• Insight
  • 7 min read

Human Threat Intelligence and Illegals

The Beautiful Peruvian Jeweller That Turned Out to Be a Russian Spy

Recently several Russian so-called “illegals” have been exposed. Intelligence officers working under deep cover for many years, sometimes for decades. People close to them have had no idea that their life stories have been falsified.

The Legend of a GRU Agent

Her legend, i.e., back story, follows a pattern we have seen in other cases. She claims to originate from South America, the lovechild of a mother from Peru and a father from Germany, but she was raised in Moscow. According to her back story, the reason for that was that her mother traveled to the Soviet Union to attend the Olympic Games in 1980. For some unclear reason, she had to leave the country urgently and left baby Maria Adela in Russia with family friends – never to return. However odd the back story sounds, people she met in Italy and other places never questioned it. The story was probably convenient since no one would wonder why she traveled to Russia from time to time or why she knew Russian, although she was Peruvian.

Maria Adela studied gemology in Rome, opened a jewelry and luxury items boutique, moved to an elegant district by the coast, and was soon a fixture on the local social scene. She became the secretary of the local Lions club, a charitable organization attended by several members of the NATO command center in Naples. These contacts led to her interacting with other NATO staff as well, and she is even supposed to have had a romance with one of them. She attended the annual US Marine Corps Ball, fund-raising dinners, and many other events organized by NATO or the US military. To summarize – she was a trusted and appreciated businesswoman with potential access to people and information of interest to Russia.

The Exit – Exposing Identities of Russian Spies

On September 15, 2018, she bought a one-way ticket from Naples to Moscow, and since then, she has not been seen on the social scene of Italy again. The reason why this assumably very successful Russian intelligence officer suddenly left was probably because of an article. The day before, on September 14, the investigative journalism group Bellingcat published an investigation on the cover identities used by the two GRU officers responsible for the murder attempt on Sergej Skripal and his daughter in the UK. The investigation revealed how the GRU officers’ fake passports, along with other fake passports belonging to other intelligence officers, were consecutively numbered, allowing investigative journalists to expose more Russian spies by simply tracing such batches of numbers. When Maria Adela, or maybe I should say Olga Kolobova, left Italy for the last time, she used a passport from this same batch.

Different Methods, Same Purpose

Almost 500 Russian intelligence officers with diplomatic cover, working on embassies, trade representations, and consulates worldwide, have been expelled since the invasion of Ukraine. This is 500 intelligence officer that was most likely running several recruited spies per person and planning to recruit more. These expulsions are an interruption in Russian espionage, but that doesn’t mean they are out for the count. Besides, the now expelled intelligence officers with a diplomatic cover were known to the respective security services. The illegals are, at least most of the time, not. Maria Adela was not the first and probably not the last one. By all means, there are more out there, integrated into the society for years, believed to be good citizens.

The Russian intelligence services are known to be very active in human intelligence, take risks, and are inventive. According to an article in the Financial Times from June 27 this year, some of the expelled Russian intelligence officers are regrouping in Switzerland and continue to work from there. Switzerland, a country that has chosen to stay neutral and at the time the article in FT was published, still hadn’t expelled any Russian diplomats. In 2019 Bellingcat identified Geneva as being the likely operational hub of the GRU operatives responsible for several known intelligence operations, such as the attempts to hack into the OPCW (Organisation for the Prohibition of Chemical Weapons) as well as the World Anti-Doping Agency.

Other expected developments are more illegals, but maybe in a slightly different version. Due to biometrics, it becomes more and more difficult to pose as someone else. I believe we are to expect “semi-illegals,” people that do not deny they are Russians or have Russian connections but who change the rest of the story; why they left Russia, their real occupation, etc. We have seen this before, and we will see it again.

To Predict, Prevent and Detect Cybercrime

When you think of it, it’s sad that we need to be suspicious and can’t take others’ words for the truth. But it’s the same in the digital arena, isn’t it? Trust is good; control is better. That’s why we at Truesec Human Threat Intelligence help our clients with screening and vetting new employees and externals that will be given access on the inside. We have the tools and the experience to do this. We know how the threat actors work and sometimes try to infiltrate organizations of interest or recruit someone on the inside using a vulnerability they have managed to identify.

In Sweden, there is a current case with two brothers detained on suspicion of espionage. One of the brothers used to work for both the Swedish security service (SÄPO) and the military intelligence and security service (MUST) for several years without getting caught, positions that required vetting. Somehow, he managed to get both jobs anyway. We must stay humble; there is no guarantee that we, or any other qualified vetting team, will succeed every time. An illegal as “Maria Adela” is hard to expose. Hard – but not impossible. We have been able to help our clients to stop more than one recruitment of candidates with ties to foreign intelligence services. Recruitments that most likely would have caused severe damage if they had not been stopped in time before the candidates got the chance to sign.

We all play an important part in the difficult task of preventing data breaches and loss of information. While most people working in cybersecurity focus on technical threats and technical security solutions, Human Threat Intelligence is about people and the human factor. Combine these two angles, and you get a 360-degree perspective on cyber security. Pretty powerful.

Spy stories are indeed intriguing, but that is not the main reason for this blog post. It is rather to remind us that espionage comes in different shapes and that threat actors still use what people might call old-school methods parallel to the more modern technical ones.

I recommend the articles below for those who want to learn more about human intelligence and illegals. If you want to find out how we can help your organization to counteract, come and talk to us!

Socialite, Widow, Jeweller, Spy: How a GRU Agent Charmed Her Way Into NATO Circles in Italy – bellingcat

The Brazilian Candidate: The Studious Cover Identity of an Alleged Russian Spy – bellingcat

The Model Estonian Soldier Who Spied for Russia – The Atlantic