What the Wirecard Scandal Tells us about Russian Intel Operations

Cipher Brief Expert View

Sonya Seunghye Lim is a former Chief of Station with the Central Intelligence Agency. Before retiring from the CIA’s Senior Intelligence Service, she had a 24-year distinguished career in the Directorate of Operations, to include two assignments as Chief of Station. 

OPINION — In late January 2021, alarming headlines dominated the Austrian media about the arrests of two intelligence officials from the Austrian Federal Office for Protecting the Constitution and Fighting Terrorism (BVT).  They were arrested for allegedly selling classified information to Russia, through a scheme that prosecutors believe involved Jan Marsalek the former Chief Operating Officer of Wirecard, who is now wanted by Interpol.  Wirecard is a German provider of electronic financial services.

According to multiple press reports, the German and Austrian authorities strongly believe that Marsalek, fled to Belarus in 2018, and is now likely in Russia.  Interpol issued a red notice on Marsalek, and German authorities have asked Russian officials to help locate and arrest him.  Russia has not commented publicly.

Multiple news media sources reported that Marsalek is suspected of being an agent of Russian Intelligence, most likely the GRU.  Based on reporting on the late January confession made by one of the arrested BVT officials, a member of Austria’s far-right Freedom Party (FPOe), which has ties to the United Russia party, arranged Marsalek’s escape to Minsk on a private jet.

Details of the case, which is still unfolding, re-affirm the modus operandi of the Russian intelligence services and their commitment to exploit any fissures in Western values and political divisions. This embarrassing and tragic intelligence failure serves as a sobering reminder that the world of espionage and counterintelligence has no room for complacency or politicization. Ensuing criminal investigations by the Austrian and German authorities will reveal the full scope of political and intelligence compromises vis-à-vis Russia.

The Wirecard scandal may prove to be a rare opportunity for the US and the Western allies to condemn in unity, Russian activities aimed solely at destabilizing Western liberal democracies. It also stands as a stark lesson that we and our closest allies must remain ever-vigilant to the counterintelligence threats from our adversaries.

Wirecard was established in 1999, in Germany and provided services like mobile phone processing, extension of virtual credit, and issuance of prepaid debit cards. On 25 June 2018, Wirecard declared insolvency after an audit revealed €1.9 billion (approximately $2.2 billion) in aggregate cash deposits were missing from its accounts. The CEO of Wirecard, also an Austrian citizen, was arrested but its COO, Marsalek, disappeared.

Marsalek was reportedly the company official responsible for managing transactions—to include those deemed fraudulent.  Subsequent investigations by the Financial Times (FT) into Marsalek revealed troubling details that the Wirecard scandal was not only a financial crime but that it was also a carefully orchestrated intelligence operation run by a State actor, Russia. FT reported that, “…Marsalek had established a network of contacts in the Austrian-Russian Friendship Society, a Russia-backed entity to promote better relations between Russia and Austria, and offered to pay some of them as much as €200,000 (approximately $226,000) to provide him with classified information.”

Other press outlets reported that Marsalek engaged with a Russia advisor, (a suspected GRU affiliate), to discuss plans for “humanitarian reconstruction work in Libya.” In 2017, Marsalek also reportedly boasted in a private meeting about a trip that he had made to the ruins of Palmyra in Syria as a guest of the Russian military shortly after the site’s recapture from ISIS. According to the German media outlet Der Standard, in 2018, Marsalek disclosed to business partners in London four highly sensitive, classified reports from the Organization for the Prohibition of Chemical Weapons. The BVT officers in custody had known Marsalek at least since 2015 and are suspected of having passed Schengen passport data, queries from police criminal files, and other unspecified classified and sensitive information.

For their perfidy, the BVT officers were well compensated, presumably with money from Moscow. One of the BVT officers confessed that, shortly after Marsalek’s suspension from Wirecard, he had met Marsalek in Munich to coordinate his escape to Belarus.

The BVT officer reportedly confessed that he asked far-right FPOe party official to help organize the aircraft that had spirited Marsalek to the East. Later, Austrian media announced that the senior BVT officer arrested was Martin Weiss, the service’s former head of operations.

During its heyday, Wirecard had a powerful political lobby.  FT reported that, despite suspicions that Wirecard had engaged in fraudulent activities, German officials likely turned a blind eye for ignoble reasons. Business Standard reported “concerns about the role German political insiders may have played in facilitating contacts for Wirecard.”  A member of the opposition Green party told reporters that German intelligence services reportedly had no information about “Wirecard’s work with international intelligence agencies.”

While more details will be forthcoming, it now appears that Russia may well have recruited Marsalek either before or during his tenure as Wirecard’s COO, a position that he assumed in 2010. Wirecard, which specialized in cash-loaded, non-attributable virtual credit and debit cards, was a ready-made platform for laundering illicit funds and for evading increasing sanctions on Russia. According to press reporting, Marsalek reportedly made more than 60 trips to Russia between 2010 and 2018 using six different Austrian passports and three different diplomatic passports.

Given Martin’s Weiss’s key position in BVT until 2017, when he took a leave of absence, it is probable that Russian intelligence tasked Marsalek to target, compromise, and recruit Weiss.  Prior to his leave of absence, Weiss coopted a BVT employee (now in custody) through whom Weiss continued to receive sensitive information.

The Russians would be keenly interested in anyone with Weiss’s unfettered access, which included compartmentalized and sensitive information on BVT’s foreign intelligence joint operations and on Austrian foreign policy plans and intentions.

This event should serve as a case study not only for Austria but also for the US and her allies. It lays bare a Russian intelligence service’s operational and agent-handling methodologies, from the recruitment of an asset (Marsalek) to the scheduling of clandestine meetings, the expansion of a well-placed network of contacts, the co-opting of witting or unwitting politicians, and the exploitation of existing political division.

For the next several months or longer, Austria will be consumed with making a comprehensive damage assessment, as well as managing and mitigating the national and international embarrassment that this incident has caused.

What Austria should resist is the impulse to turn inward, to downplay the compromise’s effects, and to reduce its transparency during the damage-assessment process. Some Western security services may elect to react with outrage and censure, to include

imposing strictures on intelligence cooperation, but these measures will be short term, playing to public and governmental expectations. After all, when it comes to counterintelligence shenanigans and intelligence failures, no country is wholly and always immune; each has had egg on its face before and will again at some point. Russia certainly is watching closely how Austria and her allies will respond to this iteration of a “successful” intelligence operation and will plan its future operations accordingly.

If handled prudently in a unified front against Russia, this incident may prove to be a valuable opportunity for the West. If it prompts Austria and its allies to act decisively and to reduce coordination, then Russia will have accomplished one of its objectives—driving a wedge between us.

The Wirecard case should serve as a timely reminder—or as a wake-up call—of Russian ambitions and objectives, and we should not shrink from the challenge, circling the wagons, but should redouble our joint, multilateral efforts to counter this priority threat.

Read more expert-driven national security insight, perspective and analysis in The Cipher Brief

Cipher Brief Expert View

Leave a Reply

Related Articles