the Philippines. He was not an anomaly. He was a data point in a pattern that kept repeating. The Defense Personnel Security Research Center spent years cataloguing what that pattern actually looked like. The resulting work, published through the Defense Technical Information Center, covers American espionage cases from 1947 through 2001. The Wood and Wiskoff study, "Americans Who Spied Against Their Country Since World War II," is not light reading, but it is specific. It names names. It gives dates. It documents what access the person had, what country received the intelligence, and how the relationship began. That last question matters more than it might seem. A significant portion of the cases in the dataset were volunteers. Not people recruited by a foreign intelligence officer who spotted them at a conference or cultivated them over years. People who walked in. Who made contact themselves, without prior approach. This created a real problem for the security apparatus of the 1980s, because the dominant model of insider threat detection assumed a recruitment sequence. You watched for the foreign contact. You monitored for the approach. If someone initiated the relationship from the American side, the tripwires weren't set up to catch it. The Walker case should have forced a reckoning with this. John Walker volunteered. He walked into the Soviet embassy in Washington in 1967 and offered to sell cryptographic key material. He spent nearly two decades delivering Navy communications intelligence before his ex-wife called the FBI in 1984. His son Michael, his brother Arthur, and his friend Jerry Whitworth were all pulled into the ring. The damage to U.S. naval communications security during that period was assessed as severe. Yet the personnel security reforms that followed the 1985 prosecutions did not fully address the volunteer problem. The Allen arrest in December 1986 suggests the lessons were still being absorbed, if they were being absorbed at all. The DTIC research breaks the espionage population down along several axes. Financial motivation was the most common driver across the dataset, but ideology was distinct enough to warrant its own category. Pollard is the obvious example from this period. Jonathan Pollard was a Navy intelligence analyst who passed classified material to Israel beginning in 1984. His stated motivation was ideological, not financial, though he received payment. He was arrested in November 1985 after showing up at the Israeli embassy seeking refuge when he realized he was under surveillance. The Pollard case was disruptive in a specific way because it involved an allied nation, which complicated both the legal proceedings and the diplomatic fallout, and because Pollard's access was unusually broad for a single analyst. The research also examined demographic patterns, specifically the age at which espionage began across different population segments. Volunteers and recruited spies showed different age distribution profiles. This is not a trivial finding. If volunteers tend to initiate contact at different life stages than people who are approached and cultivated, that has implications for where behavioral monitoring should be concentrated and what warning signs are worth taking seriously. The periodic reinvestigation model that was standard in the 1980s, where personnel with clearances were reviewed on a fixed schedule every few years, was poorly suited to detecting either type. Someone could volunteer in the gap between reinvestigations, pass material for years, and face no additional scrutiny unless something else triggered a review. Navy communications and signals intelligence personnel were overrepresented in the 1986 damage picture. This was not surprising after Walker, but it was still happening. The research frames this as a systemic failure of security architecture rather than a failure of individual screeners. That framing matters. When an organization repeatedly misses the same category of threat, the explanation is usually not that the screeners were incompetent. It is that the system was not designed to catch what was happening. The Walker ring had demonstrated that a single recruiter could cascade across family members and associates with different access profiles, multiplying the damage well beyond what any single penetration would produce. The architecture had not been rebuilt to account for that. The Allen case fits the Navy civilian vulnerability pattern directly. He was accessing information relevant enough to transfer to a foreign government, the Philippines in this instance, and the documentation indicates his activity began in 1986 and ended with his arrest in December of that year. The Philippines is not typically the first nation that comes to mind in Cold War espionage discussions, but the cataloguing of all cases regardless of recipient country is part of what makes the DTIC research useful. Espionage is not only a superpower problem. The Defense Personnel Security Research Center's work on these cases eventually fed into the development of continuous evaluation programs, the model where cleared personnel are subject to ongoing automated checks rather than periodic manual reviews. That shift was slow. The bureaucratic and civil liberties arguments against continuous monitoring were real, and the technical capacity to do it at scale did not exist in the 1980s. But the empirical foundation for arguing that the periodic model was failing was being built case by case through exactly this kind of documentation. What the 1986 snapshot shows is an intelligence security community that had just been shaken by one of the worst espionage years in American history and was still operating with the same structural vulnerabilities. The arrests kept coming. The architecture kept missing them until after the fact. The research was being done. The reforms took longer. foreigninterference.org/post/defense-p… #foreigninterference #MilitaryEspionage #AssetRecruitment #IntelligenceSelling #PersonnelSecurityEnhancement
English
0
0
0
64
Foreign Interference Research Center
The Trump administration quietly extended EO 13848 last week, keeping the national emergency on foreign election interference on the books for another year. Fine. The paperwork got signed. What comes next is the part worth watching. The pattern here is not new. You maintain the legal scaffold while quietly removing the workers. EO 13848 gives OFAC designation authority over foreign actors who materially interfere in U.S. elections. That authority now sits in a building where the Global Engagement Center has been shuttered, State Department counter-FIMI programs have been wound down, and the institutional memory for running these cases has largely walked out the door or been shown to it. A sanctions authority without the analytical pipeline to feed it is a filing cabinet with a very serious label on it. So where does this trajectory actually go? The immediate question for the 2026 midterm cycle is whether OFAC designations get used at all under this framework, or whether the emergency declaration functions purely as a legal reserve, something to point at if things go badly enough that someone in Congress starts asking pointed questions. Past administrations used the framework sparingly even when they were trying. The current administration has shown no particular appetite for sanctioning adversaries on election interference grounds. The 2024 cycle produced Iranian indictments (DOJ, not OFAC) and relatively restrained use of the EO 13848 architecture. Expect less in 2026, not more. What that means operationally is that Chinese, Russian, and Iranian influence actors are running their 2026 operations against a degraded detection and response environment. The 2026 Annual Threat Assessment is explicit that all three are active and escalating. That document was produced by the intelligence community and represents the official assessment of the U.S. government. It is not a think tank report or an opposition research product. The administration is simultaneously certifying that the threat exists and continuing to dismantle the programs built to counter it. That is not a contradiction born of confusion. It is a policy choice with a direction. The specific capability gaps matter here, so let's be concrete about them. The Global Engagement Center ran programs to expose and counter foreign state media and influence operations before they achieved domestic amplification. Its closure does not mean the operations it was tracking have stopped. It means the U.S. government is no longer in that lane in any organized way. The actors who were being countered have noticed. The Russian state media ecosystem, which was badly disrupted by coordinated platform action and GEC-supported exposure work in 2020 and 2022, has had roughly two years to rebuild distribution infrastructure, seed new synthetic outlets, and identify amplification vectors that the previous detection regime was not covering well. Iran learned in 2024 that targeting campaign infrastructure directly, the hack-and-leak operation against the Trump campaign that DOJ attributed to IRGC actors, produces a very different kind of political problem for them than pure influence operations. Expect them to recalibrate. The more interesting question for 2026 is whether they attempt something more subtle, focused on state-level races or ballot initiative campaigns where attribution is slower and federal response is structurally weaker. They have shown they can run at that level. The 2020 "Proud Boys" voter intimidation email campaign traced to Iranian actors was not sophisticated tradecraft, but it did not need to be. It generated days of news coverage. China's posture, per the threat assessment, is escalating. The Chinese approach to electoral influence is characteristically patient and focused on specific policy outcomes rather than broad chaos. The 2026 cycle features House and Senate races where Taiwan arms sales, semiconductor export controls, and TikTok-adjacent legislation are live issues. Expect Chinese influence activity to be concentrated around those races and those issues, not distributed generically across the electorate. The mechanism will likely be the same hybrid they have used before: legitimate diaspora community engagement blended with covert amplification, some combination of acquired or influenced media properties, and social media activity that runs close enough to organic political speech that platform enforcement is slow and attribution is contested. The voter database access problem mentioned in the threat assessment context is underappreciated. Criminal forums offering multi-state voter registration data create an infrastructure layer that foreign intelligence services can and do acquire access to, either directly or through cutouts. This is not primarily a hacking problem. Voter registration data is often public or semi-public at the state level, and data brokers aggregate it at scale. The threat model for 2026 is not necessarily foreign actors breaching election infrastructure. It is foreign actors using commercially available or criminally traded voter data to target persuasion and suppression operations with surgical precision, by precinct, by demographic, by issue profile. That is a substantially harder problem to detect and attribute than a network intrusion. The FISA reauthorization complications matter here in a way that does not get enough attention. Collection authorities that support detection of foreign influence operations are not abstract legal concepts. They are the predicate for the intelligence products that would tell OFAC who to sanction, tell FBI who to indict, and tell the intelligence community what to brief Congress. If those collection authorities are constrained or in legal ambiguity heading into the midterm cycle, the detection pipeline gets thinner at the exact moment the threat environment is described as escalating. The administration and Congress are both contributing to this problem from different directions, and neither appears particularly focused on resolving it before November 2026. What should officials and election administrators actually do with this picture? State-level election officials are now operating in an environment where the federal backstop is more limited than it has been at any point since the EO 13848 framework was created in 2018. The Cybersecurity and Infrastructure Security Agency has been through enough turbulence that its relationships with state and local election offices are stressed. The practical implication is that state officials who want real-time threat information and response support cannot assume it will arrive from the federal level in a timely way. The ones who are thinking ahead are building direct relationships with ISAC networks and with university-based election security research programs that have maintained continuity through the institutional disruptions at the federal level. For journalists covering 2026 races: the influence operation playbook for this cycle will front-load activity in primary seasons, not general elections. The goal is to shape who the candidates are before the general election audience is paying attention. Watch for coordinated amplification of fringe primary challengers, synthetic controversy around specific candidates in Taiwan-adjacent or semiconductor-adjacent districts, and what look like organic local media stories that have no obvious local origin. The tell is usually the distribution pattern, not the content. Content can be made to look local. Distribution signatures are harder to fake at scale. For voters, the honest answer is that the information environment for 2026 is going to be noisier and less curated than 2022 or 2020, because the platforms have reduced their trust and safety investments, the government has reduced its counter-interference investments, and the actors running these operations have had time to learn from what worked and what got caught. Source hygiene matters more than it did. That is not a satisfying answer, but it is the accurate one. The emergency declaration will get extended again next year. The legal architecture will remain intact. Whether any of it gets used in a way that actually changes adversary calculus before November is a question this administration has so far given no real indication it intends to answer. foreigninterference.org/post/trump-adm… #foreigninterference #SanctionsFrameworkEstablishment #CounterInterferenceLegislation #ElectionInterference
English
0
0
0
100
Foreign Interference Research Center
Libya was running lethal overseas operations against dissidents in the 1990s and Western governments still hadn't built legal frameworks to stop it thirty years later. Dana Moss's work on the Libyan case is the baseline. Family detention, community infiltration, credibility attacks, funding disruption. The full toolkit, documented, ignored. Every authoritarian that came after, China and Iran and Russia, inherited a playbook that host countries never seriously closed off. The gap wasn't analytic. The research existed in 1995. It was political. foreigninterference.org/post/transnati… #foreigninterference #TransnationalRepression #DiasporaSurveillance #CrossBorderIntimidation #DisinformationCampaigns #IndividualTargeting
English
0
0
0
28
Foreign Interference Research Center
Enrique Arancibia Clavel was still working as an overseas intelligence agent in 1995. That's the detail worth sitting with. Operation Condor, the coordinated program through which the military governments of Argentina, Bolivia, Brazil, Chile, Paraguay, and Uruguay systematically hunted down and murdered political dissidents across national borders, had been "dismantled." Democratic transitions had happened. The juntas were out. And yet a former DINA agent, Chile's secret police, was still running operations in exile communities overseas more than a decade after the formal structure supposedly ceased to exist. That's the core of what the 1995 documentation period reveals about Condor, and it matters for reasons that go well beyond the history. To understand what was still happening in 1995, you need to understand what Condor actually built in the 1970s. This wasn't just a series of bilateral agreements between security services to share names of wanted dissidents. It was an operational architecture: communication protocols, joint interrogation facilities, cross-border surveillance networks, and a shared targeting logic that treated any leftist political exile anywhere in the hemisphere as fair game regardless of what country they were sitting in. The Chilean DINA, Argentina's SIDE and later the 601 Intelligence Battalion, Uruguay's OCOA, and their counterparts built genuine working relationships at the officer level. They knew each other. They trusted each other operationally. They had built procedures together and run operations together. When democratic governments replaced the military regimes, they could restructure or rename the formal agencies. They could not reach into the personal networks those agencies had built and dissolve them. The knowledge, the relationships, the communication habits, the shared understanding of who the targets were and why they mattered: all of that lived in people, not in org charts. And people don't get reorganized out of existence by a civilian government's decree. In 1995, forensic teams were still identifying remains from the operational period of the 1970s and 1980s. One case from that year involved a body so badly mutilated that visual identification was impossible. This is what the scale of the Condor killing machine looked like in concrete terms even decades later: victims still unidentified, families still without answers, forensic investigators still working through what the network had left behind. The identification work itself was documentation of ongoing harm, even if the killings had stopped. But they hadn't entirely stopped in the sense that mattered for ongoing victims. Former Condor network members were providing intelligence to successor security services in the mid-1990s. Think about what that means structurally. A new, democratically-elected government runs a reformed intelligence service. Former operatives from the old regime maintain informal relationships with current officers. Those former operatives are still monitoring exile communities in Europe and North America, people who had fled the juntas and built new lives in France, Sweden, Spain, Mexico, the United States. The information flows back through informal channels to agencies that have a continued institutional interest in knowing what organized Latin American diaspora communities are doing politically. The killing infrastructure may have been mothballed. The surveillance infrastructure was still running. For the people being watched, the practical effect on their lives was real. Former political exiles who had made it out, who had survived, who were now living in host countries and trying to organize politically or publicly advocate around accountability for what had happened to their communities: they knew or suspected they were being monitored. The chilling effect on political activity in those diaspora communities was documented. You don't hold a public meeting the same way when you believe someone in the room is reporting back to an intelligence service connected to the government that killed your friends. The judicial accountability thread running through 1995 adds another layer. The legal cases were beginning to move, slowly, in multiple countries. Courts were starting to hear testimony, documents were emerging, operational details were becoming part of the public record. For surviving perpetrators, this created a direct incentive to suppress witnesses and evidence. The same network that had been used to hunt dissidents could now be used to intimidate survivors and investigators. A secondary function of transnational repression, targeting the accountability process itself. This secondary function would pay off for a while. Then it wouldn't. Augusto Pinochet landed in London in 1998 for back surgery and was arrested on a Spanish warrant. The extradition request was based partly on the framework of crimes committed across national borders, the exact operational logic Condor had pioneered. The architects of a system designed to use international coordination to hunt people down found that same international legal cooperation could be turned around on them. Pinochet ultimately returned to Chile on medical grounds and died in 2006 without being convicted, but the arrest broke something open. The legal proceedings that followed in Chile and Argentina over the next decade resulted in actual convictions for Condor-era crimes. Arancibia Clavel, specifically, was eventually arrested in Argentina and convicted in 2004 for his role in the 1974 assassination of former Chilean army commander Carlos Prats and his wife Sofia Cuthbert in Buenos Aires. An Argentinian court later upgraded the conviction to crimes against humanity. He died in prison in 2011. The trial produced extensive documentation of how DINA operated overseas through civilian agents and cut-outs, which is part of why the 1995 period matters: people like him were still active, and their continued activity was generating ongoing harm to the communities they monitored while also producing evidence that courts would eventually use. The structural insight from all of this is one that anyone tracking modern transnational repression needs to internalize. Formal institutions are not the only carriers of repressive capability. When a state builds a transnational repression network, it is building two things simultaneously: an official apparatus subject to political reform and legal constraint, and an informal network of human relationships and shared operational knowledge that is not subject to any of those constraints. The second thing survives transitions that kill the first. It goes dormant, or it operates below the threshold of official acknowledgment, or it gets absorbed into successor structures in ways that are deliberately obscured. This is the architecture you see again in Russian active measures networks, which blend FSB and SVR formal operations with informal networks of emigrant agents, organized crime figures, and diaspora community intermediaries. It's the architecture behind Iranian intelligence's use of the Basij diaspora networks to monitor and pressure Iranian communities abroad. It's visible in Chinese state security's relationship with overseas student associations and United Front Work Department-linked community organizations in North American and European cities. In each case, the formal state apparatus is only part of the picture. The informal network, built on personal loyalty, shared ideology, financial dependency, or coercion, is often the part that actually reaches into the living rooms of people who thought they had gotten away. Operation Condor's 1995 residual operations aren't a historical curiosity. They're a proof of concept that the architects of every subsequent transnational repression architecture had available to study, whether explicitly or through the structural logic of how these networks survive. The victims still being identified from remains in 1995 are the baseline. The agent still running operations in exile communities that same year is the lesson. foreigninterference.org/post/operation… #foreigninterference #TransnationalRepression #CrossBorderIntelligenceOperations #DiasporaSurveillance #CoordinatedAssassination #LegalWeaponization
English
0
0
1
142