Posted on

Russian Intelligence Plot Against European Air Cargo

russian FIS, intelligence, espionage, subversion, sabotage, counterintelligence, c. constantin poindexter

Recent reporting of a disturbing plot orchestrated by Russian FIS targeting European air cargo networks, potentially including flights bound for the United Kingdom has raised the “grey zone” warfare being waged against the West. A fairly sophisticated operation, reportedly involving the placement of incendiary devices within seemingly innocuous parcels carried by logistics giant DHL, underscores the evolving and increasingly brazen nature of adversarial hybrid warfare campaigns against Western nations. While the Kremlin has denied involvement, the convergence of evidence and assessments from multiple European security agencies paints an ugly picture of a deliberate and dangerous attempt to disrupt critical infrastructure and sow chaos. I am NOT going to provide instruction on how to make a thermostat mercury tube and block of magnesium into something useful, offer detail on attack surfaces, nor placement logistics however knowledge of the plot, briefly stating the nature of the devices employed, the chosen attack vector, the timing of the discovered incidents, the suspected involvement of Russian intelligence services, and a brief assessment of the potential effectiveness and broader implications of such an operation are fine for open source commentary.

The devices were not conventional high explosives designed for immediate, destructive detonation. Non-classified reports suggest the use of incendiary mechanisms concealed within ordinary consumer goods shipped through standard air cargo channels. Details emerging from investigations in Germany, the United Kingdom, and Poland indicate that items such as massage pillows and sex toys were used as Trojan horses to smuggle these components into the logistics network. The incendiary nature of the devices is a critical aspect, suggesting that the actors were not focused on instantaneous structural failure of an aircraft but rather on initiating a fire within the cargo hold. At cruising altitude a fire presents a severe threat capable of compromising the aircraft’s structural integrity, affect flight control systems, and/or produce incapacitating smoke and fumes.  

NO blueprints here! However, the reported outcomes of their ignition provide clues about their composition and design. That the incidents occurred in logistics hubs on the ground in Germany and the UK rather than in flight suggests a timing mechanism designed for delayed activation. This delay could have been triggered by a variety of methods, such as a timer, barometric pressure changes (simulating altitude), or simple friction or impact during transit. Camouflage as harmless consumer electronics points to a degree of technical sophistication aimed at bypassing standard security screening protocols, which are primarily geared to detecting traditional explosives and weapons. German authorities, in testing replicas of the devices, reportedly found that fire suppression systems typically installed in aircraft cargo holds might not be sufficient to extinguish the fires initiated by these incendiaries. The operators clearly conducted research into the vulnerabilities of air cargo safety measures. The selection of materials that burn intensely and are difficult to suppress, such as certain metallic compounds or accelerants, is consistent with the objective of causing an uncontainable fire.

The choice of the air cargo network as the attack service highlights several strategic considerations for adversarial FIE. Air cargo is a vital component of global commerce, moving vast quantities of goods rapidly across international borders. Targeting this network allows for potential disruption on a significant scale, impacting supply chains and causing economic damage. Cargo planes, while subject to security measures generally do not have the same level of stringent passenger screening associated with commercial passenger flights. They are softer targets for introducing illicit devices. The distributed nature of cargo handling across numerous facilities and the sheer volume of packages processed daily also present opportunities for effective camouflage and smuggling. Utilizing established courier services like DHL, with their extensive networks and trusted reputation, leveraged existing infrastructure for Russia’s ends, blending the dangerous parcels with legitimate shipments to reduce suspicion.  

The timing of the discovered incidents in July 2024, is noteworthy. These events occurred within the broader context of Russia’s ongoing full-scale invasion of Ukraine and heightened tensions between Russia and Western countries providing support to Kyiv. Western officials have increasingly warned of an intensification of Russian hybrid warfare. “Grey zone” operations that include sabotage, cyberattacks, and disinformation are distinctively Russian and likely aimed at undermining support for Ukraine and destabilizing European societies. This sort of kinetic act of sabotage with potentially far-reaching consequences aligns with the I.C.’s understanding of Russian FIS’s pattern of escalation. The incidents in July 2024 in Germany and the UK appear to be “test runs,” intended to assess the feasibility of the method and the reaction of security agencies before execution of a more widespread and/or impactful attack. We have good cause to be concerned with the likelihood of the targeting of flights destined to North America. The subsequent arrests in Poland and Lithuania in the latter half of 2024 evidence that investigations advanced quickly, certainly through intelligence liaison with European security services.  

Attribution requires compelling evidence, often gathered through covert means, however, the consistent assessment by multiple Western security agencies pointing towards Russian FIE, specifically the GRU (Main Intelligence Directorate of the General Staff), should surprise no one. The GRU has a documented history of engaging in aggressive foreign operations, including sabotage, assassination attempts and cyberattacks, often conducted with a high degree of risk tolerance and a willingness to operate in a gray area between conventional warfare and deniable covert action. Their involvement in previous incidents on European soil, such as the Sergei Kripal assassination attempt, demonstrate Russia’s capability and intent to carry out dangerous operations abroad.  

There are more specifics that give us good reason to point to the GRU. The nature of the operation, a covert act of sabotage targeting critical infrastructure in countries supporting Ukraine, aligns with Russia’s strategic objectives in its conflict with the West. Disrupting logistics networks, creating fear and uncertainty serves to pressure governments and populations supporting Ukraine. The use of “disposable agents” or recruited individuals in various European countries to handle the parcels is consistent with known GRU tradecraft, which often utilizes cut-outs to maintain plausible deniability. The arrests in Poland and Lithuania were of individuals from different nationalities, suggesting a network of recruited operatives rather than directly deployed intelligence officers. Further, comm. intercepts revealed discussions among senior GRU officials regarding the plot, providing direct evidence of the involvement of Russian FIS. The Kremlin’s standard practice of flatly denying involvement does NOT refute the I.C.’s assessments and attribution.  

The effectiveness of the explosive/incendiary device and its attack service must be assessed on multiple levels. From a technical standpoint, an incendiary device capable of initiating an uncontrollable fire in an aircraft cargo hold at altitude is highly effective at creating a catastrophic in-flight emergency. Modern cargo planes have sophisticated fire detection and suppression systems, but if the fire source is resistant to the suppression agents (like halon or nitrogen), or if the fire spreads rapidly before suppression is effective, the consequences can be dire. The potential for loss of the aircraft and its cargo, as well as the risk to populated areas if a crash were to occur, makes this a high-impact peril. German authorities’ findings regarding the potential ineffectiveness of fire suppression systems against the tested replicas should make the hair on your neck stand up.

From an operational perspective, the attack service (legitimate air cargo network) was effective in allowing the devices to penetrate security layers and reach their intended environment. The volume and speed of air cargo movement make comprehensive, item-by-item security screening a significant logistical challenge. By concealing the incendiaries within seemingly innocuous items and utilizing established shipping routes, the operators exploited inherent vulnerabilities in this system. The incidents in July 2024, demonstrated that the devices could be successfully introduced into the network and ignite, thereby validating the initial stages of the attack methodology and giving the GRU proof of concept They just didn’t count on the unintended early ignition. The plot was ultimately disrupted, indicating limitations in the overall effectiveness of the methodolgy, however, the GRU learns from its mistakes. Early ignition of the devices on the ground, while potentially providing valuable data to the perpetrators, also served as a big red flag to security agencies allowing for rapid investigation, intelligence sharing, and the apprehension of individuals involved, thereby preventing in-flight incidents. These were described as “test runs” so the operation was likely still in an experimental phase. The premature ignitions forced the perpetrators’ hand and exposed the plot before it could be realized on a larger scale.

The broader effectiveness must also be considered in the context of Russian hybrid warfare objectives. The successful downing of a cargo plane would create significant shock and disruption, even the exposure of such a plot serves Russia’s goals of sowing fear, demonstrating capability, and forcing Western nations to expend resources on the enhancement of security measures. The psychological impact of knowing that potentially dangerous devices could be present in everyday shipments carried by air can and will erode public confidence in transportation networks. Further, attribution of the plot to Russian FIS exacerbates existing tensions and reinforces the narrative of Russia as a hostile and unpredictable actor.

Russian FIS’s plot to plant incendiary devices on DHL cargo planes flying over Europe represents a serious and sophisticated attempt to conduct sabotage against Western infrastructure. The use of concealed incendiary devices, the exploitation of the air cargo network, and the involvement of the GRU align with Russia’s broader hybrid warfare strategy. Russia’s plan exposed vulnerabilities in air cargo security and highlighted the persistent threat posed by adversarial FIEs generally, and Russia more specifically. The incident serves as a stark reminder of the need for continued vigilance, enhanced security measures, and robust intelligence liaison to counter covert bullshit of this nature that are clearly aimed at destabilizing global systems. The plot underscores the evolving landscape of Russia’s willingness to do engage in unacceptable methods, international security more broadly, and the critical importance of understanding the motivations, methods, and capabilities of adversarial intelligence services.

Sources:

Associated Press. (2024, November 5). Western officials suspect Russia was behind a plot to put incendiary packages on cargo planes. PBS NewsHour.
 
Business Standard. (2024, November 5). Russia suspected of plotting to send incendiary devices to US on planes. Business Standard.
 
CSIS. (n.d.). Russia’s Shadow War Against the West. Center for Strategic & International Studies.

EUvsDisinfo. (2024, November 26). Disinfo: The West organised the DHL cargo plane crash in Vilnius to blame Russia. EuvsDisinfo.
 
Newsweek. (2024, November 5). Russia Suspected of Plot to Put Incendiary Devices on US-Bound Planes. Newsweek.

Politico.eu. (n.d.). Europe is under attack from Russia. Why isn’t it fighting back? Politico.eu.

Radio Free Europe/Radio Liberty. (n.d.). A Russian Airline Bomb Plot? What We Know About The Polish PM’s Accusations. Radio Free Europe/Radio Liberty.

The Record. (2024, November 5). Lithuania: Russian military intelligence behind plot to parcel bomb cargo planes. The Record.

UNN. (n.d.). Incendiary devices in parcels in Europe: Russian intelligence services are behind the sabotage – investigation. UNN.

UNITED24 Media. (2024, October 15). Suspected Russian Sabotage Nearly Caused German Plane Crash, German Intelligence Chief Says. UNITED24 Media.

Share this post:
Posted on

The DeepSeek Threat: A Counterintelligence and National Security Concern

deepseek, intelligence, counterintelligence, espionage, counterespionage, export control, spy

Artificial intelligence (AI) is emerging as a transformative force in global economic, technological and military domains. Among the newest threats in the domain of adversarial AI is “DeepSeek,” a China-based generative AI platform. According to the bipartisan House Select Committee on the CCP, DeepSeek poses a serious national security risk to the United States, and I pose a grave counterintelligence one as well. I agree with the Committee’s four primary findings regarding DeepSeek and have included here some corroborating evidence and light analysis of the platform’s broader counterintelligence implications.

I. Data Funnel to the PRC through Military-Linked Infrastructure

DeepSeek funnels Americans’ data to the PRC through backend infrastructure connected to a U.S.-sanctioned Chinese military company. This is consistent with open-source cybersecurity and export control reporting. DeepSeek is affiliated with Beijing DeepSeek Technology Co., which maintains close technical cooperation with state-controlled firms like Tsinghua Tongfang Co., a subsidiary of China Electronics Corporation (CEC), a company sanctioned by the U.S. Department of Defense for its affiliation with the People’s Liberation Army (PLA). U.S. officials have long warned that Chinese firms (even ostensibly private ones) are legally required under China’s 2017 National Intelligence Law to support state intelligence activities. Thus, even passive collection of user queries and metadata from American users can be directly routed to China’s military-civil fused architecture. Cloud traffic analysis tools confirm that some of DeepSeek’s endpoints resolve to IP addresses controlled by Alibaba Cloud and Huawei Cloud, two platforms repeatedly identified for surveillance and data harvesting risks.

II. Covert Propaganda Alignment with CCP Objectives

DeepSeek’s second threat involves covert manipulation of search and response results to align with CCP propaganda. Chinese 2021 ‘Regulations on Recommendation Algorithms’ mandates that AI systems uphold “core socialist values.” Content analysis of DeepSeek’s outputs reveals alignment with these mandates. For instance, when queried about events such as the Tiananmen Square massacre or Uyghur internment camps, DeepSeek either deflects, omits content, or offers CCP-aligned narratives. This contrasts with U.S.-based LLMs that provide factual accounts supported by open-source citations. This form of algorithmic censorship mirrors practices deployed by Baidu and Sogou and serves as a soft power tool for narrative control.

III. Theft of U.S. AI Models through Distillation Techniques

The Committee finds that DeepSeek likely used model distillation to unlawfully replicate U.S. LLMs, a postulate supported by emerging AI security analyses. Distillation, a process whereby a smaller model is trained to mimic a larger one, is legal when trained on open data but when done using unauthorized API access or scraping against licensed outputs, it constitutes intellectual property theft. Reports from AI security firm Mithril Analytics suggest that DeepSeek’s model shows pattern duplication, formatting, and semantic behavior strikingly similar to OpenAI’s GPT-3.5 and Anthropic’s Claude-1.6 This aligns with China’s broader strategy of intellectual property misappropriation, which the Office of the U.S. Trade Representative has labeled a “national policy.”

IV. Use of Prohibited NVIDIA Chips in Defiance of U.S. Export Controls

The fourth finding, that DeepSeek operates on advanced U.S.-made chips which circumvent export restrictions, reflects a broader problem of enforcement challenges in U.S. semiconductor control policy. According to internal supply chain tracking data and reporting from The Information and Reuters, DeepSeek appears to operate on thousands of NVIDIA A100 and H100 GPUs. These high-performance chips were restricted for export to China under the Biden Administration’s 2022 CHIPS Act enforcement measures. Nevertheless, Chinese AI companies have procured these processors through shell companies and resellers in Singapore, Hong Kong, and the UAE. The massive computing power needed to train and operate a GPT-scale model would be nearly impossible without these restricted components, confirming that DeepSeek benefits from illicitly obtained U.S. hardware.

Counterintelligence Threat of DeepSeek

DeepSeek poses a significant and multifaceted counterintelligence threat to the United States and its allies. The platform’s capacity to collect metadata, behavioral data, and potentially personally identifiable information (PII) from Americans creates an intelligence bonanza for Chinese FIS. Unlike traditional espionage, AI systems like DeepSeek operate invisibly and at scale, accumulating user data that can be used for profiling, influence operations, and further AI training purposes that effectively turn every American interaction into an exploitable data point.

DeepSeek represents a vector for information warfare. By manipulating answers to politically sensitive questions, promoting false equivalency in authoritarian narratives, and suppressing democratic values, the platform operates as a digital emissary of the CCP’s ideological and subversive goals. Such influence is subtle, persistent, and if not countered, capable of reshaping discourse as we have observed within our own political discourse.

The use of stolen U.S. intellectual property to build DeepSeek creates long-term strategic disadvantage. This is not a new peril. Not only does IP theft compromise American innovation, but it enables a hostile foreign power to accelerate its AI capability with limited investment. The widespread use of DeepSeek in academic or research settings could further enable China to monitor cutting-edge developments in Western institutions of higher education, R&D laboratories and to conduct surveillance on American professionals for recruitment by Chinese FIS or its allied FIEs.

Further, the misuse of restricted U.S. technology in DeepSeek is a direct challenge to the U.S. export control regime. The failure to prevent such chips from reaching adversarial AI projects undermines the deterrent effect of these restrictions and signals enforcement vulnerabilities to other hostile actors. This threat is potentially multiplicative as the CCP may allow restricted technology delivery to other state and non-state threat actors.

These grave threats demand a comprehensive counterintelligence and more broadly, national security strategy, one that includes aggressive export control enforcement, increased funding for AI provenance tracking, sanctions against companies that enable illicit procurement, and public awareness campaigns warning users of the risks posed by foreign AI platforms. Data is NOT merely informational. It is strategic. DeepSeek, if left unchecked, could be the spearhead of the CCP’s broader ambition to dominate the next frontier of digital power.

~ C. Constantin Poindexter, MA in Intelligence Studies, Graduate Certificate in Counterintelligence, JD, NICCS/CICS Certified OSINT

Footnotes

U.S. Department of Defense. “DOD Releases List of Additional ‘Communist Chinese Military Companies’ Operating in the U.S.” (2020).

National Intelligence Law of the PRC, Articles 7 and 10 (2017).

Recorded Future. “Chinese Cloud Providers and the Global Data Exfiltration Risk.” (2023).

Cyberspace Administration of China. “Provisions on the Administration of Algorithmic Recommendation for Internet Information Services.” (2021).

Freedom House. “China’s Model of Digital Authoritarianism.” (2022).

Mithril Analytics. “Behavioral Fingerprinting of LLMs: Identifying Unauthorized Model Replication.” (2024).

Office of the U.S. Trade Representative. “2023 Special 301 Report on Intellectual Property Rights.”

The Information. “Inside China’s Underground Chip Market.” (2024).

Reuters. “Exclusive: China’s AI Firms Bypass U.S. Chip Ban with Grey Market Imports.” (2024).

Share this post:
Posted on

The Challenge of Spying on China

spy, spies, espionage, counterespionage, intelligence, counterintelligence,carlyle poindexter, constantin poindexter

The WSJ article on Wednesday (Challenge of Spying on China) is a sad reminder of the United States Intelligence Community’s apparent failure to accomplish any broad covert or clandestine penetration of the People’s Republic of China (PRC) in recent history. The lack of HUMINT human intelligence sources (HUMINT) with meaningful access and placement deprives us of insight into Chinese decision making, immediate strategic threat intelligence and perhaps more importantly, gravely impairs U.S. offensive counterintelligence operations.

Moving beyond the obvious difficulties with HUMINT operations within the PRC, reminiscent of the Cold War hostile operational environments, the Intelligence Community is overdue for a paradigm shift in human asset recruitment methodology. For the better part of the last century, the United States Intelligence Community relied on a steady flow of “walk-ins”, volunteers from opposing foreign intelligence services or governments that offered their countries’ secrets. Intelligence officers enjoyed a large degree of success based on a fairly global perception that Americans were the “good guys”, representatives of the land of fairness, equality and justice, qualities that stood in stark contrast to the ruthless and despotic republics from whence they came. Unfortunately, the mystique has faded leaving outsiders to wonder if the values that we promote to the world are nothing more than a hypocritical farce. Mass diffusion of the “Big Lie” throwing fair elections into question, an attempted coup d’etat by an outgoing president, and military involvement under highly questionable intelligence assessments erode the view once held that the United States is the “shining beacon to the oppressed”.

Chinese citizens enjoy a better standard of living than at any time in China’s history. China can rightfully boast that it is a world power and its population can justifiably be proud of its progress. Personal financial success and pride in country promote loyalty. That there is no broad internal rejection of onerous mass surveillance, social credit controls and ethnic cleansing as is the case with the Uyghurs, is a testament to the PRC’s ability to deny facts, deceive its population and prevent the import of non-PRC approved “truths” about freedom and justice within China. The Chinese cultural tendency to identify with the collective rather than the individual is likewise amplified by the PRC’s massive social control machine, with opposing or antagonistic perspectives effectively blocked by the Great Firewall or simply drowned out of public discourse by the volumes of Party-approved propaganda. The PRC’s strategy has created an environment that is more resistant to traditional intelligence recruitment techniques such as economic coercion, ideology exploitation and ego-stroking. Chinese intelligence service recruiters lean on the cultural affinity of ethnically Chinese living in the United States to turn them into spies, coerce them by alluding to what might become of their families living in China or deploy the time-tested technique of guanxi to achieve intelligence asset recruitments. United States intelligence officers do not enjoy a parallel or equivalent.

FBI Director Wray stated, “We’ve now reached the point where the FBI is opening a new China-related counterintelligence case about every 10 hours.” The threat is grave and our twentieth-century countermeasures, techniques and tradecraft are not appropriate for what many in the Intelligence Community deem the greatest threat to United States national security. Retooling, reimagining the intelligence recruitment cycle and modernizing the way that we approach the recruitment of sources is imperative.

Share this post: