The West’s enemies have a new favorite cyber/kinetic war weapon: criminal gangs

Dealing with crime was once the domain of law enforcement, while threats from foreign countries were the responsibility of intelligence agencies. Today the lines are blurred.

[ Part 1 of a new series ] 

26 November 2024 Berlin, Germany) — Over the last few years I have written about the use of deception and low-intensity, nonconventional battle techniques that have affected the dynamics of war – both cyberwarfare and kinetic warfare. The techniques offer a much lower risk of casualties and provides anonymity, deniability and a high return on investment.

But there has been a noticeable shift. Russia has been recruiting criminals on social media to commit acts of sabotage across Europe. China has been outsourcing cyberattacks against the U.S. and Europe to private hackers. Iran is hiring teenage boys in Scandinavia to lob grenades at Israeli embassies. North Korea deals in drugs and cyber-fraud.

Politico, The Wall Street Journal Street and Wired magazine have each run a series on these, and related events: the massive cyber and kinetic war being waged by these countries against the West.

Over the next series of posts I will curate their findings, plus add my own research based on interviews I have had with cyberwar/kinetic war experts, members of the Western intelligence community, plus my visits to intelligence archives in Washington, DC , Berlin, Brussels and Paris.

 

Hassan Daqqou is known as the King of Captagon, an amphetamine-like drug produced mostly in Syria that has become the stimulant of choice across the Middle East. At his recent trial for drug smuggling, held behind closed doors in Lebanon, Daqqou said that he had collaborated with the Syrian Army and flashed an ID card from its Fourth Division, which is commanded by President Bashar al-Assad’s brother Maher, according to leaked court transcripts published by the Organized Crime and Corruption Reporting Project, a network of investigative journalists. He also admitted to working with Hezbollah, the Lebanese group that is at war with Israel and has a history of overseas terrorist attacks.

Numerous incidents in recent years have awakened Western intelligence officials to the problem. Among their allegations: Russia recruits criminals on social media to commit acts of sabotage across Europe. China outsources overseas cyberattacks to private hackers. Iran hires teenage boys in Scandinavia to lob grenades at Israeli embassies. North Korea deals in drugs and cyber-fraud. Even the Indian government contracted a notorious gangster’s associates to kill a Sikh separatist in Canada.

In July 2020, Italian police seized 84 million captagon tablets at the port of Salerno. The drugs, worth 1 billion Euros, were manufactured by the Islamic State group in Syria, which uses drug trafficking to finance its terrorist operations. 

The new threat is forcing Western governments to rethink decades of national-security and intelligence practices. “For a long time you have had governments that would be tolerating and engaging with criminal groups domestically,” said Vanda Felbab-Brown, director of the Initiative on Nonstate Armed Actors at the Brookings Institution. “What is now different is the explicit usage of criminal groups and other mechanisms for sabotage, assassinations abroad.”

Today’s criminal organizations are more powerful and globally connected than ever before; some international drug gangs have more cash and resources than many states. And social media has made it easier for governments and criminals to find each other.

For the gangs, destabilizing Western authorities helps their operations, and working for a rogue state can help them secure sanctuary. For governments, using criminals as proxies offers deniability and cuts the risk of retaliation. “The element of doubt means they can act without serious consequences,” said Edmund Walter Fitton-Brown, former coordinator with the United Nations’s sanctions panel on al Qaeda, Islamic State and the Taliban.

North Korea was an early mover into state-sponsored crime, primarily as a source of revenue. In 2010, the U.S. Army War College published a report on what the authors called Pyongyang’s “criminal sovereignty,” including government-led drug trafficking, currency counterfeiting and smuggling. Since the report, North Korea has branched into cybercrime and cryptocurrency theft.

Most of Pyongyang’s illicit activities are state-led, but other countries employ independent criminal groups, say analysts. Russia has long used criminals to conduct sabotage and assassinations, but these efforts became more visible after the 2014 annexation of Crimea and the 2022 full-scale invasion of Ukraine. Russia’s foreign military-intelligence agency, the GRU, “is on a sustained mission to generate mayhem on British and European streets,” Ken McCallum, director of Britain’s MI5 spy agency, said last month.

Moscow is tapping the social-media network Telegram, widely used by Russians, to recruit people to commit malicious acts, including mailing incendiary packages through commercial shipping networks, potentially causing passenger planes to crash. “We see the Russians are crossing red line after red line, using so-called Telegram agents,” said Michal Koudelka, director of the Czech Republic’s Security Information Service. These agents often don’t know that the person who hired them online is working for the Russian government. A Telegram spokeswoman said: Attempts at recruitment for illegal activity are not allowed and always removed by moderators.”

A man makes fentanyl in a clandestine laboratory in Sinaloa, Mexico, August 2022. China is the predominant source of precursors chemicals used by Mexican drug syndicates. 

Earlier this year, House Speaker Mike Johnson accused China of colluding with drug cartels, “backed by Cuba and Venezuela, to poison Americans with fentanyl.” China is the predominant source of precursor chemicals used by Mexican drug syndicates, including the Sinaloa cartel, to cook up fentanyl that is shipped to the U.S. 

Many intelligence analysts say Beijing turns a blind eye to drug gangs rather than actively supporting them. But the Biden administration has accused China’s Ministry of State Security of hiring criminals to conduct cyber espionage against American companies to gain unfair commercial advantage. European intelligence agencies have identified an ecosystem of private hackers that conduct cyberattacks on foreign targets, often in parallel with ones launched by the Chinese military and the security ministry. 

Russia also recruits among the global criminal hacking community and nurtures cybercriminals to conduct attacks on enemy soil, Anne Keast-Butler, director of the British signals-intelligence agency GCHQ, said earlier this year.

Iran is increasingly allying with drug bosses and gangsters to pursue perceived opponents in Europe and the U.S. A recent wave of suspected Iranian-ordered attacks include hand grenades thrown at the Israeli embassies in Stockholm and Copenhagen and a Spanish politician shot in the face in broad daylight after voicing support for an Iranian dissident group.

American law enforcement in July arrested a Pakistani national with alleged close ties to Iran after he tried to hire an undercover FBI agent posing as a hit man to assassinate a U.S. politician. Earlier this month, the Justice Department said it had charged an asset of Tehran who had been tasked with directing a criminal network to further Iranian assassination plots against President Trump and other targets.

The Israeli Embassy in Stockholm, seen here in January 2024, was attacked in October by teenagers affiliated with the gang of drug trafficker Rawa Majid.

Rawa Majid, the head of one gang contracted by Iran, is also known as the Kurdish Fox, after a nickname he used on the encrypted Encrochat phone service, which was later breached by European intelligence agencies. He has been on the run from Swedish authorities and Interpol for years, accused of murder and drug trafficking.

Last year, Majid was arrested in Iran after entering the country on a false ID, according to the Swedish government. Months later, Majid’s father told Swedish media that Iran had released his son. The Kurdish Fox hasn’t been heard from in public since, but experts in Sweden say he appears to be repaying Iran for his freedom with violent favors. Around the time of his release, teenagers affiliated with his gang attacked the Israeli embassy in Stockholm with hand grenades. Another teenager was caught in a taxi on the way to the embassy, carrying a semiautomatic weapon. Israeli intelligence believes Majid’s gangsters are acting on behalf of Tehran, potentially in return for protection.

Western security agencies are grappling with this new trend by reconsidering old distinctions.

“We have had counterterrorism, we have had counterespionage, and we have fought organized crime,” said Fredrik Hultgren-Friberg, spokesperson for the Swedish Security Service. “Formerly separate, isolated islands of security work are merging, and we have to develop our work in accordance with that,” he said.

Britain’s MI5 last month warned that crimes committed on behalf of hostile states would not be treated as merely a law-enforcement matter. “If you take money from Iran, Russia or any other state to carry out illegal acts in the U.K., you will bring the full weight of the national security apparatus down on you,” McCallum said. He added that Iran had ramped up its hostile operations on U.K. soil, hiring criminals “from international drug traffickers to low-level crooks.” The agency has recorded 20 known plots since 2022, mostly targeting dissidents or critics of the Iranian regime.

An arsonist set fire to a London warehouse holding relief aid bound for Ukraine, March 21. The man charged with the crime was accused of acting on behalf of Russia’s Wagner Group.

The U.K. has also introduced national-security legislation in response to the threat of hostile criminal activity, such as sabotage, espionage and assassination. Earlier this year, a British man was charged under the act for an arson attack against an east London warehouse linked to a Ukrainian businessman organizing aid for Kyiv. Prosecutors accused the man, Dylan Earl, of acting on behalf of Russia’s Wagner Group. 

China, Russia and Iran all use criminal groups to surveil and sometimes kidnap or attack dissidents abroad. Even friendlier nations have used such tactics on Western soil. Canada has accused Indian government officials of hiring gang members working for kingpin Lawrence Bishnoi to commit murder in Canada. Bishnoi, who is imprisoned in India, is so notorious in his homeland that he has become an object of pop culture fascination; he is the subject of a forthcoming web series, “Lawrence—A Gangster Story.” 

Earlier this year, Indian citizens living in Canada on student visas were charged with the 2023 murder of Sikh activist Hardeep Singh Nijjar. Canada’s allegation that they were working for the Indian government sparked a diplomatic brawl, with both countries expelling each other’s diplomats. Last month, U.S. federal prosecutors charged an Indian intelligence official with plotting to recruit a criminal to kill another Sikh activist on American soil.

The drug trade is one of the most fertile grounds for criminals pursuing political ends. Hezbollah, the Iranian-backed Lebanese group, is not only a political party in Lebanon and a U.S.-designated terror group. It is also a major international drug smuggler, which benefits financially from its alliance with the governments of Iran and Syria. The 2021 arrest in Lebanon of Daqqou, the alleged drug baron, showed how Hezbollah’s activities range from the deserts of the Middle East to the Persian Gulf and the ports of southern Europe. 

Daqqou came from a modest background and built his wealth transporting fuel for the Syrian al-Qaterji company, which the U.S. has sanctioned for brokering oil sales between the Assad regime and its nominal enemy, Islamic State. During the Syrian civil war, Daqqou allegedly used his contacts to facilitate captagon trafficking. 

Policemen escort drug kingpin Lawrence Bishnoi at court in New Delhi, India, April 2023. Canadian authorities have accused Indian government officials of hiring gang members working for Bishnoi to commit murder in Canada.

Syria’s government makes more than $2 billion annually from captagon, about half of what the infamous Colombian Medellín cartel made at the height of its powers. Hezbollah, whose fighters secure captagon labs and smuggling routes from Syria into Lebanon and Jordan, has used its drug profits to skirt sanctions and fuel its current war against Israel. Captagon has also reached Europe: Dutch and German authorities have busted captagon labs, and Italian police in 2020 seized a record haul of captagon pills worth more than $1 billion in the port of Salerno.

Experts say Hezbollah has recently shifted tactics, mirroring Iran’s practice of hiring mercenaries to attack its enemies. Last year in Brazil, where Hezbollah has long had a presence among a Lebanese diaspora of up to 7 million, authorities arrested two businessmen of Syrian and Lebanese origin. They were suspected of recruiting Brazilian nationals to attack Jewish targets, including two synagogues in the capital Brasília. One of the men, Mohammad Khir Abdulmajid, has spent time in Iran and fought as a member of Hezbollah in the Syrian civil war, according to Brazilian court documents reviewed by The Wall Street Journal.

While imprisoned, the two businessmen are likely to receive protection from the First Capital Command, or PCC, one of Latin America’s largest crime syndicates, which has a massive presence in Brazilian prisons. According to Brazilian media, the country’s intelligence agencies have for years documented links between Hezbollah and the PCC, which offers protection for Lebanese convicts held in Brazilian prisons in return for access to arms markets abroad.

“Hezbollah uses local Brazilians as soldiers,” said Maria Zuppello, a São Paulo-based author of a book on the convergence of drug trafficking and Islamist terrorism. “If you have a region entirely taken over by drugs, which is happening in Brazil, you have more elements to nourish your criminal operations.”

Western governments have traditionally had good reasons for separating intelligence from law enforcement. In the U.S., limiting the FBI to domestic policing and the CIA to foreign activities is meant to protect civil liberties and prevent the government from using espionage for domestic political purposes.

But in response to new threats, governments need to do more to collect intelligence on organized crime, Felbab-Brown said: “This needs to become a much higher priority because of the nexus and merger with state actors, but also because criminal groups can create enormously destabilizing outcomes in and of themselves.” 

Coming in Part 2:

Europe is under attack from Russia. Why isn’t it fighting back? Why have Western countries shied away from reacting to Kremlin acts of sabotage and terror?

 

Leave a Reply

Your email address will not be published. Required fields are marked *

scroll to top