Hackers, Hoodies, and Helmets: Technology and the changing face of Russian private military contractors | #government | #hacking | #cyberattack


Issue Brief

July 25, 2022

Hackers, Hoodies, and Helmets: Technology and the changing face of Russian private military contractors

By
Emma Schroeder, Gavin Wilde, Justin Sherman, and Trey Herr

Introduction

The first time Russia invaded Ukraine in the twenty-first century, the Wagner Group was born. The now widely profiled private military company (PMC) played an important role in exercising Russian national power over the Crimea and portions of the Donbas—while giving Moscow a semblance of plausible deniability. In the near decade since, the Russian PMC sector has grown considerably, and is active in more than a dozen countries around the world. PMCs are paramilitary organizations established and run as private companies—though they often operate in contract with one or more states. They are profit-motivated, expeditionary groups that make a business of the conduct of war. PMCs are in no way a uniquely Russian phenomenon, yet the expanding footprint of Russian PMCs and their links to state interests call for a particularly Russian-focused analysis of the industry. The growth of these firms and their direct links to the Kremlin’s oligarch network as well as Moscow’s foreign media, industrial, and cyber activities present a challenge to the United States and its allies as they seek to counter Russian malicious activities abroad. 

As signals intelligence and offensive cyber capabilities, drones and counter-drone systems, and encrypted communications become more accessible, these technologies will prove ever more decisive to both battlefield outcomes and statecraft. More exhaustive research on these issues is necessary. The ongoing conflict resulting from Russia’s second invasion of Ukraine in this young century seems likely to shape the conduct of Russian foreign policy and security behavior for years to come—and these firms will play a part. 

The activities of these PMCs include high-intensity combat operations, as evidenced in Syria in 2018 and Ukraine in 2022, and a mix of population control, escort and close protection, and local direct-action activities, as seen in Libya, Mali, and elsewhere. Given the sourcing and dependence of Russian PMCs on Russian military service personnel and no small influence of Russian doctrine, the questions to reasonably ask include: How do changes in the Russian conduct of war and adoption of new technologies influence these PMCs? Moreover, how might these technological changes influence the role these PMCs play in Russian strategic goals and activity abroad? 
 
The accelerating frequency of PMCs found operating around the world and the proliferation of private hacking, surveillance, and social media manipulation tools suggest that Russian PMCs will pose diverse policy challenges to the United States and allies going forward. This issue brief seeks to offer an initial exploration of these questions in the context of how these PMCs came about and how they are employed today. The section below addresses the origin and operations of PMCs in Russian international security strategy, and also profiles the changing role of technology in conflict and the activities of these PMCs. The last section closes with a set of open research questions. 

PMCs in Russian international security strategy and the influence of technology

Historically, Moscow has benefited from using mercenaries to advance its aims abroad. Imperial Russia extensively deployed Cossack brigades in the Napoleonic wars and, domestically, to quell peasant uprisings. Tsar Aleksandr II used them as a tool to balance pan-Slavic fervor against the imperial policy of nonintervention in the burgeoning Balkan-Ottoman conflict of the 1870s. Joseph Stalin rallied sympathetic brigades in support of the Republican faction in the late 1930s Spanish Civil War. More recent conflicts demonstrate the abiding imperatives which make PMCs an attractive tool of Russian statecraft. 

The number and prevalence of Russian PMCs as a turnkey model deployed in service of Moscow’s niche foreign objectives have increased over the past decade. Russian PMCs provide the Russian government and, if applicable, their overseas clients (foreign governments and/or companies) with a range of capabilities to augment or mimic Russian military and intelligence activity. This includes training foreign armed forces and groups, providing armed security/protection, conducting “political warfare” (from assassinations to running drones), and performing military-style functions. It also potentially includes surveillance and cyber(ed) activities that could be reliant on industry capabilities or further built out in the future. Moscow exercises control and provides support for these capabilities to varying degrees, and each of these capabilities feeds into benefits for the PMCs and for the oligarchs at their helm. 

Training military forces abroad

Russian PMCs train foreign armed forces and groups. In the early 1990s, for instance, Rubikon, a security firm based in St. Petersburg and “supervised by Russian security services,” helped organize volunteers to fight for the Serbs in then-Yugoslavia. This trend has continued through to recent times, with Russia’s Vladimir Putin even publicly stating in 2012 thatRussian private military companies could be used to train foreign military personnel. Recently, it appears that Russian PMC ENOT Corp has run “military-type training camps for right-wing activists from foreign countries.” Russian PMCs in Libya have trained Libyan National Army (LNA) forces and even repaired their military equipment. And a July 2021 assessment from the US Office of the Director of National Intelligence  found that some “Russian private paramilitary groups” that are “trying to recruit and train Western RMVEs [racially and ethnically motivated violent extremists] to expand their reach into the West, increase membership, and raise money.”

These organizations also provide armed security/protection to government, corporate, and individual clients. Indeed, part of the Russian PMC industry outgrowth stems from the chaos in the post-Soviet period of the 1990s, when former Soviet soldiers, intelligence personnel, and other members of the security apparatus formed companies to provide security for businesses. In the early days of Gazprom, Rosatom, Rosneft, and Russian Railways—all state-owned enterprises—Russian PMCs protected their assets overseas. Years later,  then-Prime Minister Putin noted that PMCs could act as extensions of Russian influence in conducting such protection operations at important facilities abroad, outside of Russian enterprises. Russian PMCs have provided protective services in the Central African Republic, in Mali, and to energy fields in Syria, in addition to other countries.  

The Wagner Group deployed to Mali in December 2021, following the withdrawal of French forces from the country, to train the Malian Armed Forces (FAMa) and provide protection for senior officials. At the time, the French government attempted to stop the reportedly $10.8 million deal, but the Malian government defended the prospect of closer cooperation with Russia. Immediately upon the Wagner Group’s arrival, it began to construct a base near a Malian air force installation at Bamako’s Modibo Keita International Airport. FAMa, according to a Mali army spokesperson, “had new acquisitions of planes and equipment from [the Russians] . . . It costs a lot less to train us on site than for us to go over there.” Less than a month after the Wagner Group’s arrival, French reporting indicated that at least one Wagner member was injured when a FAMa convoy was attacked in the center of the country—where insurgents ambushed the convoy and employed an improvised explosive device against one of the armored vehicles, leading to a firefight. Though the Wagner Group’s mission in Mali is training local forces for direct combat, not engaging in it itself, the mission is clearly one that requires it to work in parallel with local forces and thus consistently places Wagner forces in combat situations. 

Resource security

While the Kremlin realizes strategic benefits from PMC operations worldwide, the PMCs themselves and PMC proprietors—often members of Putin’s inner circle of oligarchs—reap financial windfalls. Through opaque ownership structures and cutouts, the model essentially provides paramilitary muscle and political support in exchange for preferential access to—if not control over—mineral rights and other sources of rent extraction for Moscow and its oligarch class. Particularly in areas where the main sources of Russian economic might—arms and energy—are already prevalent like in Syria, PMCs act as a force multiplier and reinforce Moscow as an indispensable partner for regime stability. For instance, in Africa—where Russian arms comprise half the continent’s market, and Moscow looks to invest big in oil, gas, and nuclear projects—PMCs act as an insurance policy. 

In the Central African Republic, the Wagner Group has been used to bolster support for President Faustin-Archange Touadéra’s government—training local soldiers, protecting leaders, and providing security services at the country’s diamond mines—following the exit of French peacekeeping forces in 2017. Yevgeniy Prigozhin, the Russian oligarch known as “Putin’s Chef,” runs the Wagner group, a military force that is neither a single entity nor truly private or independent. The group also has close ties with the GRU and its direction appears dictated by the state, which aids in the procurement of contracts internationally. The group is funded partially through Prigozhin, but Wagner also receives direct foreign funding through its contracts. The Touadéra contract is a prime example. Many of the Central African Republic’s diamond mines have passed back and forth between government and rebel hands—a key source of funding for both the Touadéra government and the rebel groups. These mines, back in government hands, now fund Wagner. A portion of Wagner’s payment is provided in diamonds, avoiding formal financial systems and therefore international sanctions, and in resource extraction permits to Russian companies linked to Prigozhin. and Wagner, however, does not just deal with the government: it also has made deals with the rebels themselves to obtain illegally mined diamonds, cashing in on and likely exacerbating the conflict. Kimberley Marten, a scholar studying the Wagner Group, has suggested that Prigozhin may also use these connections and contracts to “engage in money-laundering or other criminal activity like smuggling, with the full knowledge and support of the Kremlin.” 

It is quite possible, as the Russian government outsources more activities to PMCs, that it increasingly does so with cyber and information operations. For the PMCs, especially those with foreign government and foreign corporate clients, it is likely that market demands for these capabilities—as part of protective services, military combat augmentation, or something else—will drive them to increasingly develop or procure newer surveillance and cyber capabilities as well. 

In operations less closely tied to Russian forces, PMCs may pursue or build on technical capabilities in a different manner, likely focusing on expanding their political warfare tool kit rather than combat adjacent capabilities. Security deployments to resource extraction sites are already profitable for the PMCs, but they also provide a wealth of strategic opportunities. PMCs in Africa, for instance, already conduct or work in tandem with Russian influence operations and the integration of additional technological capabilities may heighten their effects. More advanced capabilities, such as cyber intrusion, represent an opportunity for PMCs to add or strengthen the political warfare layer of their operations while reaping profit. 

Combat missions

In Ukraine in 2014, soldiers without insignia, dubbed little green men, illegally invaded, attacked, and occupied territory, laying the path for a full-on Russian invasion of the country in 2022. This incursion into Crimea and the Donbas region of Ukraine leveraged a loose confederation of militia members and nonuniformed volunteers in mostly ancillary roles like diversion and sabotage. Ukraine’s Security Service accused the Wagner Group of assassinating Luhansk rebel leaders who disobeyed Russian orders. The conflict served, in many ways, as a proving ground for PMCs that would later deploy to other theaters like Syria and Libya—where their combat and support roles would become far more substantial and integrated with the Russian military. And where Wagner would prove the more professional, capable, and better equipped. 

PMCs like the Wagner Group perform military-style functions, engaging in armed combat, sometimes alongside the Russian military. In the fall of 2015, the Putin regime formally began its own intervention in Syria; by then, it had already sent hundreds of Wagner fighters into the country. Wagner forces have fought repeatedly in battles in Syria on behalf of Bashar al-Assad’s regime, both in the course of providing protection services and, in at least one instance, while Wagner fighters stayed at a GRU base in the country. Former Wagner fighters have described the PMC’s equipment in Syria as including “mortars, howitzers, tanks, infantry fighting vehicles, and armored personnel carriers” as well as man-portable surface-to-air missiles, anti-tank systems, and grenade launchers—conventional military equipment for the battlefield. Wagner took part in training and equipping Syrian regime forces alongside—but distinct from—uniformed Russian soldiers. 

As part of these operations, Russian PMCs leverage a range of surveillance-, cyber-, and intelligence-related capabilities—which appear to be growing in number. RSB Group set up a cyber attachment in 2016 that was reportedly capable of both defensive and offensive activities. Russian PMCs in Syria have placed “intelligence specialists” on the front lines of armed combat to “better direct Russian airstrikes and enable pro-regime ground maneuvers.” Other PMC units “recruit human intelligence sources, guide [intelligence, surveillance, and reconnaissance] platforms and systems, collect signals intelligence, and analyze intelligence and open-source information,” according to a Center for Strategic & International Studies report (citing a presentation by Kiril Avramov, a nonresident fellow at the Intelligence Studies Project at University of Texas at Austin). 

The widening adoption of surveillance and other technologies also poses a challenge to traditional PMC staffing and their own training, which may further pull companies in toward the Russian state. The classic pipeline for Russian service members to many PMCs begins in elite military units such as the VDV (abbreviation for Vozdushno-desantnye voyska, Russian Airborne Forces), Russian special forces, and various Spetsnaz formations—enabling them to serve a broad range of familiar functions, both embedded within and alongside Russian military forces. While these groups may provide a range of useful kinetic skills and small unit combat training, they are more likely to lead to specialized combat and maneuver skills like parachuting, covert insertion, and marksmanship rather than electronic warfare or cyber operations. The pipeline then for PMCs to support the acquisition and use of these technologies must look appreciably different, and source from new communities across the Russian armed forces. 

In Syria, Wagner has also taken contracts to secure resource extraction, specifically oil and gas. However, the presence of Western forces in the many-front conflict has complicated the mission, and members of the group have engaged in direct combat with the intention of protecting and preserving oil and gas access for the Assad regime. Wagner’s presence in Syria is perhaps best known for a 2018 incident near a Conoco gas plant in the eastern part of the country. A pro-Assad group that included Wagner forces launched an attack on a US-supported Kurdish outpost where US soldiers were present, resulting in the death of hundreds of pro-Assad fighters. The Pentagon later reported that in the hours leading up to the assault, US officials were in contact with their Russian counterparts and alerted them to an impending counterattack, but that the Russian command asserted that there were no Russians present. There is no evidence of Russian attempts to warn or interdict the Wagner forces on the ground. In the aftermath, the Russian Foreign Ministry said that “about five people who were ‘presumably Russian citizens’ may have been killed.” Yet, other reports pointed to “substantial losses.” Despite expectations that Wagner would lessen its presence in the region following the incident, companies linked to Prigozhin have gained contracts to develop and guard new oil and gas fields in Syria, including in the same region where the firefight with US forces took place. The additional contracts with the Assad regime follows—in no small part—the fact that Wagner receives payment at least partially in oil and gas, enabling it to skirt sanctions and financial regulations with its profit. 

Building on battlefield successes in both countries, Wagner emerged as Moscow’s premier PMC, as evidenced by Prigozhin’s appearance alongside Defense Minister Sergey Shoygu in deliberations with the LNA commander, Khalifa Haftar, in 2018. Reported tensions between Shoygu’s defense ministry and Wagner notwithstanding, by the February 2022 invasion of Ukraine, the integration of PMCs—particularly Wagner—in Russian military operations had matured significantly. The Digital Forensics Research Lab has monitored Wagner activity across Ukraine, including in Zaporizhzhia, Volodymyrivka, and Klynove. Wagner activities in Ukraine appear to be intertwined with the Russian military, including Spetsnaz special forces.  According to the UK Ministry of Defence, the Wagner Group was engaged in direct combat in Ukraine to reinforce front-line Russian military forces in the capture of Popasna and Lysyschansk. Wagner is seeing heavy casualties in combat, and increasingly, lost Wagner troops are being replaced with minimally qualified and trained recruits, including convicts. Indeed, Wagner’s experience in the comparatively permissive Syrian and Libyan theaters has proven insufficient to repeat their battlefield success, as they face far better trained and equipped Ukrainian forces. 

To the extent plausible deniability was ever a motivation for the Kremlin to rely on PMCs, their notoriety since 2014—Wagner’s in particular—reveals an equally likely imperative: expendability. Contracted mercenaries simply require less accountability from the state, cost far less than training and outfitting conscripts, and entail fewer potential domestic constraints. 

Moscow has long had to contend with the mothers of soldiers lost to war, and has a poor track record of transparency regarding conflict casualties. In Donbas earlier this year, Ukrainian officials allege that Russia deployed mobile crematoria to dispose of its fallen soldiers, rather than sending them home. The Kremlin was slow to acknowledge any casualties whatsoever, and the Defense Ministry has sought to classify the notification process for families. While he is unlikely to face substantial public backlash for the Russian military’s catastrophic performance in Ukraine, Putin’s continued insistence on characterizing the war as a “special military operation,” and his apparent reticence to call for a general mobilization to support it, signal some wariness of the war’s political ramifications. Meanwhile, as the war in Ukraine looks to grind further on, the demand for expendable forces is likely to increase. 

Against that backdrop, PMCs like Wagner are an attractive option because they shift at least some of the burden of war away from the state—particularly as they cast combat operations as a commercial enterprise, versus a political one. As Putin stated in late 2018, “We can ban the private security business altogether, but once we do that, I think you will get a lot of petitions to protect this labor market. As for their presence somewhere abroad, if, I repeat again, they do not violate Russian law, they have the right to work and push their business interests anywhere in the world.” 

Political warfare

Russian PMCs are also increasingly involved in conducting “political warfare” activities, ranging from subversive activities to assassination, reminiscent of the kinds of “active measures” that Soviet intelligence services deployed throughout the Cold War. In Syria in 2015, the Russian government spread propaganda prior to its involvement and used PMCs on the ground to augment its forces once in the country. In the Central African Republic in 2018, three Russian journalists who were investigating Wagner’s activities in Africa were killed, and while there is no conclusive documentation of the killer(s), the journalists’ driver that day was in contact with a police officer working with a member of the Wagner Group. Other reports describe PMCs as conducting political warfare activities such as kidnapping, sabotage, subversion, and blackmail. Moscow is increasingly placing cyber and information proxies overseas, to launch operations from within other countries and ostensibly to create deniability—such as establishing Russian Internet Research Agency (IRA) facilities in Ghana, Nigeria, and Mexico. In the Central African Republic, Prigozhin’s profit-seeking activities do not end with the Wagner Group. The oligarch has also built hospitals through his mining companies, created a Russian radio station with a wider reach than the state station, and created a children’s cartoon featuring a Russian bear saving its animal friends in Africa. Such activities exemplify the duality of PMC’s role in expanding Russian influence—pairing profit with propaganda. 

Prigozhin, in addition to heading the Wagner Group, is also at least partially responsible for the activities of the IRA, better known within the United States as the Russian Troll Factory. The US government has both sanctioned and indicted Prigozhin and associated companies in connection with IRA support of the 2014 invasion of Ukraine and its attempts to influence the 2016 US presidential election. Though this agency and the Wagner Group are not officially aligned, IRA activity has been uncovered in tandem with Wagner operations. A 2022 Twitter disclosure, for example, exposed a coordinated campaign within the Central African Republic of pro-Russian propaganda from both real and fake Twitter accounts linked to the IRA. In addition, Wagner’s activities in Mali appear closely buttressed by IRA efforts. In preparation for Wagner’s deployment to the country, “a coordinated network of Facebook pages in Mali promoted Russia as a ‘viable partner’ and ‘alternative to the West,’ encouraged postponement of democratic elections, and attempted to create local support for Wagner.” This disinformation machine also deployed earlier this year to deny and deflect responsibilities for massacres tied to the Wagner Group in Mali, such as those in Mourah and Gossi. 

Accessing offensive cyber and information technologies in the PMC community

The fusion of several quasi-state models of digital subversion with the paramilitary prowess of Russian PMCs should also not be ruled out. One dimension of Russian PMCs acquiring these capabilities is the possibility that they might access existing public/private relationships established by organs of Russian intelligence or even the commercial market. The commercial development, sale, and support of offensive cyber capabilities and electronic surveillance services includes dozens of firms, some of whom have access to the latest security vulnerabilities and considerable technical design and development talent. With the addition of boutique cyber-surveillance tools, like those developed by commercial outfits like NSO Group and DarkMatter, to disruptive attacks-as-a-service brokered by ransomware collectives, like REvil, PMCs could vastly expand their clientele among global autocrats and oligarchs—thus substantially enhancing their utility to the Kremlin. These latter companies could provide access to technology systems and are well-positioned to provide PMCs with intelligence gathering and ongoing high-value target surveillance capacity across the world. 

An alternative, especially in the case of offensive cyber capabilities, may be for these PMCs to partner with Russian private companies or state labs working as proxies for Russian military and intelligence organizations. In 2018, FireEye Intelligence pointed to Russia’s Central Scientific Research Institute of Chemistry and Mechanics as likely supporting the deployment of Triton, an operational technology-focused malware, and the US government later sanctioned the lab. The US government claims that a private Russian firm, Positive Technologies—which the US Treasury identified as supporting the Russian Federal Security Service (FSB) and sanctioned—continues to develop offensive cyber capabilities on behalf of the Russian government. Leveraging the capabilities of such organizations would prevent PMCs from needing to develop significant and costly new in-house talent or drawing the added scrutiny of Russian government authorities. 

Where do PMCs go from here?

Major course corrections in Russia’s geopolitical trajectory seem unlikely so long as Putin remains in power, and the trajectory of Moscow’s war effort in Ukraine remains speculative at best. Importantly, the driving forces for Russian PMC involvement in locations like Libya, Syria, Ukraine, Mali, and the Central African Republic appear diverse. In some instances, PMCs act alongside or immediately in lieu of still uniformed Russian forces. In other cases, these firms appear to be operating with greater independence, often with clear profit motive. 

Putin’s inner circle of oligarchs control and have interest in a wide range of industries, and often they and their close relatives are involved in various companies. These companies have several lines of revenue: thinly veiled authorized theft from the state, direct business revenue, and unofficially sanctioned criminal activity. In the oil and gas, entertainment, finance, and similar industries, this breakdown of oligarch profit is fairly straightforward. However, private military companies and those at their helm have a more complicated relationship with the workings of the Kremlin. 

The involvement of Russian PMCs in extractive and more purely profit-seeking activities raises questions about how their incentive structure will change in the aftermath of the ongoing war in Ukraine and in the face of the adoption and employment of new technologies in conflict. These include: 

  • What levers (sanctions, export controls, etc.) can the transatlantic community use to curb the flow of illicit kinetic and digital arms alike, not only to the Russian state, but to commercial entities or third countries that might enable PMCs? 
  • How can the United States and its allies and partners work together to disincentivize the use of PMCs for regime and mineral-deposit security among leaders in Africa and elsewhere? What alternatives can they offer? 
  • What lessons is the Kremlin drawing and not drawing from its full-on war on Ukraine? How might that shape future decision-making about PMCs and conflict? 
  • If the Russian military and state defense apparatus is involved with supplying PMCs, does that extend to technological and cyber capabilities today? Might it in the future, and if so, how? What do those relationships and dependencies look like? 

These quasi-private military forces are a useful tool that Russia can deploy to manage risk, foment instability, and exploit geopolitical and economic opportunities around the world in advance of, in addition to, or instead of Russian state capabilities. These groups, often run by Russian oligarchs, are employed in a wide range of operations that support, sometimes directly and sometimes more opaquely, Russian strategic objectives. The Russian state benefits from having a nominally independent additional reserve that can project force in places where state-tied operations may carry additional risk—from conflict zones where the state’s forces require additional support to areas of insecurity where PMCs can enrich themselves while projecting Russian power and influence abroad. 

The technological capabilities that these companies develop may serve as an indication of Russian strategic priority and perhaps its points of perceived weakness in the years to come. The wide remit of operations under the PMC umbrella means that there exists a foundation for these companies to develop in myriad ways. A more combat-focused PMC, for example, will not pursue the same technologies as a PMC focused on political warfare in non-warfare zones. The unique position of Russian PMCs—motivated both by profit and policy—exemplify the ongoing tension in Russia’s kleptocratic leadership and thus may be an effective way for the United States and its allies to understand Russian priorities and engage with them in a more persistent manner. 

About the authors

Emma Schroeder is an assistant director with the Atlantic Council’s Cyber Statecraft Initiative within the Scowcroft Center for Strategy and Security. Her focus in this role is on developing statecraft and strategy for cyberspace that are useful for both policymakers and practitioners.

Gavin Wilde a senior fellow at the Carnegie Foundation for International Peace and a nonresident fellow at Defense Priorities. He previously served as director for Russia, Baltic, and Caucasus affairs at the National Security Council, where his focus areas included election security and countering foreign malign influence and disinformation.

Justin Sherman is a nonresident fellow at the Atlantic Council’s Cyber Statecraft Initiative, where his work
focuses on the geopolitics, governance, and security of the global Internet. He is also a research fellow at the Tech, Law & Security Program at American University Washington College of Law, a fellow at Duke University’s Sanford School of Public Policy, and a contributor at WIRED magazine.

Dr. Trey Herr is the director of the Cyber Statecraft Initiative under the Scowcroft Center for Strategy and
Security at the Atlantic Council. His team works on the role of the technology industry in geopolitics, cyber conflict, the security of the internet, cyber safety, and growing a more capable cybersecurity policy workforce.

The Atlantic Council’s Cyber Statecraft Initiative, under the Digital Forensic Research Lab (DFRLab), works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.

Related Experts:
Emma Schroeder,
Justin Sherman, and
Trey Herr

Image: “Moth (pt. 1)” by Mariah Jochai is licensed under CC BY 4.0



Original Source link

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Leave a Reply

Your email address will not be published.

eight + one =