Secure Line Podcast Episode 6 - Implausible Deniability - The New Age of State Threats
In this episode of Secure Line, hosts Stephanie Carvin, Jessica Davis, and Leah West dive into the evolving landscape of state threats.
They explore how modern covert operations—from cyberattacks and disinformation campaigns to acts of sabotage—are reshaping national security, highlighting a significant shift from traditional espionage to more technologically driven, transnational activities. The episode features guest Matthew Redhead, a seasoned researcher on financial crime and national security. Drawing on insights from his report, “Old Wine, New Bottles, The Challenge of State Threats,” Redhead delves into the blurred lines between espionage, sabotage, and foreign interference. He explains how state threats now encompass a broader spectrum of covert operations, including the outsourcing of targeted assassinations to criminal networks—a trend driven by factors such as (im)plausible deniability, cost efficiency, and the exploitation of technology to access denied areas and engage in transnational repression. The discussion further contrasts the legal frameworks and defensive measures employed by Western governments with the often reckless tactics of adversarial states.
Listen to the episode below!
Read the transcript below!
Intro: Welcome to Secure Line, I'm Stephanie Carvin. I'm Jessica Davis. And I'm Leah West.
Stephanie: In November of 2024, the Canadian government expressed its deep concern over, quote, Russia's intensifying campaign from cyber incidents and disinformation operations to sabotage activities. This followed news that Western security officials believe two incendiary devices that ignited in DHL logistics hubs in Germany and the UK in July of last year were part of a Russian operation that aimed to start fires aboard cargo or passenger planes flying to the US and Canada.
In October, Poland announced that it had arrested four individuals believed to be associated with these activities, with the Polish prime minister accusing Russia of engaging in quote, Acts of terrorism. Public Safety Canada refers to these actions as hostile activities by state actors or HACA. Defined as hostile activities undertaken by state actors or their proxies that is purposely covert, malign, clandestine, and deceptive.
It can include threats, harassment, and intimidation. Foreign states leverage these activities to advance their strategic interests, including seeking geopolitical influence, economic advancement, revision of the rules based international order, domestic stability, and military advantage. While threats such as foreign interference and espionage have largely dominated the national security landscape in Canada, these state threats have been getting more and more attentions behind the scenes, prompting Western governments to turn their attention To what once may have been called sabotage but now constitutes a substantial range of activities enabled through technology.
What are state threats and are they really different from what's come before? Why are we seeing these activities now, and how should Western countries like Canada respond? Here to speak with us today is Matthew Redhead, a researcher and writer on financial crime and national security topics, and an independent risk consultant to the fintech and regtech sectors.
He's a regular contributor to Jane's Intelligence Review on serious organized crime, financial crime, terrorism, and intelligence. He is also the author of a new report, Old Wine, New Bottles, The Challenge of State Threats. Published by the Serious Organized Crime and Anti Corruption Evidence Research Program.
Matthew, thank you so much for joining us today.
Matthew: Thank you very much for having me.
Stephanie: So let's just dive into this right away. And first of all, I was wondering if you could tell us about the Serious Organized Crime and Anti Corruption Evidence Research Program, which I think is called And what led you to write this report?
Yeah, indeed. SOCACE is a program that the UK Foreign, Commonwealth and Development Office, FCDO, and I'll just call it Foreign Office from here on in because that's what we all call it. It's one of their several research programs which looks at areas of various transnational threats and issues.
And in some ways it's a little bit interesting that state threats has ended up being commissioned by this particular area because it focuses much more on serious organized crime and corruption, but that came up because we did some initial work looking at the relationships between organized crime and state actors, and it grew out of there.
So that's why it's sat in that part of it. And we've been doing the work as part of a broader piece of work for the Royal United Services Institute and the State Threats Task Force there in collaboration. So it's SOCHE supported and we in the Roosie State Threat Task Force have pretty much taken it forward.
Stephanie: So then, going on to the next obvious question, what is it that you mean by state threats? I've given you the the public safety definition of HASA, as we call it, so is that the same thing, effectively?
Matthew: It's broadly in the same, it's in the same ballpark. We had a great time when we had what we call our State Threats Task Force, which was a two meetings of the great and the good experts, former practitioners from the UK, some five eyes European, et cetera.
And the real problem when we started it was like, okay in the UK, we talk a lot about state threats and everybody was saying what do we mean by state threats? There is a quite lengthy description in some of our home office our interior ministry and their, in their kind of consultations on this, which is very long and wordy.
And we had all sorts of things from, I think one person said south of war and north of peace, which wasn't very helpful. The gray zone was another one and the kind of classic I know it when I see it was the, it was one of the other ones. I mean we actually looked at the Canadian example.
We looked at others like. Australia, the Netherlands and what have you, and try to say, okay, there's a UK definition, but if we look across all different cognate definitions that we can find, what are the key elements? And, most of them are in the same ballpark. There are family resemblances there.
It's primarily covert, coercive activities. Although the UK, includes overt for some bizarre reason, but anyway, we'll leave that aside. The state has to be, a state has to be behind it, even if it's undertaken by a non state actor. It has to be for a political purpose. There has to be an intent to do harm of some kind.
One of the issues that really came up for us was sometimes the activities of states which are harmful to others are potentially negligence. Is that a state threat? No, it wasn't. And clearly, as I say, it was also meant to be short of war. But then we also said it's not peace. So what does this, where's the other side of this?
If that's, if it's not war, what's the lower end, what's the threshold there? And so we came up with a form of words around common international practice and standards of behavior, which is a bit fuzzy, but as a working model, it helped quite a lot to actually narrow down what felt like quite an amorphous area.
Leah: Thanks. We've been having we recently had the foreign interference inquiry, and one of the big debates around the inquiry was where are we drawing this line between what is foreign interference versus foreign influence? How do you know? This sounds very similar, and I guess, In that case, this would be a subcategory of state threats.
And yeah, as a subcategory has that similar challenge with the broader category of where are we drawing this line? Is that fair?
Matthew: That's absolutely spot on. And one of the problems that we have. When you look at some of these subcategories, such as influence slash interference, and in the particular piece of work we did, we called it malign influence rather than interference, but that's effectively what it is.
What you could find is very open, overt, what, I don't want to describe it as benign influence, but open and overt influence very easily slid into malign influence. When you actually look at the way that, say, for example, you know, the United Front, or I always get this mixed up, United Work or United Front Work Department, the ones I'm talking about, the CCP.
I think there's a phrase that they use about, making friends and seeing what happens. And that's, that sounds it sounds fine. But one of the things that you see in some of the cases is how something that looks perfectly reasonable to start with can slide into something much less Much more questionable.
So it is a it's a hard thing to do. And I in many of these cases, I think you end up doing it case by case. Almost. I think one of the things that we found, and it's not just about malign influences. There are certain things which look perfectly reasonable at start and might be reasonable at the start, which can be weaponized and turned into a state threat.
So it's it's difficult to just draw that line simply saying, okay, there are potential vulnerabilities here. We need to be aware of they are not necessarily by nature malign, but they can be distorted.
Leah: Yeah. I think that's a great example. The counter protests or just standing and very overtly monitoring protests.
If you're, for example, protesting the actions of the CCP, that's something that we see. And you mentioned in the definition that it needs to be done for political purposes. And would you include transnational repression of dissidents as part of state threats if it's done abroad,
Matthew: We do.
And we had a bit of a debate about this as well, because there was one point of view, which was well, look, this is actually effectively domestic repression, which is taking place on a global stage, which is a dreadful thing in its own right, but it's not necessarily an attack on a state. However, one of the sort of the winning argument was this is it's an abuse of power.
other sovereignty. And therefore it is a state threat as well as being a form of transnational repression. The two things are not necessarily mutually exclusive. The other thing that I would say about transnational repression is we talk about transnational repression in terms of looking at domestic dissidents and critics who are living overseas who have been targeted.
I think one of the things that come, came out to me from the work was actually transnational repression, not just targeting domestics domestic citizens or nationals or people from the cultural diaspora or whatever it might be. It goes much broader than that. It goes into journalists from other countries. It goes into political leaders. It goes into think, into the think tank world. It's all bad. It's all bad. But the reality is it's not just dissidents who are complaining using the UK or Canada or what have you as a platform for doing it that we're talking about here.
Leah: So you say in your report that this is essentially Sabotage, espionage, subversion. These have been done , since time immemorial, as we like to say. What's different now? Is there anything different now or are we just paying attention?
Matthew: That's a really good question. I think one of the debates that we had when I was going through peer review for this particular piece of work was a senior practitioner from the UK who was reviewing it said it doesn't matter.
Does it one way or another? Because it's an issue now, whether it's it's something we've got to deal with. I think there's an interesting thing here about volume and trend, which I think is very important that we need to take into account. So obviously we are, those of us on the outside looking in don't have the kind of data that the agencies have, but every indication that you get when you look at things that can be quantified, whether they be, assassination attempts, whether that be disinformation efforts, whether that be cyber espionage, cyber offensive, cyber operations, show a kind of upward march as it were over a 20 year period.
Yes. I think there's a point where volume, where quantity becomes quality, if you like. So there is that difference there. I think also in terms of, you, I think you mentioned in the introduction technology, I think Stephanie, you mentioned technology and the importance of that, how, what we're seeing now is increasingly technology, a technologically enabled approach, which allows a kind of scale of volume and range and activity, which we've never really been able to see in many areas before, particularly in espionage and also not just about the technology, but also willingness to use all the facets of a society from ordinary citizens all the way through to businesses to actually conduct this effort.
China, I think is the very best example of this. It has national intelligence laws, which basically require businesses and individuals not only to cooperate, but basically to come forward if they have, for example, zero day exploits that they think that they've identified in invulnerable Western systems, for example.
So I think there's technology, there's the scale and breadth of the effort. is different. It's not just something that's happening from intelligence agencies, important though they continue to be. I think also what's different, and we've got to be careful not to say every country that we talked about in the report is the same because they have their own different national styles of approach.
Some are more reckless than others, but I would say broadly speaking, if you would take them all together and provide a kind of average. The level of ambition and recklessness and willingness to target areas which have not been targeted before quite as heavily: commercial knowledge, personal data about individuals, social networks, simply collecting data for the sake of collecting data in the commercial space with no real idea necessarily when you collect it, why you're doing it, but basically to ensure that you have it.
So this is there's a greater ambition and willingness just to do it because you can do it. And also I think, as I say, I think I used the word reckless just then. I think particularly we, you mentioned we mentioned the DHL parcels. There's a level of danger. And threat to life elements in a lot of these activities now, which I think, again, we almost used the word terrorism before.
That feels different as well. This is not some kind of artful game where it's, Cold War 2. 0 where George Smiley or James Bond or whoever it might be is conducting this in some kind of gentlemanly way. It's considerably more rough and tumble than that and potentially quite nasty.
Jessica: In this conversation around what's new and what's not new. This is a really great time, I think, to ask Leah a question about the Canadian context, because what we're really talking about here is, foreign interference, espionage, sabotage, all things that are governed by the CSIS Act, but that Canada could also potentially engage in.
Leah, does Canada engage in these types of practices? How does Canada go about conducting espionage, foreign interference, and covert action? What governs that for us?
Leah: So the answer is yes, but.
So Canada has legal authority to engage in what we call threat disruption measures. That's something CSIS can do under statute. But it's a very clearly defined, now a very clearly defined regime, that requires high level authorization from the director of CSIS and in some cases where laws may be broken, a judicial authorization to engage in a measure that would disrupt a threat.
And then again, even the title, Threat Disruption, shows that the tool that Canada uses is one that's Defensive and it's meant to disrupt a threat to the security of Canada.
CSE also, or Communications Security Establishment, also has the authority to engage in active and defensive cyber operations. Again, it's a statutory authority with some pretty clear limitations on it and requirements for consultation with the Minister of Foreign Affairs and approval by the Minister of National Defense if we're talking about offensive defense and just the Minister of National Defense sign off if we're talking about defensive but again, there are also requirements for review in the Canadian context.
These agencies are subject to review by both the National Security Intelligence Review Agency and NSICOP. And we are very clearly, authorizing this and we have authorized it as a Canadian public through the parliamentary process. So it is a very different context to say that Canada engages in these practices than it is to say China and Russia where you have you know, off book criminal enterprises engaging in assassinations and cyber attacks and, a cyber crime in the name of a state.
Jessica: Matthew, when I was reading your report, I was really struck by the issue of sabotage because, foreign interference, broadly speaking, we've seen lots of that in Canada, very well covered in the media.
But I wouldn't say that we've seen much, if any, sabotage here. So I'm wondering if you can maybe reflect on what's happened in Europe and where you've seen sabotage and why you think it might not be happening in Canada.
Matthew: Okay, it depends on what your definition of sabotage is and whether you include if you would like preparation for cybotage as well preparation for future cyber offensive operations which I would do because I think effectively it's a virtual form of sabotage.
In Europe what we have seen, and obviously we're talking primarily about Russia here, is a sort of escalation over the last decade. And we can go back to I think 2013, 14 where there was targeting of particular factories in Eastern Europe, which were providing or part of the supply chain for Ukraine. After the, or the, after the sort of annexation of Crimea and the ongoing war in the east of the country.
What we've seen is a sort of ramping up in the last two or three years for obvious reasons in correlation with the full scale invasion in 2022. A lot of what we've seen in Europe has it first and foremost focused on military industrial elements, which supported which were linked to Western support for the Ukrainian war effort.
So it would be both both commercial and also targeting of military bases. There was a targeting of a base in Germany. We had a factory in the UK, which was targeted by two individuals who'd probably been paid by Russian intelligence to do that.
So we had that kind of model and what's happened in I'd say the last year or so is that's expanded and you've seen examples of what we believe to be sabotage in terms of, things like arson on shopping centers and retail centers and what have you, areas completely unrelated to the war effort, particularly in the Baltic States and Eastern Europe.
So there's been a kind of more general sense of that on the cyber side as well. We've seen more and more interference with infrastructure in Europe, there's been numerous attacks on Central and Eastern European train control networks as well. And of course, as was mentioned before, we had the DHL parcels on planes.
So what we're seeing is an increasing range of different targets being used. A willingness to just move outside the obvious areas of targeting things related to the Ukraine war. And also again, going back to my point from earlier on, if you like putting human beings much more at risk than they might've done before, because of course if you're going to set light to a shopping center in the middle of Warsaw, who knows who's going to be in there.
If you're going to put a bomb on a plane, or going to set a package alight, who knows what's going to happen to the plane. et cetera, et cetera. If you're going to create a train accident in Eastern Europe, what's going to happen to the people on there? So we're seeing a sort of escalation in terms of the intensity and in some ways, and I'm, I'm grateful for this, that we have so far not seen, significant loss of life as a result of that.
And in fact, I think from that point of view, we're probably lucky.
Also, why I think you, you asked as well about Canada and why are you not seeing it as much? There's interesting question about, are you looking and obviously it's not going to be as to use a fine old British phrase, in your face, potentially, because obviously we're, we have a near neighbor who's extremely difficult.
I suppose you have a near neighbor who's extremely difficult in a different way, but that's don't quote me on that. And we, so the thing that I would be concerned about is what's going on in a kind of, I think there's probably more going on in terms of surveillance and potential preparation in Canada than you probably put.
That's just my instinct. I don't know that for certain, but for example, we have neutral countries in Europe, like Ireland, who are not members of NATO, want to be everybody's friend and are everybody's friend, are very popular countries and of course there's been cases in Ireland of Russian intelligence officers being caught looking at cables across the Atlantic and working out what they might I'm sure they're just doing it out of interest in the same way they went to Salisbury to look at the cathedral. I'm sure they're just interested in these cables. And of course you've had Russian trawler fleets in and around Ireland paying attention. We've, of course, had interesting things in the UK about lots of drones over airports, etc. I think there's a lot of activity going on which has not yet been badged as potential preparation for sabotage.
And, obviously I'm, not following the Canadian news as much, but I wouldn't be surprised if more of this was going on and at the very least preparation is going on and on that point about cyber. This has been something that most of the cyber related agencies. Five Eyes and also some European ones have been pointing out for the last year or so that we're seeing more and more activity, which suggests not just espionage, not just going in and causing a bit of difficulty, potential pre positioning in the event of a war.
So I would look at that as being something that, affects you guys probably as much as us. And in fact, I wouldn't, particularly if we're talking about China, potentially more than us.
Leah: That brings me to another question. Who is engaging in these activities? Is it all states? I think we can think of the obvious states, such as China and Russia who are engaging in these practices, but who are the states engaging and who are the states that are the target of these practices?
Matthew: Yeah, I think that's a very good question. I think it's very easy and the media falls into this and some of us analysts fall into this trap as well of, thinking about the big four, what we, what I heard described as the CRINKs, China, Russia, Iran, and North Korea recently, which is a dreadful acronym or axis of resistance or what, obviously there's loads of different ways we could describe it.
And they are, if you look quantitatively and, if you would like gut response qualitatively, when you look at all this sort of reporting, they are, they loom largest, China and Russia, particularly for very obvious reasons, they're large countries with lots of resources. Iran is a little bit below that.
North Korea, in some ways, is a sort of, Sui generi example, which has particular issues. But one of the things that really came across from both the task force and the research was we're seeing more and more States. Let's call them middle powers who are willing to use these kinds of techniques and play in particular areas that they might not have done as much before.
I'm sure they did something in but it's become more accessible, particularly the technology. So if you were to go somewhere like the Middle East and you were to look at countries like UAE, Kingdom of Saudi Arabia, Egypt, their level of involvement now in disinformation online is just ballooned over the last couple of years.
If you were to look at Southern Africa I'm going to have to be careful saying this because I'm told Rwanda is a safe country for immigration purposes in the UK. Rwanda has been conducting all sorts of different aspects of state threats as we would define them over the last few years from transnational repression to involvement and supporting armed armed rebels in neighboring countries, etc.
If you were to go to other, areas such as South Asia, India and Pakistan, that's been going on for a long time between the two of them. However, one gets a sense there that this is now being played out on a much larger stage than it had been previously. I know there are examples we could talk about from the Canadian perspective as well, but we have, we've had interesting cases over in Europe in terms of, Indian and Pakistani disinformation online being conducted to try and change European government's views of those different governments and change those perceptions of those countries in a positive or negative way.
So I think what we're seeing is, and I think partly it's driven by the access to certain kinds of tools. So cyber is more available. You have the platforms like online media. The world is a more connected place. It's easy to get access to people that you don't like in the cases of transnational repression.
However, I think there's something else going on here, which is to do with attitude and permissions, if one, if you like. So we were going through, we've been through a very long period, I think, where even if states behaved badly, that kind of stood out. And there was a perception, particularly, certain areas of the world that if one behaved badly, then the United States would come along and rap your knuckles and tell you not to do it, or expect the United States to look after your security interests for you and basically be your guardian.
I think over the past decade, probably a bit more, there's been a perception, and this is one of the most interesting things I heard during the interviews I conducted for this research, was there's a sense that one can't rely on the United States anymore to actually be there as a friend, a protector, or necessarily as someone who was actually, or a state that's actually going to, hold you to a higher moral standard.
So therefore, you have both the combination of if you like, a more febrile geopolitical environment where states who have their local rivals have their domestic problems, have interest to pursue on the one hand and feel that they have to do it. I think there's a great phrase, Ivan Krastev, the political scientists use, which is these are powers that want to be at the table.
But not being served up or something like that. And I think that's the truth of it. And also, it's much more easy for them to do and inexpensive for them to do using the technology that's available.
Jessica: I think this is a great space to ask you about a very concrete example. And I do want to flag for our listeners that You were recently on the Suspicious Transaction Report podcast from Rusi, where you talked in more detail about the North Korea issue and the cryptocurrency angle, so we're going to not cover that here, but I would suggest to our listeners that they go and listen to that podcast if that's of interest to them, but I did want you to revisit The Wirecard issue, because this is something that, obviously you and I know a fair bit about, but I think has been under reported in Canadian media.
And I think that our listeners would find this quite interesting. So can you give us a bit of background on Wirecard and what happened?
Matthew: Off the top of my head, I can't remember how much money was lost in the Wirecard fraud. So Wirecard was is, because it still exists, a German financial institution, Fintech, effectively very large and successful one.
Which had been doing extremely well. And then I think it was in the summer of 2020. There were issues raised about the finances of this firm. And I think it was 1. 9 billion euros that were found to be missing. And the, there were lots of questions with in German authorities and internally and the chief operating officer of the bank, a man called Jan Marselec, who was an Austrian national said, I know where this money is.
It's in the bank accounts that we've got in the Philippines. So I'll get on the plane to the Philippines and go and sort it out. Anyway, as it turned out he didn't get on a plane to the Philippines, he got on a plane to Moscow and it turned out that the money he said were in bank accounts in the Philippines were not there.
Number one, he's quite clearly a potential, let's be very careful about this because I don't want to get sued and I went through lots of legal advice when I published my report, It's he's a possible suspect in that case, and his conduct has raised issues about his potential involvement. So we thought it was purely a fraud.
Anyway, it turns out that Jan Maslak had a very interesting background that he had significant relationships within Austrian intelligence. He had significant relationships within the Austrian, dare I say it, far right political parties. He had significant relationships with former Russian intelligence officers, and that he was running his own Private military company, which was conducting operations in Libya alongside Russian private military companies, and it became obvious as a sort of drip of reporting in the media that actually Jan Maslak, who we took to be a financial criminal, pure and simple, was actually also almost certainly an operative of Russian intelligence and had been developed as such for over 10 years.
Now here's where it gets even more interesting. So when you think about a Russian operative, so you can see that there, who knows what happened to that money? Who quite possibly is in a bank account somewhere in Moscow? Who knows? For all we know, maybe the fraud was actually part of that.
It's difficult to say one way or another without knowing more details but he was also a figure of influence within Austrian and German politics and within the financial world in Germany. And better still, as we discovered in the UK a year or so ago, he was also managing. a ring of Bulgarian spies in the UK who were conducting surveillance of a range of different targets over here.
And he was doing that on behalf of Russian intelligence, it's believed. So we have this incredible situation of this guy who's not even a Russian national as far as we know. I want to be careful and caveat that because I remember having this conversation about a particular assassin who killed an individual Chechen in Berlin, I think in 2019.
And everybody said, Oh, he was a Kazakh hit man. Then it turned out when he got released as part of a prisoner exchange, he was actually a member of the FSB who'd been living as a Kazakh national. So as far as we're aware, he is an Austrian national who has, who's basically been cultivated and then used at arm's length to do a variety of different things for segments of Russian intelligence.
And one has to say that I suspect that the public story about Jan Maslak is probably only about the tip of the iceberg because individuals of that, it makes me think about and you'll get my point here Jess, about terrorism and how you get particular key individuals and intermediaries in those kinds of in terrorist networks, particularly in Islamist extremist networks of, say, 10, 15 years ago, which I was more familiar with who do all sorts of things. It's not a case of just saying they're a facilitator. They're a radicalizer. They're this. They're basically all purpose operatives and Jan Maslak, and I suspect that there are more like him, is exactly that kind of model. It picks up on something that, and I'm sorry I'm going on here, David Kilcullen, the Australian soldier and scholar, wrote about that a few years ago. He's saying the thing that you have to realize is that the Russians have learnt techniques and ways of approaching things from terrorist networks. They've actually looked at what these guys have done and said, hey, we can do that too. And they won't be expecting it from us. So therefore we'll use it and we'll go under the radar.
Stephanie: So this has been fascinating. And, we've looked at this issue from the 60, 000 foot level, the kind of grand strategy of using state threats. But then also hearing about how this is working on the micro level, that case study, you just went through. So I guess I have to ask then, are state threats effective?
We know that states are using them, and I asked this question partially because, for example if you look at the use of illegals during the Cold War. And some people think illegals are migrants crossing the border. They're not. They're spies like the show, The Americans, these were spies that were trained to try and integrate into Western societies and then find themselves in a position to, to conduct espionage.
And we know that the Soviet union spent a lot of time, money and effort on these campaigns. But they don't. necessarily seem to have gotten anything out of it. So I'm wondering in this particular case, we, it does seem that the, these adversaries, the CRINKs, I think you call them, are maybe engaging in these kinds of activities.
Do we know if this is a spaghetti on the wall approach, they're just trying to see what sticks they're doing it because it's low level cost. And so it doesn't really matter if not every effort has a massive payback. Or is this actually a massive investment, which may be actually giving some returns?
Matthew: That's a that's the big question, isn't it? I, there are different attitudes I hear about this. It's interesting when you talk to academics, a lot of the academics I've talked to who are interested in this, both from a historic perspective and in a contemporary space, are a little bit skeptical about this.
Exactly. The reasons and examples that we're talking about here, you look back through the Cold War and elsewhere and also in more recent experience and saying, what difference has this really made? Is this not just a case of these agencies doing what they do because it's part of their culture, their institutional ethos and also, a little bit like, the Special Operations Executive in the UK during the Second World War, there wasn't very much else Britain could do in 1940, 41, other than try and conduct sabotage and these were pinprick attacks, but it was something that we could do. So why worry about it?
I think there's a couple of questions here. I think it's very difficult to say to yourself first of all, you have to ask yourself, what are they seeking to achieve? And first and foremost, that's very hard to do because nobody kind of puts out policy statements in doing these things we are intending to do X, Y and Z.
I think one of the general assumptions is that a lot of this is directed at wearing down the resilience, the will the focus of Western countries to actually react. And I heard different views interestingly on that about the extent to which Western resilience had been affected by it.
Quite a lot of people, practitioners said actually we've, we've fine. The country still work, the country still work. We still have a critical national infrastructure. We still go to work each day. Elections happen, all the rest of it. When you actually look at particular cases, you think about over time, say the Chinese commercial espionage campaign and how successful that's been in terms of basically taking intellectual property en masse and using that for Chinese purposes, that's a success.
You think about North Korea. And it's cyber campaign of what, four billion over about seven or eight years in terms of cryptocurrencies, in terms of US dollars, that's success. They're the best in the world at it. You look at 2016 and I'm going to get into controversial, waters here in the presidential election in the US.
There were a lot, obviously it's not just Russian interference. We know it was happening, but it almost certainly helped whatever outcome that they actually wanted. So you can say it's a success. So you can find examples where it's tipped potentially, it's had a kind of material impacts, positive impacts that these states want, and also perhaps made things life more difficult for the West.
The other thing I would say about this is that we've got to be careful in the West, not applying our own metrics to the way we think about it. So having worked in the UK government and done performance management in UK government, it was all about like how, we've invested this money in protective security, we've invested this money in counter radicalization. What results are we seeing? Are we seeing them in six months? Are we seeing them in 12 months? We've seen them 18 months. We do all these lovely spreadsheets. And we assume that everybody else is thinking on the same, in the same way. But one of the things that comes across, particularly if you to say look at the Russian agencies, that their whole attitude is: this is drip.
This is a sort of this is going to take time and if it's going to have an effect, it will take time. And actually also as one interview said to me, he said, for example, the Russians have a gambler's mentality, which is we do this and it might not work and we don't care because the time that we win, we're going to win big.
That's the perception. So I think that we need to be careful not to downgrade it. And the other thing about this is when I talk about resilience, yes, we're resilient so far. That's what it, broadly speaking, but that doesn't necessarily mean that we're going to remain resilient in three years, five years, ten years, what have you, if that drip continues.
And I think, one of the things that really struck me about, dare I say, I was very interested in your podcast about. commission on foreign interference was there was a certain amount of complacency it sounded from reading the report about we've had no problems so far or very few problems so far in terms of malign influence so therefore apart from disinformation which seemed to be you know an area of concern we don't need to worry so much for the future.
I think that's quite short sighted and one of the I would say it's short sighted because if you were to go to places like the Baltic States and Scandinavia and parts of Eastern Europe who've been on the receiving end of these kind of activities by Russia for 20 years. They found it has had an impact over time. So I think we need to be a little bit more circumspect. about this than we, than many of us have been up until now.
Stephanie: So thank you for that. It's a really interesting general overview as to whether or not this strategy is successful. Jess, I want to just turn to you for a second because you've looked at some fairly specific cases of this.
You've done some research on how states are hiring criminals for assassinations. And so that's an interesting kind of maybe case study here when we're looking at effectiveness. Were you able to find many case studies or some answers as to why states like to use criminals in this sense, as opposed to say, maybe their own agents?
Jessica: Yeah, so I was somewhat strong-armed into writing this article for a book that's coming out this year, but I'm really glad that I was, because there was a lot more here than I thought there was going to be in it, and it, led to a typology that I'll walk you through. And we all know that it's not research that I've done unless I've got some sort of framework or typology to it. I have one, one trick up my sleeve and that's it.
So when I was doing this research, I actually found about a dozen examples over the last 10 years of countries using criminal organizations to conduct targeted assassinations. And that was quite interesting. Obviously, this is spurred in part by the Indian sponsored killing of the Sikh activist here in Canada.
And part of what I was looking for, though, was understanding why countries would use criminal organizations rather than just their own operatives. And there's a whole series of things around that, and so I'll walk us through a few of them. One of them is plausible deniability, or as Aldrich put it, and Cormac call it implausible deniability.
This really creates a layer of separation between the state and the action. We might all know, or strongly suspect, that the state was behind the assassination, but they can somewhat reasonably deny it on the world stage. The second issue is that, criminals are really cost effective for states. This is like assassination on a budget because hiring criminals is cheaper than deploying trained intelligence operatives, it's much less risky from a state perspective, you don't have to pay for expensive spy training, cover, or pension plans. It's just a one time payout. So there's like a real budget aspect to this, which is maybe reflected somewhat in the states that we see using this kind of technique.
There's also the issue that criminals get access to denied areas much more easily, I call this the sort of the underworld passport issue because they can operate in places where intelligence officers might be flagged or restricted and organized crime networks often have deep rooted connections in high security and restricted regions.
So this is as there's a layer of permissibility to this. Skilled operatives are also, killers with experience. So criminal groups already specialize in violence, smuggling, and illegal operations. So instead of training assassins, states can outsource this activity to professionals who already have the skills.
This is also a great cover for espionage. It's the perfect disguise because often when states are looking for espionage, they're not also at the same time looking for criminal activities. Just the way our intelligence services and law enforcement tend to be structured, is that these tend to be separate skill sets or separate areas of investigation.
So just having this sort of cover helps the criminals hide in plain sight to a certain extent. Criminals are also disposable. You can use them and lose them. So if a criminal gets caught, the state can easily disown them without diplomatic fallout. Whereas intelligence officers being captured creates a major risk. Criminal elements can be written off as rogue elements.
And finally, I think this one is a bit more interesting. There's also a lack of scruples, like criminals tend to not have any moral hangups, where in some cases, spies might actually push back against the idea of conducting a targeted assassination on, in some cases, a friendly or somewhat friendly country's territory.
So there's a lot of different, very practical reasons why states use criminals to conduct targeted assassinations, which I think of as the ultimate form of foreign interference.
Stephanie: So all that being said, there doesn't seem to be a lot of upside for criminal organizations except for maybe money.
So is that the sole motivating factor here for why criminals do this work?
Jessica: Money is definitely a factor. Criminal organizations are profit motivated, and states do pay people. sometimes pretty well for this kind of activity. They can offer lucrative deals that far exceed typical criminal earnings.
But I think the other three factors that are related to this are much more compelling for criminals. First of all, they, states can offer safe haven. So they can be protected by the state in exchange for doing this kind of work. We see this in the case of Iranian criminal elements getting protection from the government for doing this kind of activity.
State backed criminals can enjoy immunity from prosecution, or they can even benefit from their backing state going after rival gangs in a much more concerted manner. So like really opening the playing field for them. The government can also act as a guardian for them and provide protection from their rivals, which can deter rival criminal organizations from attacking them or encroaching on their turf.
And governments can actually sometimes even eliminate competitors to strengthen their chosen criminal partner. And then finally, the last one is fear and coercion. This is an offer a lot of criminal organizations cannot refuse. Criminals are sometimes forced into working for states under threat to their lives or their families, and governments can use blackmail, threats, or arrest warrants as leverage to force compliance.
So there's a lot of reasons why criminals are engaging in this kind of activity, but a lot of it is coercion.
Stephanie: Matthew, perhaps my final question, I'd ask you this too do you agree with Jess? Do you have your own take on why criminal organizations would be willing to participate in so much of this activity?
Matthew: I think it's, I agree with a lot of what Jess has said. I think we also need to think about the fact that it's not just organized crime that's doing this. It's also disorganized crime as well. So the sort of, when you look at some of the characters that have been involved and you can see in these potentially involved in state sponsored plots there's a question to ask about whether they would actually be part of an organized crime network or whether they were just available freelancers and what have you.
So I think there's, that's one part of it. But going back to, undoubtedly organized crime groups have been working with state agencies to commit assassinations. I think that's absolutely, I think Jessica is absolutely right about that. I think that the motivations for the state, one of the things I noted is that if you were to look at a country like Russia or even Iran, there'd been a tendency in the past to use criminals, it seems, and this is very broad statement on a very narrow area of data at the moment, but I would say, so I will say this with relatively low confidence, but I have a hunch criminals played a role assassinating relatively small to medium fry enemies as it were people who didn't matter so much. So if they got caught and there were links and all the rest of it, and if you were more important, you were more likely to be targeted by an intelligence operative. And certainly we saw that in the UK with somebody like that, Vincenzo or Sergio Scrippo.
I think what we're seeing a little bit of now, and again, I think this we'll see this I think retrospectively over the, in another three years time, if it's, if I'm right, we'll, it will be easier to see is that because access, and I think that was a you, the word you used Jess has declined for intelligence operatives, particularly in Europe and North America it's becoming much more difficult for these agencies to undertake these activities overseas when required to, and therefore they very obviously are useful hidden hands and extensions of that. And, the balance between the risk of lack of control and being found out in court, the calculation about whether that's something that the agencies or the people sponsoring it, the official sponsoring it are concerned about changes, they're more willing to take that action.
Again, from the perspective of a country like Russia, it looks at itself as being largely at war with a small w, if not necessarily a big W with the West and therefore is willing to do whatever it, lower the standards in terms of this.
I think from the perspective of the criminals, I agree with everything that, that Jess said. I think I'm going to contradict myself here and say on one side, I think it's interesting that I suspect in some cases, patriotism might even play a role in some cases.
Although when you actually look at some of the networks have been linked. I think an Eastern European network was linked to a case last year, and I'm trying to remember the details, but it was linked, they were linked to the to a potentially Iranian assassination. It was an Eastern European group, all saying, Russian connections with Bulgarian organized crime, what have you, it doesn't need to necessarily be an organized crime group or organized criminals who are, of the same nationality, cultural group, what have you, you can come from different areas and be sponsored to do this sort of thing. But I think in some cases there's actually probably something a little bit more you are potentially foot soldiers for the cause. I think that's certainly the case in some of the Russian examples.
So I agree on the whole, I agree on the whole, but I think these things are incredibly complicated. And just to be very difficult and academic about it, I would say it probably depends on the criminal really, and the criminal group in terms of what their motivations are.
Stephanie: But the key thing is we shouldn't be looking at all these groups as the same.
Leah: Criminals are just like us. Yeah. I'll have different motivations. I'll have different reasons why.
Matthew: Exactly.
Stephanie: Perfect. Matthew, thank you so much for joining us today. We've certainly learned a lot. I think our listeners have also learned a lot. And this has been a really terrifying conversation in a lot of ways as to what's actually happening out there that may be under the radar, but may unfortunately be coming to a country near you soon.
So with that, I just want to thank you for joining us. And hopefully we'll have you on again soon.
Matthew: Thank you very much for having me. It's been a pleasure.
Jessica: Thanks, Matthew. Thanks, Steph. Thanks, Leah.
Stephanie: That's all for this episode of Secure Line. Thank you so much for listening. If you enjoyed this podcast, please support us by spreading the word.
Tell a friend or a colleague, and be sure to subscribe, rate, and review. See you next time!