Foreign Interference Research Center

2.9K posts

Foreign Interference Research Center banner
Foreign Interference Research Center

Foreign Interference Research Center

@ForIntOrg

Tracking and analyzing foreign interference worldwide.

Washington, D.C. Sumali Mayıs 2022
225 Sinusundan1.4K Mga Tagasunod
Foreign Interference Research Center
The 2007 ONCIX report is blunt: the U.S. is the top target for state-sponsored economic espionage, full stop. Multiple foreign intelligence services running coordinated ops against defense contractors, research institutions, tech companies. The goal is simple, steal what took Americans decades and billions to build. Skip the R&D bill, collect the prize. foreigninterference.org/post/u-s-remai… #foreigninterference #EconomicCoercion #TechnologyTransfer
English
0
0
1
17
Foreign Interference Research Center
Beijing's playbook in the Philippines isn't subtle: Chinese nationals run the operation, Filipino recruits provide the access, and everyone pretends the two tiers are unconnected. Philippine counterintelligence caught the pattern anyway. First the handlers, then the locals. The Marcos government's decision to deepen U.S. basing rights handed Beijing's services a motive, and apparently they acted on it fast. What's notable across Week 26's digest is how consistent the architecture is. Japan, Taiwan, the Philippines. Different targets, same two-tier structure. Industrial scale is the right phrase for it. foreigninterference.org/post/spy-news-… #foreigninterference #AssetRecruitment #CorporateInfiltration #CommunityBasedIntelligenceOperations #GovernmentInfiltration #DeepCoverOperations
English
0
0
0
16
Foreign Interference Research Center
Section 702 has been quietly renewed again, this time on a short-term basis, and the pattern here is worth sitting with before the legislative machinery grinds forward again. The authority itself targets foreign nationals located outside the United States. That is the statutory premise. What makes it genuinely complicated, and genuinely contested, is that foreign communications frequently involve American interlocutors, pass through American infrastructure, and get swept into the collection apparatus as a result. "Incidental" is doing a lot of legal work in that sentence, and critics are not wrong to pull at that thread. The FBI made this harder to defend. Repeated documented misuse of Section 702 query authorities, specifically running searches for American communications without individual warrants, gave the civil liberties coalition something concrete to point to beyond abstract Fourth Amendment concerns. That coalition is not ideologically coherent in the normal sense. It includes the ACLU crowd and a meaningful slice of congressional Republicans who read the same FBI audit findings and arrived at the same place through a different door. Clean reauthorisation was never going to happen after those findings became public, and it did not. So instead Congress does what it does when it cannot resolve a structural disagreement: it extends, defers, and hopes the next Congress figures it out. That strategy has operational costs that are rarely discussed with any specificity in the coverage of these votes. Intelligence agencies doing long-range collection planning against foreign targets need statutory certainty. Short-term extensions create planning horizons that are, to put it plainly, incompatible with the timelines of serious collection operations. You do not build a sustained collection architecture against MSS front companies or FSB-linked infrastructure on a foundation that requires reauthorization every few months. Assets, relationships, technical access, all of it requires sustained legal authority to sustain the operational investment. The adversary angle on this is underappreciated. Russian and Chinese intelligence services monitor U.S. legislative cycles not as an academic exercise but as an operational input. Periods of statutory uncertainty about Section 702 are periods where sophisticated foreign services have an empirical basis for adjusting their communications security posture. They know American collection continuity is in question. They act accordingly. The intelligence community's argument that restriction or gap in 702 authority creates blind spots exactly when adversary activity is peaking is not spin. The documented escalation in Chinese infrastructure targeting and Russian election interference operations is not in dispute, and the timing correlation with legislative uncertainty is a real operational problem even if it gets flattened into a talking point by the agencies pushing for clean reauthorization. The FISA Court oversight mechanism is the other piece that keeps not getting resolved. Critics of Section 702 have argued, with supporting evidence, that the Court's ex parte review process is structurally unsuited to serving as a genuine check on query practices. The Court reviews targeting and minimization procedures but does not have the adversarial input that might catch the pattern of misuse the FBI was running. Defenders of the current architecture argue that adding warrant requirements for 702 queries involving Americans would functionally cripple the tool's utility by slowing response times in exactly the scenarios where speed matters. Both of those things can be true simultaneously. Congress has not found the procedural architecture that threads that needle, which is why it keeps not finding a long-term reauthorization. The 2026 midterm environment is going to make this harder, not easier. These debates are already being inflected by partisan dynamics that have less to do with the actual surveillance architecture than with which coalition gets to claim the civil liberties win. That is not new, but it tends to produce bad legislation when it drives the process. The underlying tension is real and is not going to resolve itself through additional short-term extensions. The FBI query problem requires a structural fix, not audits and promises. The FISA Court oversight gap requires institutional reform with actual adversarial input. The incidental collection question requires a statutory clarification of what "incidental" is permitted to encompass before it becomes something the Fourth Amendment no longer tolerates. None of that is in a short-term extension. All of it accumulates as unresolved debt on the long-term reauthorization ledger. The intelligence community is right that Section 702 is genuinely productive. The critics are right that the current oversight architecture has documented failures. The question is whether Congress has the institutional capacity to hold both of those things at once and produce legislation that addresses them. The track record on that is not encouraging. foreigninterference.org/post/u-s-senat… #foreigninterference #LegalAuthorizationExpansion #MassSurveillanceOperations #CounterintelligenceOperations #LegislativeSurveillance
English
0
0
1
13
Foreign Interference Research Center
Canada's Government House leader said in late June 2026 that he "expects news" on a public inquiry into foreign interference "very soon." That's the statement. After years of classified CSIS assessments, parliamentary committee reports, and sustained opposition pressure, the Carney government appears to be moving toward actually formalizing accountability for what Canadian intelligence has documented about foreign state operations in Canadian politics. The backstory matters here, so let's go through it properly. CSIS assessments documenting Chinese government attempts to influence federal elections have been circulating in classified form for years. The National Security and Intelligence Committee of Parliamentarians (NSICOP) and the National Security and Intelligence Review Agency (NSIRA) have both produced reporting, some of it public, on the scale of these operations. What they've documented is not subtle: attempts to support preferred candidates, interference in nomination processes, and transnational repression targeting diaspora communities in Canada. The interference file expanded beyond electoral manipulation to include revelations about the NDP leadership race, questions around Chinese-linked political donation networks, and CSIS warnings that multiple Canadian parties were vulnerable to foreign state cultivation at the nomination level. None of that produced a formal public inquiry. What it produced was classified briefings that frustrated parliamentarians who couldn't discuss them publicly, oversight reports that documented serious problems without generating binding accountability, and a years-long political argument about whether existing mechanisms were sufficient. Critics said they weren't. The government of the day generally resisted a formal inquiry. That resistance accumulated its own political cost. The architecture of whatever gets announced will matter as much as the announcement itself. A few specific design questions will determine whether this inquiry has real teeth. First: will it have full access to classified CSIS assessments, or will intelligence agencies be able to wall off material on source-and-method grounds? That tension is not hypothetical. Previous attempts to give parliamentarians access to classified interference assessments ran into classification barriers that effectively neutered the accountability function. An inquiry that can only see sanitized summaries is an inquiry that cannot hold anyone responsible for decisions made on the basis of actual intelligence. Second: will testimony from intelligence officials and political figures be public or in camera? The public accountability argument for this inquiry rests heavily on sunlight. An inquiry conducted substantially behind closed doors would satisfy almost none of the pressure that generated it. Third: does the mandate extend beyond Chinese interference? Canadian intelligence reporting has documented operations by Iranian, Indian, and other state actors targeting Canadian political processes and diaspora communities. India's operations against the Sikh community in Canada have been particularly documented and politically charged given the broader Canada-India relationship collapse following the Nijjar killing. An inquiry scoped narrowly to China, while perhaps more politically convenient, would produce an incomplete and somewhat misleading picture of the actual threat environment. These aren't abstract design preferences. Each choice represents a real decision about how much accountability the government is actually willing to absorb, versus how much it wants to appear to absorb. The comparative context is worth keeping in mind. Australia implemented the Foreign Influence Transparency Scheme after its own sustained public reckoning with Chinese Communist Party influence operations. The UK's Russia Report, produced by the Intelligence and Security Committee, documented FSB operations and the British government's failure to investigate them adequately, and that report's release was itself delayed in ways that became a political scandal. European states including Germany, the Netherlands, and others have commissioned parliamentary investigations into foreign interference operations from multiple state actors. Canada has watched all of this happen and until now has produced the oversight bodies and the classified reporting without the formal public inquiry that allies have used to create public records, assign accountability, and generate legislative responses. The Canadian trajectory has been slower, partly because the politics of accusing a major trading partner of election interference are genuinely complicated, and partly because previous governments judged the political risk of a public inquiry to be higher than the political risk of not having one. That calculation appears to have shifted. A "very soon" signal from the House leader in late June 2026 does not guarantee a well-designed inquiry. It guarantees an announcement. The announcement will be scrutinized immediately by opposition parties, civil society groups, and journalists who have been tracking this file for years and who know exactly what questions to ask about scope, mandate, access, and independence. The gap between what gets announced and what those observers conclude it actually does will tell you most of what you need to know about whether this resolves anything. foreigninterference.org/post/canada-s-… #foreigninterference #ElectionInterference #PoliticalInfiltration #InfluenceOperations #TransnationalRepression #CounterInterferenceLegislation
English
0
0
1
37
Foreign Interference Research Center
UNICRI just announced the fourth edition of its Summer School on Misinformation, Disinformation, and Hate Speech, running July 6-10, 2026, hybrid out of Rome. Fourth edition means this is no longer an experiment. They're locking it into the curriculum. The detail worth sitting with is where this is housed. UNICRI is the UN's criminal justice and crime research institute. Not a media literacy NGO. Not a journalism school. The fact that this programme lives there is itself a policy statement: disinformation is now formally in the same institutional neighborhood as transnational crime and security threats. That framing has real downstream consequences for how governments build their response architectures. So what does the trajectory look like from here? The shift from "media literacy problem" to "criminal justice and national security challenge" has been happening gradually for a few years, but formalising it inside the UN system is different. It creates pressure on member states to align their own domestic frameworks. Countries that have been treating FIMI as purely a platform moderation issue, or a journalism education issue, are going to face increasing institutional friction if they don't develop law enforcement and intelligence-side capacity to match. That's a slow process, but UNICRI running this annually is part of what normalises the expectation. The hybrid format is doing something specific. In-person in Rome plus global online access isn't just a pandemic-era convenience they forgot to roll back. It's a capacity-building pipeline aimed explicitly at practitioners in regions where Russian and Chinese information operations have operated with significantly less resistance. Sub-Saharan Africa, Southeast Asia, parts of Latin America: these are environments where the counter-interference infrastructure is thin, platform enforcement has been deprioritized (Meta's own transparency reports have documented the disparity in non-English content moderation), and the local civil society organisations that would normally serve as early detection nodes are underfunded and understaffed. Graduates of these programmes go back to government agencies, courts, regulatory bodies. That's the point. The 2026 cohort is going to be operating in a genuinely chaotic information environment. The U.S. midterm cycle will be in full swing. The U.S.-Iran conflict has already generated an active information warfare layer, and the disinformation operations around that conflict have been running hot since the first strikes. AI-generated synthetic content has dropped the production cost for influence operations to near zero for any actor with moderate technical capacity, which means the volume problem is getting worse faster than the detection infrastructure can scale. Practitioners walking into that summer school in July 2026 won't be doing historical case studies. They'll be dealing with live operational conditions. Here's what I'd watch for as a direct result of this institutionalisation trend: The legal and definitional pressure is going to intensify. One of the core problems in prosecuting or sanctioning state-sponsored disinformation is that the legal frameworks in most jurisdictions weren't built for it. You can sanction individuals for specific acts, but coordinated inauthentic behaviour spread across hundreds of fake accounts operated by a state intelligence service doesn't map cleanly onto existing criminal statutes in most countries. UNICRI bringing together law enforcement practitioners, researchers, and policymakers in the same room, repeatedly, with a criminal justice framing, is going to accelerate the push for cleaner legal definitions. Expect more proposals at the EU level (the Foreign Information Manipulation and Interference framework is already further along than anything in the U.S.) and some movement in national legislation in the countries whose officials attend. The Global South capacity gap is going to become a more explicit strategic battleground. Russia and China have both invested heavily in information operations targeting African, Southeast Asian, and Latin American audiences precisely because the counter-interference environment is weaker there. Wagner's Africa-focused operations, documented extensively by the Stanford Internet Observatory and the EU DisinfoLab, exploited exactly this gap. Programmes like this one are part of the international community's belated recognition that you can't defend democratic information environments only in Brussels and Washington while leaving the flanks open. Whether the capacity building actually keeps pace with the offensive operations is a different question, and the honest answer is: not yet, not even close. The private sector pressure will increase. Platforms have been able to treat content moderation in lower-priority markets as a resource allocation problem. That calculus gets harder as more governments have officials trained in FIMI-specific frameworks, because those officials ask different questions in regulatory conversations. They're not asking about community standards violations. They're asking about coordination infrastructure, account network analysis, and attribution. That's a different conversation, and platforms are not uniformly prepared to have it. One thing that doesn't get said enough: the people who attend these programmes matter. Not in an abstract "capacity building is good" way, but specifically. The analyst at a West African electoral commission who goes through a UNICRI summer school and learns how to read a coordinated inauthentic behaviour disclosure report is going to make different decisions during the next election in her country than she would have otherwise. Multiply that by a few hundred practitioners a year across a few years and you actually start to shift the baseline. It's slow. It's not dramatic. But it's the mechanism by which international norm-setting eventually becomes operational capacity. The counter-move from the actors being targeted by this capacity building is already visible. Russia and China have both invested in their own counter-narratives around "information sovereignty," framing Western counter-disinformation efforts as censorship infrastructure. That framing has real purchase in some of the same Global South contexts where UNICRI is trying to build capacity. It's not a coincidence that RT and CGTN have been expanding their footprint in exactly those regions while simultaneously pushing the narrative that Western fact-checking and platform enforcement are forms of ideological control. The competition for the definitional frame, what counts as disinformation versus what counts as sovereign information policy, is going to run alongside the technical and legal capacity building, not separately from it. The summer school being in its fourth edition is, on its own, a mundane administrative fact. The trajectory it represents is not. foreigninterference.org/post/unicri-la… #foreigninterference #CounterDisinformationFrameworkDevelopment #DisinformationCampaigns #ForeignInformationManipulation
English
0
0
0
45
Foreign Interference Research Center
The 1998 State Department press archive is not exciting reading. It should be. Bosnia, Afghanistan, the former Soviet space: U.S. diplomats were watching the same playbook across three separate theaters simultaneously. Proxies standing in for external patrons. Election boycotts coordinated from outside the country. ISI and Taliban. Russia's ruble collapsed in August and its intelligence services got more active, not less. What the record shows is that the tools for responding were basically rhetorical. Bilateral pressure. Public statements. The sanctions architecture and multilateral frameworks came later. The interference didn't wait. foreigninterference.org/post/state-dep… #foreigninterference #ElectionInterference #InfluenceOperations #ProxySupport #GovernmentDestabilization #DiplomaticCoercion #RegionalInfluenceOperations
English
0
0
0
16
Foreign Interference Research Center
June 30, 2026. Meta's Oversight Board announces it is formally scrutinizing Iranian state-backed influence operations on the platform. That date matters because it lands in the middle of an active U.S.-Iran military conflict, which is not a coincidence and not a neutral context. Here is what the Board is actually looking at. Iranian state media and affiliated accounts have been running coordinated campaigns against American domestic audiences throughout the June 2026 escalation. The goal is straightforward: shape how Americans perceive the conflict, erode confidence in the Trump administration's military credibility, and do it through Facebook and Instagram at scale. Meta's own threat intelligence teams have documented this. Independent researchers have documented this. It is not a contested premise. The specific question before the Board is whether Meta's content decisions in this environment were appropriate enforcement or overreach. That framing is worth sitting with for a second. When a state actor is running an active information warfare campaign during a shooting conflict, and a platform takes action against it, the Oversight Board's job is to evaluate whether the platform went too far. That is the system working as designed. Whether it is the right design for this threat environment is a different question. Iranian networks have gotten good at this. The operational security has improved considerably over the years. Coordinated inauthentic behavior is harder to attribute cleanly when the networks are disciplined about compartmentalizing accounts, varying posting patterns, and using enough authentic-seeming activity to create legal and reputational risk for anyone who moves to take them down. Meta faces a genuine problem: act too aggressively and you hand the regime a propaganda win about censorship; act too cautiously and the campaign runs. Iranian state media understands this dynamic and exploits it deliberately. The Oversight Board was built to handle contested individual content decisions, not to adjudicate the upstream enforcement philosophy of a platform operating inside an information war. Its jurisdiction over questions like "how aggressively should Meta pursue CIB networks linked to a foreign government during an active military conflict" is genuinely murky. The Iran case may push the Board into territory it was not originally designed to occupy. That is not a criticism, it is just the reality of what happens when independent governance structures meet adversarial state actors who have studied those structures carefully. What comes out of this matters beyond the immediate case. November 2026 midterms are on the calendar. European regulators running Digital Services Act enforcement are watching platform consistency on foreign information manipulation as a live compliance question. U.S. election security officials want to know whether Meta's enforcement holds up or whether influence operations can use the Oversight Board process as a tool to slow enforcement, challenge removals, and buy operational time. That last scenario, where adversaries learn to weaponize appeals and review mechanisms, is the one that keeps people up at night. Iranian state-linked networks targeting diaspora communities is not new. The suppression of counter-regime content through coordinated reporting campaigns has been documented for years. Amplifying regime narratives to Persian-speaking audiences abroad is a long-running operation. What is new is the Oversight Board being asked to weigh in on enforcement decisions made during an active shooting conflict between the U.S. and Iran, with midterm elections five months out. The precedent being set here is real. Independent platform governance intersecting with live national security questions is not something most governance frameworks anticipated at this scale. Whatever guidance the Board produces will land in a document that researchers, regulators, foreign governments, and adversarial state actors will all read carefully. foreigninterference.org/post/meta-over… #foreigninterference #ComputationalPropaganda #ForeignInformationManipulation #StateMediaCoordination #DisinformationCampaigns #PlatformTakedown
English
1
0
0
101
Foreign Interference Research Center
The August 1998 embassy bombings and the U.S. retaliatory strikes matter less as a historical event than as a template. What happened: al-Qaeda simultaneously detonated truck bombs outside U.S. embassies in Nairobi and Dar es Salaam on August 7, killing over 220 people, and thirteen days later the Clinton administration hit Afghan training camps and the Al-Shifa plant in Sudan. Now look at what that sequence actually produced. Start with the attribution problem, because it's the part that keeps recurring. Berger said at the August 20 press conference that "further intelligence strengthened the case" while military preparations were already underway. That's not a small detail. Strike decisions ran parallel to intelligence consolidation, not downstream of it. The administration wasn't lying, exactly. They believed what they were saying. But the sequence mattered enormously because it meant the public case was being constructed while the operational machinery was already moving, which creates structural pressure to fit the evidence to the decision rather than the other way around. Al-Shifa is what happens when that pressure meets an ambiguous soil sample and a facility whose owner had every reason to deny weapons connections. Sudan then spent years using the contested strike as a diplomatic lever. The information warfare benefit flipped. This is the trajectory worth watching: states and non-state actors have learned, explicitly, that contesting U.S. intelligence assessments used to justify strikes is its own strategic tool. You don't have to win the factual argument. You just have to generate enough ambiguity that the attribution loses political force. That lesson got absorbed. We saw it in the debates over Syrian chemical weapons strikes. We've seen it in the long tail of disputes over drone strike casualty counts. The playbook now includes proactive information operations designed specifically to preempt attribution credibility before the first press conference happens. The simultaneous coordination across Nairobi and Dar es Salaam, cells separated by hundreds of miles running synchronized operational security without detection, was a serious intelligence failure. The 9/11 Commission documented it thoroughly. But the more interesting analytical thread is what that coordination demonstrated about network architecture. Al-Qaeda in 1998 was running overt organizational infrastructure in Afghanistan and Sudan alongside covert operational cells in East Africa, all under active signals intelligence collection, and the cells didn't surface. The lesson drawn by successor organizations and state sponsors paying attention was that compartmentalization worked, and the lesson drawn more recently has been that digital compartmentalization (encrypted comms, operational separation between financing and logistics and execution nodes) can extend that model further than the 1998 version could manage. The 9/11 Commission traced analytical continuity from the embassy bombings directly to the August 6, 2001 PDB warning about bin Laden's intent to strike inside the United States. Three years of dots. The intelligence community had the thread but couldn't pull it fast enough. What changed between 1998 and now is volume, not structure. The analytical challenge of connecting transnational cells running under signals collection without surfacing has gotten harder, not easier, because the surface area is larger and the encryption is better. For defenders watching this trajectory, the specific thing to track is how attribution contestation has professionalized. In 1998, Sudan's counter-narrative was reactive and largely diplomatic. It worked in a limited way but required resources most actors didn't have. Current state actors (Russia after Salisbury, Iran across various proxy operations) run proactive attribution interference as a standard feature of the operation, not a cleanup step afterward. You see coordinated messaging timed to break within hours of an incident, designed to flood the zone before official attribution can consolidate public opinion. The goal isn't to convince sophisticated analysts. It's to give domestic political audiences in Western countries a permission structure to doubt. That's a calibrated operation, and it's been refined considerably since the Al-Shifa controversy showed what was possible. The transnational architecture point deserves more attention than it usually gets. In 1998, the analytical frame for counterintelligence was still primarily state-to-state. The CIA, NSA, and FBI were structurally optimized for Soviet-style state competition. Al-Qaeda's architecture was designed, whether deliberately or by necessity, to exploit exactly the seams in that framework. The organization spanned Afghanistan, Sudan, Kenya, Tanzania, and multiple European support nodes simultaneously, using a mix of legitimate organizational presence and covert cells. Traditional counterintelligence had no good model for this. The response, post-9/11, was to build new institutional structures (the NCTC, fusion centers, the entire IC reorganization) to address the gap. Here's what hasn't been adequately addressed: the hybrid version of that architecture, where a state actor provides resources, cover, and occasionally operational direction to a nominally non-state network specifically to exploit the attribution ambiguity the non-state label provides. Iran and Hezbollah are the clearest case. Russia and various cutout organizations are another. The 1998 moment matters because al-Qaeda demonstrated the vulnerability, but the exploitation of that vulnerability by state actors running plausible-deniability networks is the current threat. Attribution to a non-state actor, even correct attribution, doesn't close the loop if a state three steps back in the logistics chain is insulated from consequences. Officials and election-adjacent watchers should focus on two near-term indicators. First, watch whether states that have observed the Al-Shifa lesson begin investing more explicitly in pre-positioning counter-attribution assets inside Western information environments before they conduct operations, not after. The shift from reactive to proactive information operations in the attribution space is already partially visible. The next development is tighter integration between the operational cell and the information warfare cell, so that counter-narrative infrastructure is seeded into target-country media and political networks before the operation executes, leaving no clean window for attribution to stick. Second, watch for the hybrid architecture to migrate further into cyber operations, where the non-state cutout model is already mature and attribution is technically harder. The 1998 template showed that a non-state actor with state-level logistics could generate strategic effects while complicating response options. That architecture, adapted for cyber and influence operations with state backing and non-state cover, is the version intelligence services are currently trying to track and mostly finding difficult. The Berger-Albright press conference is a useful artifact not because the Clinton administration did something uniquely wrong but because it shows the structural problem clearly. You're trying to make a classified intelligence case publicly credible fast enough to shape international opinion, justify legal authority, and deter the next attack, all simultaneously. That tension hasn't gone away. It's gotten more acute because the information environment is faster, the adversaries have studied the pressure points, and the domestic political cost of getting it wrong has risen. Any future administration facing a comparable moment is going to face exactly the same tradeoff between moving quickly and getting it airtight, except the counter-attribution operation will already be running before they call the press conference. The 9/11 Commission found that intelligence from the 1998 response period informed the analytical thread that eventually surfaced in the August 2001 PDB. The dots were there. What that tells you about the current environment is that the dots are almost certainly there on the next event too. The question is always the same: whether the institutional structure, the analytical frameworks, and the political will to act on ambiguous but accumulating signals are in place before the operation executes. In 1998, they weren't quite. The commission documented what that cost. foreigninterference.org/post/u-s-strik… #foreigninterference #DisinformationCampaigns #InfluenceOperations #CoordinatedCyberWarfare #InformationDomainOperations
English
0
0
0
38
Foreign Interference Research Center
The BfV dropped its annual report in July 2026 and the picture it paints is not subtle. Four distinct adversary vectors, all active on German soil at the same time. Russian saboteurs. Chinese intelligence operatives. Iran-backed militant networks. Domestic neo-Nazi cells with potential foreign connections. The Germans are dealing with all of it simultaneously, and they're now saying so publicly. Start with Russia, because Russia is the most kinetic. The BfV documents active Kremlin recruitment of saboteurs inside Germany. Physical disruption operations targeting logistics infrastructure, railway networks, and defense industry facilities. This has been going on since the full-scale invasion of Ukraine in 2022, but Germany is a particular priority because it became the primary logistics hub for Western military assistance to Kyiv. You move weapons through Germany, Germany becomes a target. The recruitment model is worth understanding: the BfV is not just talking about GRU officers operating under diplomatic cover. It's Russian-directed recruitment of German residents, including diaspora community members with economic vulnerabilities, as witting or unwitting sabotage assets. Some of these people know what they're doing. Some probably think they're doing something smaller than they actually are. Either way, the effect is the same. German intelligence is calling this hybrid warfare, and they're explicitly noting that it blurs the line between intelligence operations and acts of war. That framing is deliberate and it matters. The China section is less dramatic but in some ways more structurally damaging. Escalating Chinese espionage targeting German technology companies, research institutions, and political networks. Germany's advanced manufacturing sector is the main target. Automotive, chemical, precision engineering. The goal is dual-use technologies and proprietary production methods, meaning the kind of industrial knowledge that takes decades and enormous capital investment to develop organically. Chinese state-sponsored actors are acquiring it through espionage instead. The BfV assessment here tracks closely with Five Eyes warnings and European partner reporting. This is not a new problem but the BfV is documenting continued escalation, not stabilization. Germany's specific exposure is structural: it has exactly the kind of high-value industrial knowledge base that Beijing's strategic competitive priorities require, and it has been somewhat slower than Anglo-American partners to fully reckon with the scale of the penetration. Iran is the section that reflects the most recent geopolitical turbulence. The BfV identifies Iran-backed Islamist networks operating in Germany as a growing threat, specifically linking the threat elevation to the 2026 U.S.-Iran military exchange and subsequent Iranian proxy activation across the Middle East and Europe. Tehran's European architecture works two ways simultaneously. European diaspora communities are surveillance targets, meaning Iranians living in Germany who are dissidents, activists, or simply people the regime wants to monitor. And they're potential operational assets, meaning people Tehran can pressure, recruit, or activate for external operations. The BfV is documenting this as transnational repression combined with external operations capability. That combination is what makes the Iranian threat distinct from a pure espionage threat. It's coercive, it reaches into immigrant communities, and it can turn lethal. A few things stand back from the specifics. Germany publishing this at the level of detail it has is itself a policy choice. Intelligence services don't typically volunteer detailed threat assessments to the public. When they do it in this much specificity, they're doing several things at once: hardening public resilience, warning potential recruitment targets, signaling to adversaries that their activities have been observed, and contributing to a coordinated European posture of intelligence transparency that partners have been building toward. This isn't Germany panicking. It's Germany being deliberate about making the threat landscape legible to its own citizens and to allied governments. The convergence is the real headline. Each of these threat vectors would be a significant intelligence problem on its own. Running counterintelligence against Chinese economic espionage while simultaneously trying to detect and disrupt Russian sabotage networks while tracking Iranian proxy activation while monitoring domestic extremist networks with potential foreign connections requires enormous institutional bandwidth. Germany's domestic intelligence service is effectively operating on a four-front internal security problem. The report's publication is an acknowledgment that the public needs to understand this is the environment they're in. foreigninterference.org/post/germany-s… #foreigninterference #CyberEspionage #IndustrialSabotage #AssetRecruitment #TradeSecretTheft #TransnationalRepression
English
0
0
0
27
Foreign Interference Research Center
China's ambassador just walked into ASIO's house and called ASIO a liar. Publicly, in Canberra, on behalf of Beijing. Mike Burgess has spent years building a deliberate transparency strategy around foreign interference, explaining it plainly to Australians rather than keeping it in classified drawers. That's exactly what this attack targets. Not the intelligence itself, the credibility of the people presenting it. The coercion is the point. Bilateral relationship at risk, the ambassador says. Retract, or pay a price. foreigninterference.org/post/china-s-a… #foreigninterference #AntiInterferenceRhetoric #DiplomaticCoercion #DisinformationCampaigns
English
0
0
0
22
Foreign Interference Research Center
Most spies during this period weren't recruited. They walked in. That's the central finding buried in the Defense Personnel Security Research Center analysis archived through DTIC and the DNI's National Counterintelligence and Security Center, and it matters more than it might initially seem. Volunteer rates ran between 79 and 85 percent across rank categories, from lower enlisted grades through the officer corps. The foreign intelligence services weren't hunting these people down. American servicemembers and cleared civilians were proactively approaching Soviet handlers, often with material already in hand. The counterintelligence community in the early 1980s was structured around a fundamentally different assumption: that the KGB and GRU were the active party, identifying targets, cultivating relationships, and eventually pitching them. Catch the foreign intelligence officer, disrupt the recruitment pipeline, protect the cleared workforce. Standard doctrine. The PERSEREC data said that model was backward. The threat wasn't coming from the outside in. It was already inside, sitting on its own motivations and waiting for an opportunity. This is the kind of finding that sounds obvious in retrospect and was apparently very difficult to act on in real time. The motivation shift is equally significant. During the 1940s and 1950s, the dominant driver was ideology. The Rosenbergs, Alger Hiss, the Cambridge Five on the British side, these were true believers who understood themselves to be advancing a cause. Whatever you think of their politics, there was a coherent internal logic to what they were doing. By 1982, that framework had largely collapsed. The PERSEREC analysis establishes financial motivation as the primary driver in this later period. Not principle. Not grievance with American policy. Not coercion or blackmail, at least not predominantly. Money. Personal financial stress combined with access to classified material had become the defining high-risk profile. That requires a different response than the ideological threat model. You can't screen for financial desperation the way you screen for Communist Party membership or foreign contacts. People's financial circumstances change after they're cleared. The behavioral indicators are subtler and more dynamic. The cases active around the 1982 period illustrate the pattern clearly enough. Edwin Gibbons Moore II was a CIA officer whose espionage ran 1976 to 1977, reflecting the broader penetration operations Soviet services had been running against the intelligence community throughout the late 1970s and into the early 1980s. Samuel Loring Morison was a Navy civilian analyst who began passing classified imagery intelligence in 1984. Morison is worth pausing on because he's a genuinely strange case: he leaked photographs from a KH-11 satellite showing a Soviet aircraft carrier under construction at the Nikolayev shipyard, and he passed them not to a foreign government but to Jane's Defence Weekly, where he also worked as a part-time editor. The motivation wasn't straightforwardly ideological or straightforwardly financial. It was something messier, a combination of wanting recognition in his professional field and believing the information should be public. He was convicted under the Espionage Act in 1985, the first person to be convicted under that statute for leaking to the press rather than a foreign power, and he received a presidential pardon from Clinton in 2001. The Morison case is a useful reminder that the PERSEREC categories, tidy as they are, don't fully capture the range of human rationalizations people bring to betrayal. Still, as a statistical framework for the broader population of espionage cases, financial motivation really did dominate. What came after 1982 bore this out completely. John Walker had been spying for the Soviets since 1967, but the ring he operated, which included his brother Arthur, his son Michael, and Jerry Whitworth, was discovered in 1985. Walker's motivation was essentially entrepreneurial. He treated the relationship with Soviet intelligence as a business arrangement, recruited family members as subagents, and ran it for nearly two decades. Robert Pelton, a former NSA employee, approached Soviet intelligence in 1983, motivated by financial difficulties following his bankruptcy. He was arrested in 1985. Edward Lee Howard, a CIA officer dismissed from the agency in 1983, walked into the Soviet embassy in Vienna and began providing information about CIA operations in Moscow. He fled to the Soviet Union before the FBI could arrest him, in 1986, and died there in 2002. All three cases fit the volunteer-financial archetype the PERSEREC research had identified. None of them were recruited in the traditional sense. None were ideological converts. All of them initiated contact themselves, and all of them were substantially motivated by money or financial grievance. The Reagan administration used the PERSEREC data framework to develop enhanced security clearance procedures during this period. The Personnel Reliability Program for nuclear weapons custodians drew directly on this research. The idea was to systematize behavioral monitoring in ways that could catch the internally-driven threat that the old recruitment-focused counterintelligence model was poorly positioned to detect. Whether those procedures were adequate is a separate question. The Walker ring had been active for eighteen years when it was finally rolled up, and it was surfaced not by counterintelligence work but by Walker's ex-wife contacting the FBI. Pelton was identified after a Soviet defector provided information. Howard escaped entirely. The apparatus that PERSEREC's analysis was meant to improve kept getting beaten by luck, defectors, and personal animosities rather than systematic detection. That's the thing about the volunteer problem. If you're waiting to catch a foreign intelligence officer running a recruitment operation, you have an external event to detect. If the threat is a cleared employee who has already decided to make contact and is doing so on their own initiative, the detection window before damage is done is extremely narrow. The PERSEREC framework moved counterintelligence thinking toward monitoring internal behavioral indicators, which was the right direction. But the gap between having the right analytical framework and actually catching people before they cause serious damage remained wide throughout the decade. The Andropov era context matters here too. Yuri Andropov became General Secretary in November 1982 after fifteen years running the KGB. He knew the intelligence game at a granular level in a way none of his recent predecessors had, and Soviet intelligence operations in the early 1980s reflected institutional sophistication and operational tempo that made the American volunteer problem more consequential. You didn't need to mount a risky recruitment operation when cleared Americans were approaching Soviet residencies on their own schedule. The KGB's counterpart problem was vetting and managing a flood of walk-ins and volunteers, some genuine, some dangled by U.S. counterintelligence. Andropov's KGB was experienced at that problem. The intelligence services of a country that had spent decades worrying about internal enemies knew something about distinguishing genuine traitors from provocateurs. The PERSEREC analysis is a period document. It reflects what was known and thinkable in 1982 about American espionage patterns, and its limitations are real. The sample sizes for some categories are small. The categories themselves reflect the assumptions of the era. But the core finding, that the cleared workforce was generating espionage cases from within rather than being victimized primarily by external recruitment, held up. The 1985 arrests confirmed it. The post-Cold War cases would continue to confirm it. Aldrich Ames approached Soviet intelligence in 1985. Robert Hanssen started in 1979. Both volunteers. Both financially motivated in significant part, though Hanssen's psychology was genuinely more complex. The volunteer problem didn't go away when the Soviet Union collapsed. It just acquired new recipients. foreigninterference.org/post/defense-p… #foreigninterference #AssetRecruitment #MilitaryEspionage #IntelligenceSelling #PersonnelSecurityEnhancement
English
0
0
0
94
Foreign Interference Research Center
Yuri Andropov ran the KGB for fifteen years before he ran the Soviet Union. That fact alone tells you something about what November 1982 was going to look like. Brezhnev died on November 10th. Andropov was confirmed as General Secretary on the 12th. The speed of it was not accidental. The man had spent 1967 to 1982 building the apparatus, the networks, the doctrine. He didn't need a transition period. He already knew where everything was. The CED Museum's 1982 timeline is interesting precisely because it's contemporaneous. It's not retrospective analysis cleaning things up for a tidy narrative. It captures what the technology and security landscape actually looked like during those October-November weeks, before anyone knew how the Andropov period would unfold or what the intelligence community's concerns would later be validated as. And the landscape was genuinely complex. You had Reagan's arms reduction overture from the Eureka College address in May sitting awkwardly alongside NATO missile deployment debates that were tearing up European parliaments. The nuclear freeze movement hit its political peak in November 1982, ballot initiatives across multiple U.S. states, parliamentary pressure building in West Germany and the Netherlands. Moscow was not unaware of this. Active measures operations had been feeding that pressure for years. The technology piece is where the timeline becomes most useful for understanding the period's actual stakes. Personal computing, semiconductors, telecommunications: all of it was moving fast in 1982, and Soviet intelligence was not watching from the sidelines. KGB Directorate T and the GRU's technical intelligence units ran what the Soviets called Liniya T, the Technology Line, which was a systematic acquisition effort targeting Western industrial and military technology. Not opportunistic. Systematic. There were target lists. We know about the target lists because of FAREWELL. The French intelligence operation, known internally as Farewell Dossier, had recruited Vladimir Vetrov, a KGB officer who handed over documentation of Soviet technology acquisition priorities. The CIA received this material. The target lists showed exactly which Western technologies Soviet intelligence was tasked to obtain, by what methods, and through which front organizations and cutouts in Western Europe. The Reagan administration used this intelligence to feed compromised and degraded technology into channels the Soviets were using to acquire it. The pipeline became the vulnerability. FAREWELL wasn't publicly revealed until years later. But in October-November 1982, the counterintelligence operations it enabled were running quietly in the background, alongside tightened COCOM restrictions on dual-use technology exports to the Soviet bloc. COCOM, the Coordinating Committee for Multilateral Export Controls, was the multilateral framework Western governments used to restrict technology transfer. The Reagan administration pushed hard on enforcement. Not everyone in Western Europe was enthusiastic, partly because their companies wanted the business and partly because the nuclear deployment politics made any U.S. pressure feel loaded. That friction mattered. Soviet acquisition networks in Western Europe ran partly through legitimate commercial channels, through third-country intermediaries, through academic and scientific exchanges. Tightening the controls was harder than announcing them. What Andropov's elevation specifically meant for this environment is worth sitting with. The declassified U.S. intelligence assessments from this period, documented later, show genuine concern about what KGB-influenced leadership meant for Soviet information operations targeting Western institutions. Andropov had built the active measures infrastructure. He understood it from the inside. Giving that person control over Soviet foreign policy was not, from an American counterintelligence standpoint, a neutral development. The RYAN system is also worth mentioning here. RYAN was a Soviet intelligence collection program, Raketno-Yadernoye Napadenie, nuclear missile attack, designed to provide early warning of a Western first strike. Andropov had overseen its development at the KGB. By 1982 it was generating significant collection requirements against NATO targets, which in turn was producing some genuinely alarming misreadings of Western military exercises and deployments. The 1983 Able Archer exercise would bring this tension to a head. But the architecture for that near-miss was already in place by November 1982. The illegals programs were also Andropov's work. Deep-cover Soviet intelligence officers operating under false identities in the United States and Western Europe had been developed and expanded under his KGB tenure. The counterintelligence challenge those programs presented to the FBI and allied services was substantial. You're not looking for someone behaving suspiciously. You're looking for someone who has spent years building a legend that holds up to scrutiny. None of this was new in November 1982. The machinery had been running for a long time. What changed was that the man who built it was now running Soviet foreign policy, and the competition over technology, information, and strategic positioning was, if anything, accelerating. The CED timeline documents a moment, not a revelation. But moments matter. The October-November 1982 window is one of those points where several things were happening simultaneously that would compound into something larger. The succession, the freeze movement, the technology acquisition operations, the FAREWELL intelligence, the RYAN collection pressure. None of it was visible in its totality to any single observer at the time. That's usually how it works. foreigninterference.org/post/ced-timel… #foreigninterference #InfluenceOperations #DisinformationCampaigns #TradeSecretTheft #TechnologyTransfer
English
0
0
0
42
Foreign Interference Research Center
Someone pointed me to an academic paper this week tracing state-sponsored cyber operations from 1982 through 2014, and the framing is actually useful for something people keep getting wrong about where this is all heading. The short version of what the paper covers: the 1982 CIA-linked Siberian pipeline sabotage via compromised SCADA code, the KGB's recruitment of West German hackers from the Chaos Computer Club in the mid-80s (Cliff Stoll's Cuckoo's Egg documents this in detail), and then the long arc through Stuxnet and Chinese APT campaigns against the U.S. defense industrial base. Continuous escalation, documented inflection points, 32 years of it. Here's why the framing matters for what comes next, not just what already happened. The paper makes a point about institutional continuity that most technical threat reporting glosses over. The organizations running aggressive cyber espionage today are not new. The SVR is the KGB's foreign intelligence successor. The PLA's cyber mission grew directly out of doctrine developed in the 1990s around what Chinese military theorists called "informationized warfare." These aren't startups. They have forty-plus years of muscle memory around what they want, who has it, and roughly how to get it. That's a different problem than stopping a novel actor who's still figuring out their targeting priorities. So when you think about trajectory, start there. The targeting logic is mature and stable. What's still evolving is the method, and the method is evolving fast in a particular direction. The 1982-to-2014 arc the paper documents moved from one-off physical sabotage and opportunistic network intrusion toward persistent access and scalable intellectual property theft. Stuxnet in 2010 was the public landmark for the physical effects side. The PLA Unit 61398 indictments in 2014 (the five officers DOJ named, Gu Chunhui, Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu) were the public landmark for the industrial-scale IP theft side. Those two lines haven't converged yet. They will. What does convergence look like? It looks like persistent access to critical infrastructure combined with the willingness to use it, not as a standalone attack, but as leverage or as a component of a broader operation during a geopolitical crisis. Russia already pre-positioned in U.S. energy and water infrastructure, that's documented in multiple DHS and CISA advisories going back to 2018. China's Volt Typhoon activity, which CISA and NSA flagged in 2023, is explicitly pre-positioning in communications and transportation networks. Neither of these is the attack. Both of them are the setup. The trajectory the paper traces from 1982 forward ends in 2014, but it points directly at where we are now: actors who have moved past the question of "can we get in" and are sitting on persistent access they acquired years ago, deciding when and whether to use it. For defenders, the actionable read is that the threat model has to account for accesses that were established years before they become relevant. A network intrusion that happened in 2019 might matter enormously in 2026 depending on what happens in the Taiwan Strait or in Ukraine. Incident response framing, which is built around detecting and ejecting an active threat, is structurally underequipped for this. You need to be hunting for dormant implants and legacy access paths that nobody tripped an alert on because nothing happened after they were placed. That's a different workflow and a significantly more expensive one. For officials and policymakers, the paper's point about strategic motivation is the part that doesn't get enough attention. These operations persist because the underlying strategic goals haven't changed. China wants defense technology, advanced manufacturing processes, and political intelligence about U.S. decision-making. Russia wants to degrade Western cohesion, maintain leverage over energy-dependent states, and preserve its ability to escalate. Patching vulnerabilities and indicting individual operators addresses none of that. The 2014 PLA indictments didn't slow Chinese IP theft in any measurable way. The operations just shifted to different infrastructure and different cover organizations. The next move for both actors is going to be further laundering of state operations through proxies and criminal-adjacent groups. Russia is well down this road already. GRU and FSB have used criminal hackers as cutouts since at least the early 2010s, and the overlap between the Sandworm cluster and EvilCorp-linked infrastructure has been documented by researchers at Mandiant and others. China is catching up. The Winnti cluster has commercial-facing components. The operational benefit is obvious: it adds a layer of deniability, it makes attribution harder, and it lets state agencies access criminal capability (ransomware infrastructure, money laundering, logistics) that they don't have to build themselves. For voters and for anyone trying to understand what election-period operations look like going forward: the escalation arc in this paper ends before the 2016 interference operations, before the GRU's hack-and-leak campaign through DCLeaks and Guccifer 2.0, before the IRA's social media operation. Those weren't departures from the historical pattern. They were the historical pattern applied to a new target set using updated tools. The same institutional actors, the same underlying motivation (degrade U.S. influence and internal cohesion), updated methods. The 2024 cycle saw Iranian actors targeting both campaigns, Chinese actors probing congressional and campaign infrastructure, and ongoing Russian influence activity. None of that is surprising if you've read the 1982-to-2014 arc. What should concern people about 2026 and 2028 isn't that foreign actors will try to interfere. They will, they always have, the paper literally documents 40 years of it. The concern is that the access they've already pre-positioned in U.S. infrastructure gives them a coercive option that goes beyond information operations. Disrupting election administration systems, degrading communications, creating enough visible chaos to undermine confidence in results without actually changing vote tallies. That's the next level, and the access to attempt it exists right now in networks that defenders haven't fully mapped. The paper frames 2014 as operational maturity. That's right. What we're in now is the deployment phase. foreigninterference.org/post/cyber-war… #foreigninterference #CyberEspionage #AdvancedPersistentThreatOperations #CriticalInfrastructureMapping #TradeSecretTheft
English
0
0
0
103
Foreign Interference Research Center
The playbook is older than most people realize. A declassified October 1982 State Department cable, sitting in Jack Matlock's files at the Reagan Library, shows the NSC already running systematic tracking of Soviet active measures against Western Europe. Front groups, TASS amplification, KGB targeting of West German opinion ahead of the Bundestag missile vote. The whole stack. This predates the Active Measures Working Group by roughly four years. The infrastructure for countering Soviet disinformation didn't appear in 1986 because someone had a new idea. It appeared because the groundwork was already there. foreigninterference.org/post/reagan-er… #foreigninterference #DisinformationCampaigns #InfluenceOperations #ComputationalPropaganda #ForeignInformationManipulation
English
0
0
0
18
Foreign Interference Research Center
Election interference isn't a new threat. It's a permanent feature of the competitive landscape that powerful states have exploited for decades. The Heinrich Böll Foundation just mapped the architecture across multiple actors: Russia's IRA-style propaganda operations, Iran's disinformation network (the U.S. seized 36 of their websites in June 2021 alone), covert campaign finance laundering, domain impersonation. Different players, same toolkit. The part that should stick with you: the U.S. has been systematically dismantling the defensive infrastructure that counters this stuff, right as the offensive capabilities of adversaries are well-documented and intact. foreigninterference.org/post/heinrich-… #foreigninterference #CampaignFinanceViolations #CounterDisinformationFrameworkElimination #CovertMediaFunding #DisinformationCampaigns #ElectionInterference
English
0
0
1
23
Foreign Interference Research Center
42 years ago today, the Reagan administration was quietly building a playbook for something they didn't have clean language for yet: what do you actually do when a hostile foreign intelligence service has dug into your country so thoroughly that normal law enforcement responses aren't enough? The answer, apparently, was a 17-option framework. CIA documents, later declassified, show that Judge William Webster, then FBI Director, brought this proposal to the table as part of a broader effort to get the government's arms around Soviet-bloc intelligence activity on U.S. soil. Seventeen specific options to limit and control what they were calling "hostile foreign presence." That's a phrase worth sitting with. Not "suspected spies." Not "illegal activity." Presence. The problem had grown large enough that it needed its own category. The Cold War context matters here. By 1984, Soviet intelligence operations in the United States had been running for decades. The KGB and GRU had assets in government, in academia, in industry. The Walker spy ring, which handed over U.S. Navy cryptographic secrets for years, wouldn't be rolled up until 1985. Robert Hanssen was already inside the FBI. The problem was not hypothetical. What made the Webster framework notable wasn't that the government was trying to counter foreign spies. Obviously they were doing that. What stood out was the scale of the coordination problem they were acknowledging. Seventeen options suggests they didn't have one clean answer. Multi-agency review processes, jurisdictional questions, resource allocation across the intelligence community. The documentation points to a government realizing that compartmentalized responses weren't cutting it anymore. You couldn't just have the FBI handle it on the law enforcement side while CIA handled the foreign intelligence side and hope the picture came together. That coordination failure, by the way, didn't get solved in 1984. It was still a central complaint in the 9/11 Commission report nearly two decades later. The framework also reflects something specific to that moment: the tension between operational effectiveness and constitutional guardrails was live and contested. These weren't theoretical concerns. COINTELPRO had ended just over a decade earlier, and the Church Committee had exposed what unchecked domestic intelligence operations looked like. The Reagan administration was trying to be more aggressive about foreign intelligence threats while operating in a post-Church Committee legal environment. That's a genuinely hard problem, and the documentation's emphasis on "legal and constitutional safeguards" wasn't just boilerplate. It was a direct response to recent history. Forty years on, the operational problem has metastasized in ways Webster's framework wasn't built to anticipate. "Hostile foreign presence" in 1984 meant people. Human intelligence, recruited assets, illegal officers running networks. The physical presence of foreign intelligence officers under diplomatic cover. The framework was designed around that world. The presence problem now includes infrastructure that has no physical footprint in the traditional sense. Influence operations running through domestic social platforms. Capital flowing through investment structures that obscure beneficial ownership. Academic exchange programs that function as technology transfer pipelines. Legal entities registered in the United States that serve foreign intelligence objectives without a single foreign national ever setting foot in a sensitive facility. The jurisdictional headaches Webster was navigating in 1984 look almost manageable compared to what counterintelligence agencies are dealing with now, where the question of which agency owns a particular threat vector is genuinely unresolved in some cases. Treasury, FBI, ODNI, DHS, DOJ's National Security Division. The interagency coordination problem that prompted a 17-option memo four decades ago spawned a permanent bureaucratic ecosystem that still hasn't fully cracked it. One concrete thing that did change coming out of this era: FISA, the Foreign Intelligence Surveillance Act, had passed in 1978 and was just settling into operational use by 1984. The Webster framework was being built in the early years of a legal structure that would later become central to every major counterintelligence debate, including the ones about surveillance overreach in the 2000s and beyond. The institutional architecture we fight about now has roots in exactly this period. The 17 options themselves remain classified in their specifics. What we know is the shape of the problem they were designed to address, and that shape is familiar. Foreign intelligence services treating American institutions as operational terrain. The question of how aggressively to respond without becoming something you'd rather not be. The bureaucratic friction of getting multiple agencies to work a problem together. Some things don't change. The terrain does. foreigninterference.org/post/reagan-ad… #foreigninterference #CounterintelligenceOperations
English
0
0
1
50
Foreign Interference Research Center
43 years ago today, a forged NSC memorandum was circulating in the Spanish press claiming the CIA had been secretly coordinating with Poland's Solidarity movement. The forgery ran in Tiempo on February 7, 1983. By July of that year, the Reagan administration had pulled together enough documentation to map out the operation in detail, and the picture that emerged was methodical. The Soviet playbook at this stage wasn't subtle so much as it was disciplined. Fabricated documents seeded into sympathetic or simply credulous outlets. Existing political fractures in Western Europe, particularly the fierce domestic debates over NATO missile deployments, treated as distribution infrastructure. You don't need to create the tension if it's already there. You just need to feed it something that looks like a document. The Solidarity angle was shrewd targeting. By 1983 the movement had enormous moral credibility across Western Europe's left. If you could tie it to the CIA, you didn't just discredit Solidarity. You handed every Western peace activist who was already suspicious of American intentions a reason to look away. The forgery wasn't aimed at Poles. It was aimed at West Germans, Italians, Spaniards. The people whose governments Washington needed to keep in line on the intermediate-range missile question. What the NSC files actually captured, beyond any single operation, was the architecture. How Soviet active measures units coordinated across multiple European outlets. How timing was calibrated to political moments. How the feedback loop worked between initial placement and secondary amplification. That analytical work mattered. The framework the Reagan team built for cataloging these techniques became the template for how Western counterintelligence thought about state-sponsored disinformation for the next decade, and honestly the conceptual vocabulary hasn't changed as much as people assume. The threat did change, though. Dramatically. What required a foreign intelligence service running a forgery operation through a Madrid newspaper in 1983 now takes an afternoon, a few synthetic accounts, and a news cycle willing to move faster than verification. The discipline is largely the same. The barrier to entry collapsed. That's the uncomfortable throughline from those NSC files to the present: the doctrine aged well. The infrastructure costs did not. foreigninterference.org/post/reagan-ad… #foreigninterference #DocumentForgery #MediaImpersonation #StateMediaCoordination
English
0
0
1
42
Foreign Interference Research Center
Hasina is sitting in India, publicly declaring she'll be back in Bangladesh before the end of 2026, and New Delhi is letting her run that campaign from their soil while simultaneously refusing to honor Bangladeshi extradition requests. That's the baseline fact here. Everything else follows from it. She was ousted in August 2024 after security forces killed protesters during a mass uprising. Criminal proceedings in Bangladesh are ongoing, covering precisely that violence. India's response has been to provide sanctuary and, apparently, a platform. Her recent statements about returning to fight for "the people's political rights and democracy" weren't made in a vacuum. They're being made from the territory of a neighboring state that has a documented interest in her political rehabilitation. The foreign interference attribution question isn't subtle. When a former head of government conducts a public campaign to return to power, from the soil of a neighboring country, while that country refuses extradition, the host state is a participant in the campaign whether it formally endorses her statements or not. New Delhi's posture isn't neutral. Hosting Hasina while she makes these declarations and blocking the legal mechanisms Bangladesh is trying to use against her are active choices. The Bangladeshi interim government under Muhammad Yunus has protested this through diplomatic channels repeatedly. It hasn't changed anything. What makes the regional picture more complicated is that China has been explicit about this. Xi Jinping's direct pledge of support for Bangladesh's sovereignty and his rejection of "foreign interference" during meetings with Yunus were assessed by basically everyone paying attention as pointed commentary on India's Hasina situation. Beijing rarely speaks that plainly without purpose. Framing Indian political support for Hasina as foreign interference is tactically useful for China because it simultaneously positions Beijing as the principled actor and delegitimizes New Delhi's influence operations without China having to do much beyond showing up diplomatically. China also has BRI investments running through Bangladesh, so the economic cultivation is layered in alongside the rhetoric. So Bangladesh is currently managing: Indian state-facilitated political interference via Hasina's sanctuary and India's extradition refusal, Chinese economic leverage through BRI, Chinese diplomatic cultivation of Yunus framed explicitly as anti-interference solidarity, and the overlay of U.S. democratic governance programming that comes with any transitional government the West decides to take an interest in. Three major external actors, three distinct interference vectors, and a fragile transitional government trying to stabilize domestic politics while all of this is happening around it. The analytical problem is that there's no framework that handles this cleanly. Transnational repression frameworks are built mostly around authoritarian states pursuing dissidents across borders. Hasina isn't a dissident. She's a former autocrat seeking return to power with apparent backing from a democratic regional hegemon. Standard foreign interference analysis tends to focus on covert influence operations, information campaigns, election interference. What India is doing here is largely overt. It's just choosing not to extradite and allowing her to speak. The covert/overt distinction matters for how international law and norms apply, and right now India is operating mostly in the overt space, which makes it harder to call out through the usual channels. China's move is sharper in some ways. The explicit sovereignty rhetoric coming out of Beijing gives the Yunus government political cover to push back on India while accepting Chinese economic engagement. From Dhaka's perspective, China is offering something India is currently withholding: affirmation that Bangladesh's domestic political situation is Bangladesh's to manage. Whether you believe China's stated position has anything to do with its actual interests is a separate question, but the tactical value to Yunus of having Xi publicly on record against "foreign interference" is real. The 2026 timeline Hasina has set for herself matters. Bangladesh is supposed to be working toward elections under Yunus. If she's signaling a return, the question is whether she's signaling a return as a political candidate or as a figure seeking to destabilize the electoral process before it produces a result that forecloses her future. Either scenario requires her to have continued Indian backing, and India's calculation on whether to maintain that backing is going to be driven by its own assessment of who they'd rather deal with in Dhaka long-term. The Bangladeshi legal proceedings against her are the leverage point that neither side can quite control. If the cases proceed and produce convictions, her return becomes much harder to legitimize even with Indian support. If proceedings stall or are perceived as politicized, India has more room to position her return as a democratic restoration rather than a fugitive's comeback. The framing war around those proceedings is happening in parallel to everything else. For anyone tracking transnational interference, the Hasina situation is a reasonably clean case study in state-facilitated political interference operating in the open. India isn't running a covert op here. It's just using the ordinary tools of state power, including jurisdictional refusal and territorial access, to shape political outcomes in a neighbor's domestic environment. The fact that it's overt doesn't make it less consequential for Bangladesh's transitional government. It might actually make it more so, because there's no operation to expose and disrupt. foreigninterference.org/post/sheikh-ha… #foreigninterference #DiplomaticSanctuary #InfluenceOperations #AntiInterferenceRhetoric #GovernmentDestabilization #PoliticalInfiltration
English
0
0
1
58
Foreign Interference Research Center
Day 1586 of the Russia-Ukraine war. Katya Soldak is still filing for Forbes. The war is old enough that most Western outlets have rotated correspondents multiple times, which makes the continuity of this kind of reporting more useful than it probably gets credit for. The dispatch covers ground worth unpacking, because several threads are running simultaneously and they intersect in ways the summary-level coverage tends to flatten. Start with the Belarus relay stations. Russia has physically installed drone relay infrastructure on Belarusian territory to extend strike range into Ukraine. This is not a theoretical arrangement or a diplomatic abstraction. The hardware is there, it is functional, and it is being used. Ukraine's response has been to issue Lukashenko something close to an ultimatum: disable the infrastructure or face the consequences of being treated as an active participant in the strikes, not a passive host. The military logic is obvious. The information warfare logic is at least as important. Kyiv is not primarily trying to get Lukashenko to comply. He almost certainly will not, because the Russian security relationship leaves him functionally no room to. What Ukraine is doing is building the public record. Every time the demand is made and refused, every time a strike is traced back through Belarusian-hosted relay infrastructure, the case for treating Belarus as a co-belligerent gets incrementally stronger in front of European and American audiences. The ultimatum is the message. Lukashenko's non-compliance is the content Ukraine is generating. This is fairly textbook information operation design, and it is being run in parallel with a genuine military problem Ukraine is trying to solve. On the cyber side, Google's exposure of the Turla STOCKSTAY backdoor campaign is the kind of disclosure that deserves more attention than it usually gets in conflict coverage. Turla is one of Russia's most mature APT operations, associated with the FSB and active for roughly two decades. STOCKSTAY is a backdoor targeting Ukrainian systems, and Google's Threat Intelligence Group publishing on it serves a dual purpose: it puts defenders on notice with technical indicators, and it is itself an attribution operation that publicly ties Russian state infrastructure to espionage against a country Russia is simultaneously bombing. The exposure is the counter. You degrade the operation's usefulness by burning the tooling, and you do it publicly because the public burn has information value that a quiet patch cycle does not. Ukraine has been running its own offensive information capabilities for a while now, and a few of them are worth naming specifically. TrophyLab is an open-source intelligence platform Ukraine built to release captured Russian military intelligence to external researchers and governments. The theory is sensible: Ukraine has ground truth that outside analysts want, and rather than gatekeeping it, they publish it in ways that build attribution capacity internationally. If you can get allied governments and independent OSINT communities working off the same primary source material, you get a more durable and distributed attribution ecosystem than any single intelligence service could produce alone. This is partly pragmatic, Ukraine does not have unlimited intelligence bandwidth, and partly strategic, because the more governments that independently corroborate Russian actions, the harder those actions are to diplomatically bury. The catfishing operations are less elegant but apparently effective. Ukrainian intelligence has been running romantic persona operations against Russian frontline troops, using fabricated social media identities to develop relationships with soldiers and extract geolocation data. This is not a new technique in the history of intelligence operations. What is notable is deploying it at scale, systematically, against a standing army during active combat operations. The yield is targeting data. A soldier who tells someone he thinks is a girlfriend where he is stationed has provided actionable coordinates, and the intelligence pipeline from that conversation to a strike decision is apparently not long. The CIA partnership context matters here. Ukrainian intelligence services have had a decade-long working relationship with the CIA, and reporting has established that this relationship substantially upgraded Ukrainian counter-espionage and intelligence collection capability before the 2022 invasion. The sophistication of operations like TrophyLab and the catfishing programs is not coincidental to that partnership. Ukrainian intelligence is running these at a level that reflects serious institutional development, not improvisation. RT's European operations in the current period deserve a separate note. The reporting documents RT exploiting the UK Starmer arson crisis for disinformation operations. The specific mechanism matters: RT and affiliated channels have been using real crisis events in target countries as amplification hooks, inserting narratives into genuine public anger rather than manufacturing crises from scratch. This is more resilient than pure fabrication because fact-checkers correcting false claims do not address the emotional core of real grievances that the disinformation is attaching itself to. The UK arson incidents involved real events, real public anxiety, and real political tension. RT's involvement is about steering and amplifying that existing material, not inventing it. The DoppelGänger campaign, which CYBERCOM has documented, operates on similar logic at a broader geographic scale. DoppelGänger is a Russian-linked influence operation that creates fake versions of legitimate news websites and uses them to launder fabricated content into the information environment. CYBERCOM's documentation is notable because it represents the US military's public attribution infrastructure being deployed against an information operation. That is a relatively recent development in how the US government handles this, and it reflects a shift toward treating public exposure as a tool rather than a security cost. The operational picture at day 1586 is a conflict in which the kinetic, electronic, and information domains are not running in parallel, they are integrated at the tactical level. Relay infrastructure on Belarusian soil is simultaneously a targeting asset, an escalation signal, and an information warfare opportunity depending on who is using it and how. A cyber backdoor that gets exposed publicly is no longer just an espionage tool, it becomes an attribution asset for the country being targeted. A catfishing operation that extracts coordinates feeds a fire mission. None of these functions are separable in practice. The lesson that adversary states are taking from this is straightforward. If you are assessing hybrid warfare doctrine for a potential conflict with a Western-aligned state, Russia's Ukraine operations provide a detailed operational record of what integration looks like at scale and under sustained pressure. Some of it has worked. Some of it has failed conspicuously. All of it is being watched, documented, and studied. The fact that we are at day 1586 and this level of operational complexity is still being maintained on both sides is itself a data point. This is not a war that has degraded into attrition with information operations as an afterthought. The information domain is still being actively contested with new tooling and new techniques on both sides, while the artillery is still firing. foreigninterference.org/post/forbes-uk… #foreigninterference #DisinformationCampaigns #CyberEspionage #CommunicationJamming #DroneSurveillance #InformationDomainOperations #MultiDomainWarfareCoordination
English
0
0
0
67
Foreign Interference Research Center
Araghchi was in Baghdad last week meeting with Iraqi officials and pitching what he called a "collective regional security" framework. The timing was not accidental. Active U.S.-Iran military exchange ongoing, Hormuz negotiations live, Iranian proxies running operations against Bahrain and Kuwait simultaneously. That's the context for the diplomatic charm offensive. Here's what's actually being built, and where it goes from here. Baghdad has been Iran's preferred staging ground for influence projection for years. The Iraqi political system is riddled with factions that maintain direct institutional ties to Tehran, which means when Araghchi shows up and holds "high-level meetings," he's not pitching skeptics. He's activating infrastructure that's already in place. The meetings formalize relationships that were already operational. That's an important distinction because it means the diplomatic visit is less about persuasion and more about signaling: to Washington, to Gulf capitals, and to Iraqi factions that Tehran is coordinating across domains even while taking military hits. The "collective regional security" framing is the part that deserves more scrutiny than it's getting. Iran has run this rhetorical play before. You define regional security as something that belongs to the region's own nations, you position any outside military presence as by definition illegitimate interference, and you present yourself as the mature, constructive actor calling for indigenous solutions. It sounds reasonable on the surface. That's the point. The cognitive objective is to shift the political vocabulary in Arab capitals so that U.S. military partnerships gradually become harder to defend domestically. Not overnight. Over several years of repetition. The audience for this framing right now is specifically the Arab Gulf states. Saudi Arabia, the UAE, Kuwait. All of them have U.S. security relationships that Tehran wants to erode. Tehran knows it can't simply bully those states into dropping Washington. But it can complicate the domestic and regional politics of those relationships, especially if it can get Iraqi officials to echo the "collective security" language at multilateral forums. Iraq is an Arab League member. If Baghdad starts amplifying Iranian-origin framing about regional security architecture, that's not Iran talking anymore. That's an Arab government talking, which plays very differently in Riyadh. So watch for that: Iraqi officials at regional forums adopting language that mirrors Araghchi's talking points without direct attribution to Tehran. That's the laundering mechanism. It's not sophisticated in a technical sense. It's just patient and it works. The dual-track operation running right now is worth mapping out explicitly. On the kinetic side, Iranian proxies are conducting military operations against Gulf states. On the diplomatic side, the Iranian FM is in Baghdad calling for peace and regional cooperation. These are not contradictory strategies running in parallel by accident. Iranian information warfare doctrine, documented across multiple operations over the past decade, treats military pressure and diplomatic legitimization as coordinated tools. The military operations create urgency and fear. The diplomatic framing offers an exit ramp that happens to be structured entirely on Iranian terms. Gulf states get to choose between continuing to absorb proxy attacks or embracing a regional security framework that marginalizes U.S. presence. That's not a good faith negotiation. It's a coercive architecture dressed in diplomatic language. What should U.S. officials and Gulf partners actually watch for in the near term? First, whether Baghdad begins formally echoing "collective security" language in official communications or bilateral meetings with Gulf states. Iraqi PM Sudani has been trying to walk a line between Washington and Tehran for his entire tenure. If his government's public language starts drifting toward the Araghchi framing, that's a tell about which direction the pressure is winning. Second, whether Iran uses any ceasefire or negotiation period around Hormuz to accelerate this diplomatic campaign rather than pause it. Periods of de-escalation are historically when Iran's influence architecture expands fastest, because pressure from Washington decreases and Iraqi political space opens up. If talks begin and Araghchi or his counterparts immediately schedule follow-on meetings in Baghdad or Beirut or Damascus, that's the pattern activating. Third, and this is for the Gulf states specifically: watch your own domestic media and think tank ecosystem for "collective regional security" language appearing without clear sourcing. Iran has used front organizations and friendly academics in Gulf countries before to launder messaging. The current campaign gives that content a fresh hook. For U.S. planners, the harder problem is structural. The Iraqi political system's entanglement with Iranian-aligned factions is not something that gets fixed in a news cycle or even a policy term. It's been fifteen years in the making. The Baghdad meetings this week aren't a crisis. They're a status report on an architecture that's been under construction since 2005. What's new is the brazenness of running the diplomatic track in parallel with active proxy military operations against U.S. partners. That's a calibration. Tehran is testing whether the current U.S. posture will tolerate the dual track or push back on it directly. So far the answer appears to be: tolerate it. And Iran will draw conclusions from that. foreigninterference.org/post/iran-s-re… #foreigninterference #InfluenceOperations #AntiInterferenceRhetoric #DisinformationCampaigns #ProxyMilitaryAttack #RegionalInfluenceOperations
English
0
0
0
61