What Kremlin agents are doing in Poland

What Kremlin agents are doing in Poland
© EPA-EFE/TOMASZ WSZCZUK   |   Polish soldiers install barbed wire along Polish border with the Russian exclave of Kaliningrad, near Zerdziny village, north-eastern Poland, 02 November 2022.

From cyberattacks to railway disruptions, Poland faced during the past several months a wave of incidents, many of them having the hallmarks of Russian intelligence.

Russia is testing Poland, the authorities in Warsaw are reluctant to inform the public

Since the beginning of the Russian invasion of Ukraine, Russia has been carrying out many different subversive, sabotage and disinformation actions in Poland: starting from publishing pro-Kremlin propaganda and false information on social media to pit Poles against Ukrainians (and thus weaken public support for Ukraine fighting against Russia), and ending with old-style espionage activities that pose a direct threat to Polish citizens.

The far-right government in Warsaw is hesitant to inform about any such activities of the Kremlin, it often does not know or consciously hides the facts (in December 2022, a Russian rocket fell in the forest near Bydgoszcz in northern Poland - it was found by a random person who went for a walk; a story of the Ukrainian anti-aircraft missile that killed two Poles in the village of Przewodowo was first reported by the Americans – many hours before the official statement of the Polish MoD and the President). What contributed to the dismantling of a group of young amateur spies was not the secret services, but the report of a citizen who noticed a suspicious camera attached to a tree.

The former head of the Foreign Intelligence Agency (in 2015-16), Colonel Grzegorz Małecki, analyzing recent events indicating the high activity of Russian agents on Polish territory, said that "Russia is testing various methods of action, from which it will choose the most appropriate one when the time comes."

Russia, suspected of being behind a wave of incidents targeting the Polish railway system

It is no secret that the Russians are particularly interested in railway lines in Poland – they are a key element of the weapons transport system to Ukraine. So whenever something sudden and disturbing happens on the tracks (and a lot has happened recently), there is an immediate assumption that Moscow is behind the events. This cannot be ruled out, although it is not certain whether Russian agents are actually responsible for the recent emergency stops of trains that took place in the northern and eastern regions of Poland. As usual, the authorities are giving away little information, so we only know that two people have been detained in connection with the case.

There were "Radio Stop" hacks (I’ll relate to this in a moment), three train derailments and one train collision at the end of August; in previous weeks, several trains were diverted to the wrong tracks. In spring, a group of young amateur spies who were also supposed to be operating on the Polish railways was detained – a fact first reported by the American press and only later confirmed by the Polish authorities. In mid-September, the Kremlin's leading propagandist, Vladimir Solovyov, said on Russian television: "We must attack Poland, the base where all these weapons reach. We need to hit the factories that produce it. There are no other options. This is war. A war that is already obvious. We are at war with universal evil.” Should his words be treated as a serious threat?

The "Radio Stop" system was introduced after a series of tragic railway disasters in the 1970s and 1980s. It is based on radio communication and allows the driver (or, in practice, anyone who has a walkie-talkie and knows the appropriate frequency) to briefly suspend railway traffic in a given area. According to railway workers, this simplicity has saved the lives of passengers many times, but it is also a weak point in the system - nearly 600 hacks into "Radio Stop" are reported every year. The former head of the Foreign Intelligence Agency, Colonel Grzegorz Małecki, believes that the Russians may now be testing the response of the Polish services and new methods of operation. After the 2022 expulsion from Poland of several dozen diplomats who were accused of espionage, Russia can no longer rely on its residency and is probably looking for new methods.

"Just because one group has been detected doesn't mean there aren't others. It is likely that the Russians wanted Polish counterintelligence to engage in identifying a group of amateurs to divert attention from other activities,” said Colonel Małecki. “We know that Russian services are interested in Polish railway lines, so we need to secure key places and eliminate the weakness of train traffic control. I have been warning about the risk of hacking into the railway IT system for years. Traffic control technologies were developed in cooperation with companies controlled by Russian firms suspected of having links with the secret services.

Who spied on the computers of a strategic Polish arms company?

In recent months, there have been two very serious hacks into the IT systems of military institutions. As a result, data of the highest importance for the security of Poland and the entire NATO was leaked. The first story concerns the Nitro-Chem plant in Bydgoszcz - the largest producer of TNT in NATO, but also the producer of, among others, missiles and warheads, anti-tank mines and aircraft bombs. The Bydgoszcz-based company has supply certificates for the United States Army, which is the largest recipient of Nitro-Chem products. They are also purchased by Canada, Israel, France, Great Britain, Spain and Scandinavian countries. The Polish company also supplies explosives to Ukraine fighting against Russia. Last year, the company achieved the highest revenue in history - almost EUR 65 million. Gigabytes of secret information of the highest importance for the security of the state and the North Atlantic Alliance flow through its IT system, exactly the information in which the Russians are keenly interested. Cybersecurity specialists emphasize that Nitro-Chem has data of the same importance as that stored by the Military Intelligence Service.

The results of an audit aimed at checking the company's IT security are dizzying. Network administrators installed remote login programs on the computers of strategically important employees (without their consent), which excludes them from being used by people with access to classified information. This meant that the user did not have to consent to a stranger accessing his computer, reading its content, downloading any files or even making changes to documents. IT system administrators not only had access to strategic employees' computers, but also used the spy program to view and disclose the information they obtained. Emails were not encrypted. The employees responsible for the company's digital security turned out to have no IT education, and their employment contracts did not contain a clause on confidentiality or liability for disclosing confidential information. They admitted that they installed the spy software at the request of the company's previous CEO and financial director, but to this day it has not been possible to determine where the strategic data leaked. Did they go to entities in Poland or did they go abroad?
"This data may concern the most closely guarded information regarding the defense of countries such as the USA or Israel. Secondly, the plant in Bydgoszcz, the largest producer of explosives, may be a prime target for any enemy,” said former Minister of National Defense Janusz Zemke. "It is not known whether we are dealing here with industrial espionage, sabotage, the activities of a criminal organization or foreign intelligence services. All this needs to be determined,” comments Col. Maciej Matysiak, former deputy head of the Military Counterintelligence Service, and the Stratpoints Foundation expert. Taking into account that a few years ago the Russians attacked an explosives warehouse in the Czech Republic, the laconic statements from the most important people and institutions in the country are surprising. These institutions, who answer directly to president Andrzej Duda, wash their hands of it, claiming that these are internal company matters. The Nitro-Chem IT system was checked by the security unit of the Polish Armaments Group, which determined that there was no data leak. Let’s hope that’s true.

A hacker attack paralyzed the largest Polish military university

While in the case of the Nitro-Chem company it is unclear who exactly is behind the data leak and who came into possession of it, it is much easier to find a Russian trace in the hack into the IT system of the largest Polish military university, which also happened this year.

On July 10, a day before the NATO summit in Vilnius, a group of hackers operating under the name CyberTriad published a short post on Twitter (today it’s called X): "07/11/23 #NATO #Cyberattack EXPECT US”. In the following days, hackers launched attacks on the IT systems of several companies and institutions in Poland and Lithuania. There are many indications that most of them repelled the attack, but on July 11 – again on Twitter – the group boasted that they had encrypted computers of the War Studies Academy (ASzWoj), the largest Polish university where future Polish commanders are educated. CyberTriad supplemented its post with the comment: "We can no longer Watch as the US and NATO lead society into World War III." As an evidence of their successful hack, they published screenshots showing, among other things, the structure of an armored brigade, and a scheme for conducting exercises using the command support system code-named "Jaśmin" (Jasmine). Cybersecurity experts agree the files were intended to make the Polish side aware that military data located on ASzWoj network computers and servers had been stolen.

The messages published by CyberTriad (slandering Ukraine, Poland, NATO and the USA) on Twitter and on the Telegram channel indicate that the group is linked to Russia. In one of their posts on Telegram, they wrote: "Poland should stop pushing NATO towards a conflict with Russia and China." To this day, many university employees do not have access to e-mail or cannot use computers at all. It is still not known how much and how important data the hackers managed to intercept. "This attack was intended to show the enemy's capabilities and test our security. The goal was achieved. The largest military university was paralyzed for many months. The effects may be felt for a long time” said Col. Marek Matysiak, former deputy head of the Military Counterintelligence Service.

The new "anti-spying" law – a tool against foreign intelligence agents that could be turned against "problematic” journalists and opposition politicians

At least once a month, the Internal Security Agency (ABW) informs about the arrest of spies. Nearly 20 people have been arrested this year, the last one in August. He was a 39-year-old citizen of Belarus who took part in the reconnaissance of military facilities and ports. In June, a Russian hockey player playing for the Polish club Zagłębie Sosnowiec was detained on espionage charges as well.

In July, MPs from Law and Justice Party and the Polish People's Party passed a bill that drastically tightens penalties for espionage and expands the scope of activities of the secret services. Sentences for espionage would go up to 5 to 30 years, from 1 to 10 years before. The law also introduces new types of espionage, covering new behaviors. Thus, persons who participate in the activities of foreign intelligence and conduct disinformation are to be sentenced to between eight and 30 years in prison. Disinformation is defined as "the dissemination of false or misleading information" in order to cause serious disruptions in the state system or economy, or to influence the authorities.

Poland’s conservative government is saying that the new law was necessary because of the changes in the geopolitical situation and the greater activity of foreign intelligence services after the Russian invasion of Ukraine. "We must be aware that the intelligence war against Poland continues and it is a real threat to our country,” according Stanisław Żaryn, Secretary of State in the Prime Minister's Chancellery.

Not everybody is convinced, though, that this is the best way to fight espionage, especially when it comes to the provisions regarding disinformation. Most opposition MPs abstained from voting.

"We need to consider whether this is not an attack on freedom of speech and the freedom of information flow,” said lawyer and Left Party MP Krzysztof Śmiszek. This risk was also pointed out by the Helsinki Foundation for Human Rights and the Panoptykon Foundation in their opinion: "Frequent initiation of criminal proceedings against people sharing false or inaccurate information on social media may lead to a chilling effect."

The new regulations do provide intelligence services with new tools and even greater powers (in espionage cases, the Internal Security Agency will be able, among other things, to wiretap suspects without court consent). But this raises the risk of the secret services being used in a manner inconsistent with the purpose of their establishment. To see how this could unfold, it’s enough to have a look at what Putin’s regime is doing. Russia’s prisons are full of "foreign agents": journalists, activists, lawyers and opposition politicians.

Other news
The Biden – Xi meeting did not settle the bilateral issues, but it did reduce tension

The Biden – Xi meeting did not settle the bilateral issues, but it did reduce tension

Joe Biden and Xi Jinping agreed, among other things, to establish a direct line of contact. It is a step forward in the bilateral relationship, after years of tensions.

The local election in the Republic of Moldova: a victory of the (pro)Russians?

The local election in the Republic of Moldova: a victory of the (pro)Russians?

The results of the local election in the Republic of Moldova point to a decline of pro-European factions, after a campaign marked by Moscow’s interference and disinformation, as well as scandals generated by pro-Russians.

Ukraine: war fatigue grows after counteroffensive fails

Ukraine: war fatigue grows after counteroffensive fails

Ukraine has entered a new phase of war fatigue caused by the prolongation of hostilities. There are growing signals of a crisis among the military personnel, mistrust in the authorities, and society's difficult adjustment to a war that is lasting more than envisaged.

EBOOK> Razboi si propaganda: O cronologie a conflictului ruso-ucrainean

EBOOK>Razboiul lui Putin cu lumea libera: Propaganda, dezinformare, fake news

More
The Bulgarian government is taxing Russian gas amid domestic political tensions
The Bulgarian government is taxing Russian gas amid domestic political tensions

Bulgaria’s government decision to add tax to Russian gas brought tensions with Hungary and Serbia, and yet another clash with pro-Moscow President Rumen Radev.

Poland: PiS plans to hold on to power even under a Donald Tusk-led government
Poland: PiS plans to hold on to power even under a Donald Tusk-led government

After years of conservative rule, most Poles voted for the opposition parties. The conservatives are nonetheless poised to remain influent through the public institutions they control.

The Slovak Elections, the Czech Republic, and Russia
The Slovak Elections, the Czech Republic, and Russia

Elections in Slovakia were closely followed in Prague, as the results may serve as an indicator of the direction in which social moods might evolve in the Czech Republic.

Michael Švec
17 Oct 2023
Russia’s levers in the Republic of Moldova
Russia’s levers in the Republic of Moldova

The war in Ukraine has accelerated the process by means of which the Republic of Moldova has been distancing itself from Russia. After the elimination of economic and energy dependence, Moscow's remaining levers are pro-Russian propaganda and parties.

Is Poland ready for change?
Is Poland ready for change?

Poland’s liberal opposition hopes to break the ruling PiS’ long spell in power at the October 15 elections. The conservatives are betting on harshening their tone towards Ukraine, and the EU.

Viktor Orbán is showing signs of despair
Viktor Orbán is showing signs of despair

Viktor Orbán’s aggressive speech delivered in the Hungarian Parliament is evidence of Hungary’s lack of solutions to an economic crisis amplified by Orbán’s own policy-making, as well as of its growing isolation at EU and NATO levels.