Blog > Tackling Hybrid Warfare: The Salisbury Poisoning Three Years On

Mission


Tackling Hybrid Warfare: The Salisbury Poisoning Three Years On

It was 4:15 on an otherwise unremarkable Sunday afternoon in March 2018, when two people – a man and a woman – were found slouched over a bench in the middle of a crowded street in Salisbury. Drifting in and out of consciousness, the pair were said to be foaming at the mouth, their eyes staring blankly into space. This was not the effect of alcohol or drugs, but something the public would quickly learn to be far more sinister, the targeted release of a lethal chemical weapon on a UK city. Over the following months, the event would soon turn into one of the largest public health emergencies in history, spark an international manhunt and shine a light on the murky world of espionage and a new chapter of worldwide malign influence; hybrid warfare.

The story of Sergei and Yulia Skripal, poisoned by the Russian state with a chemical nerve agent – Novichok – on the streets of a middle-class city in rural England, quickly became international news and even a BBC mini-series. As an ex-Spy himself, Sergei Skripal had risked his life working for British intelligence, MI6, informing on the activities of covert Russian agents all around the world. Like any spy, risk was inherent, but as a double agent – keeping the trust of his Russian spy colleagues while also reporting on them to the British – the stakes were life and death. 

After an alleged ten-year career working undercover, something had gone terribly wrong. Perhaps an unusual behaviour of financial activity had sparked attention, perhaps communications had been intercepted, perhaps another double agent had informed on him. Whatever the reason, Skripal’s betrayal had been uncovered, and he was arrested for treason by Russian authorities in 2004. The Russian newspaper Komsomolskaya Pravda remarked that in Soviet times he would have been shot; but instead he was given 13 years in prison for “high treason in the form of espionage”. Less than 6 years later, in another dramatic movie-worthy twist, Skripal’s release from Russia was secured in 2010 in a classic ‘spy swap’ deal after a network of illegal Russian undercover operatives were discovered in the USA, including notables such as Anna Chapman. 

In his release, Skripal had settled down with his family in the comfort and anonymity of Salisbury, sheltered by the country that he had helped in secret for so many years. On that fateful Sunday, as he and his daughter ate at the italian restaurant Zizzi’s, little did he know that two assassins from his former employer – the Russian military intelligence department or GRU – had travelled to the UK with the intent to kill him. A message and warning to any others who might defy the Russian state, betrayal will never be forgotten and nowhere, not even a quiet cathedral city in England, can be safe from retribution. After arriving into London from Moscow, the two assassins, travelling under the alias’ identities of Alexander Petrov and Ruslan Borishov, had initially travelled to Salisbury for less than 2 hours likely in order to conduct reconnaissance for their mission. The next day they travelled again to Salisbury, deploying the chemical nerve agent Novichok – hidden in counterfeit Nina Ricci perfume bottle – on the door handle of Skripals suburban residence. The substance, a highly toxic weapon developed in the Soviet-era, is designed to kill by shutting down the body’s nervous system, causing a loss of all critical functions including breathing. Only a few hours later the exposure had left Sergei and Yulia fighting for their life. 

CCTV footage released by the police showed the pair walking in a residential area of Salisbury the day of the attack

What is Hybrid Warfare?

The event in Salisbury wasn’t an isolated incident. It was part of a wider coordinated strategy to exert power and influence in a new era of warfare. Often termed ‘hybrid warfare’, the strategy sits outside of the typical rules-based system of traditional foreign policy. It is a doctrine that is highly flexible and adaptive; it uses a variety of covert tools at its disposal to achieve strategic political objectives. From propaganda and ‘fake news’, to cyber-attacks, assassinations, political warfare and even economic and financial effects, these techniques can all be combined to exert a new kind of global influence. By its very nature it is concealed, with the war being fought by journalists, hackers, businesses and politicians – both witting and unwitting combatants in a greater game for power. 

Unlike traditional warfare, where uniforms, insignia, and open declarations by politicians mean consequences can be more easily understood, the difficulty of attributing these coordinated activities means retaliation and retribution is more difficult for the national security communities tasked to defend against it. This completely upends the traditional ‘tit for tat’ mentality which has long been a bastion of international equilibrium. Therefore, it is a highly asymmetric threat, where the power no longer lies with shock and awe, but with networks, coordinated goals, and hidden agendas. 

Russia’s fondness for coordinated subterfuge may go back decades, but it wasn’t until 2013 when Russia’s Chief of the General Staff, General Valery Gerasimov outlined what most would come to recognise as the modern codification of hybrid warfare. To wit, non-military techniques aren’t just ways of augmenting the traditional forms of war but are now the main form of influence in an increasingly connected and digital world. It is a war that is fought not only on the ground, but also in the digital networks of cyber space and in the psychological domain of people and cultures. The goal being not in singular military victories, but to keep adversaries in a perpetual state of competition and confrontation. 

These techniques include:

Assassinations – While the attempt made on the life Sergei Skripal was ultimately unsuccessful, political assassinations send a powerful message; there is no place to hide and nowhere will be safe. The method of deadly nerve agent is also important, enemies will not be safe even with bodyguards, security or bullet-proof vests. Alexander Litvenko, another ex-spy targeted for revenge in 2006 was murdered after drinking a cup of tea laced with radioactive polonium in a busy 5-star hotel in the heart of Mayfair, London.

Cyber Attacks – hybrid warfare makes extensive use of digital techniques to achieve its aims. Hacking into computer systems provides valuable intelligence which can be used as part of a leak desired to inflame or exacerbate political weakness (as was seen throughout the 2016 US presidential campaign). Shortly after the Salsibury poisonings, local authorities in the area were hit with ‘well coordinated’ cyber attacks likely as part of the same operation. Cyber attacks can fuel other parts of the hybrid operation, collecting information from which to use later or as a platform for disruption – with the potential for damaging vital computer systems in order to leverage influence such as the “NotPetya” attack that while ostensibly targeted Ukraine, wrought worldwide damage to thousands of victims worldwide.

In a remarkable interviewed aired on RT, the pair expressed their passion for gothic architecture and the 123 metre spire of Salisbury Cathedral

Disinformation – Much has been made of the rise of “fake news” that can be pushed out in order to sow distrust in official statements, and counter the narrative. While online social media and automated ‘bots’ often garner attention, fake news has more impact when delivered through mainstream and official channels. Throughout the Salisbury investigation numerous false statements appeared via channels controlled by the Russian state including a claim by the Russian ambassador Alexandar Yakovenko accusing the UK of “destroying all possible evidence” “classifying all remaining materials and making a transparent investigation impossible.” and perhaps most infamously the eventual appearance of the assassins “Borishov” and “Petrov” on Russia Today as two fitness instructors with more than a strong interest in the gothic spire of Salisbury Cathedral. 

Espionage – The use of undercover operatives has always been crucial to warfare, but when combined with other levers of power it can have powerful effects to amplify these clandestine goals. The Salisbury assassins were allegedly met in London by another high ranking GRU officer Denis Sergeev, travelling under the alias of Sergey Fedotov who likely gave them their final orders to proceed. These networks of spies, with access to infrastructure, and local connections allow more specialised operations to take place.  Throughout 2018 after the Skripal poisoning, Russian agents attempted to access laboratory facilities and networks across Europe including in Switzerland and the Netherlands where material relating to the attack was being analysed. Combining traditional human intelligence techniques, technical surveillance and on-the-ground cyber attacks – undercover teams can be a formidable asset, accessing vital information that could not be gathered any other way.   

What can be done to counter Hybrid Warfare?

Just as hybrid warfare uses a holistic blend of techniques to achieve its goals, countering it must also seek to break down barriers between traditionally separate capabilities. Understanding the networks and infrastructure that enable adversaries to coordinate espionage, cyber-attacks, disinformation, and assassinations can help decision makers devise strategies that can create resilience in society and counteract the subversive effects of instability. 

Data fusion for analysis and intelligence – Sound intelligence is fundamental to countering hybrid threats, but being able to see the complete picture relies on the fusion of data from all sources; joining the dots between data of different types is critical to unpicking the threads of deception. From the moment that the Salisbury assassins entered the UK, they generated data that investigators and analysts could use to understand their movements and intentions. From CCTV at airports, train stations other locations, to mobile phone data and passport information, we all leave digital footprints in an ocean of data that can give clues to our behaviour. 

For instance, in September 2018 a major breakthrough in the Skripal case came from investigative journalists working at Bellingcat and The Insider. Piecing together information from publicly available information on the internet and leaked information on the dark web, Bellingcat showed the world how careful examination of data could uncover the real life identities of the assassins as GRU officer Colonel Anatoliy Chepiga and Dr. Alexander Mishkin. Critical to these breakthroughs was the ability to fuse data from database records, passport scans, images, news articles, websites and documents – linking alias names, addresses, dates of birth and key events to resolve their real life identities (see also our guide on “Entity Resolution” here). 

Sanctions and Expulsions – On the 27th March 2018, less than three weeks after the attack at Salisbury, an international community of 27 countries including the United States, Ukraine, Canada, Germany, France and Poland expelled 142 Russian nationals from their countries in the largest mass expulsion of diplomats in history. In 2020, the USA, EU and UK went even further, issuing legal sanctions against GRU officers involved in many of these operations, including Aleksei Minin, Aleksei Morenets, Yevgeny Serebriakov, and Oleg Sotnikov who were all accused of taking part in the espionage attempt at the OPCW in the Netherlands where material from Salisbury was being analysed. Such sanctions, effectively deployed within the financial and travel sectors (deployed using technology such as Ripjar’s Name Screening Solution) restrict these individuals’ ability to access basic services and commerce, providing a vital part of the deterrence strategy to send a message to others who may choose to be involved in these types of operations that there are consequences for their actions.

Interagency cooperation and knowledge sharing – No single organisation has a complete picture of all data or is responsible for enacting the strategies to counter hybrid threats. Therefore, effective security strategies to defend against hybrid warfare rely on intelligence sharing and collaboration between government departments, law enforcement, the intelligence services and the private sector. The UK government’s ‘Fusion Doctrine’ published the same month as the Salisbury attack, outlines this whole-of-government approach to collaboration for the purposes of national security, but it must also be underpinned by the technical enablers to do so. From secure communications to data platforms that can share knowledge on threats and intelligence reports, the infrastructure for collaboration must also enable investigations. While police may have access to CCTV data and witness statements, other areas may have specialised data on chemical weapons systems, or the public health emergency developing in the area. Furthermore, banks and other financial institutions will have access to money flows and transfers that all might give a small piece of the puzzle to uncovering the larger pattern of subversion.  

Predictive Analytics for Discovery – Finally, countering hybrid threats will not succeed if there exists only a retrospective capability to understand events after the fact – even if that capability does include the heroic forensic detail from sources such as open-source intelligence and the dark web. Therefore, in order to build our defences, data analytics must become forward-looking for discovery of such threats as they emerge. Artificial intelligence and new ways of processing data for behavioural clues will play a vital role in the development of such discovery analytics. Combining all data sources and an understanding of hybrid threats and their characteristics, these advanced forms of data analysis are able spot a clandestine officer arriving from overseas and who they were travelling with, setting up bank accounts or other infrastructure and are able to automatically link known data points of existing threats, to unknown but active data points within the same pool of information. This means threats can be uncovered more quickly, automatically and with more efficient use of resources to help scale against the size of the challenge. 

Organised Crime on a Global Scale

Sergei Skirpal and his daughter Yulia ultimately survived the attack. A member of the public Dawn Sturgess, sadly did not. Some may call it hybrid warfare, others simply as murder. The act of criminality, albeit committed by a state actor, does not reduce its culpability, it heightens it. Responsibility for such murder doesn’t just fall to the individual who committed it, but to the entire system that enabled it. 

Tackling organised crime on global scale, acts that take place outside of the norms of international behaviour requires a shift in our thinking. Distinguishing between crimes committed by terrorists, gangs or even governments may be difficult, if not impossible without strong attribution of cause and effect. Technology, and new advancements like artificial intelligence and data fusion, deployed within the public and private sectors will accelerate the detection of these hidden networks, and the very connectedness that allows hybrid warfare techniques to succeed will eventually be the same method from which it is successfully defeated.

David Balson
Director of Intelligence, Ripjar
March 2021

Find out more about our data intelligence platform, Labyrinth at www.ripjar.com/labyrinth

Meet the Bots

Automation
Reimagined

Scale your data intelligence operations with an army of configurable bots

Find Out More