EXPERT PERSPECTIVE / OPINION — The July 2025 sanctioning and indictment by the United Kingdom of three units and 18 individuals affiliated with the Main Directorate of the General Staff of the Russian Armed Forces - the GRU - highlighted clandestine sabotage and cyber operations by that service against communications lines and the Western transport and supply infrastructure critical to Ukraine’s war effort. "GRU spies,” British Foreign Secretary David Lammy said, “are running a campaign to destabilize Europe, undermine Ukraine’s sovereignty and threaten the safety of British citizens."
In fact, GRU sabotage operations against targets in non-belligerent nations pre-date the current conflict and reflect Moscow’s use of sabotage as a tool of statecraft in both war and peace dating back to the Soviet era. During the Cold War, Soviet and Warsaw Pact planners, led by the KGB and GRU, created detailed lists of Western targets —bridges, power plants, rail hubs, fuel depots, pipelines, and communication lines. These operations emphasized covert acts made to look like accidents, aiming to demoralize adversaries and create political discord within the western alliance. To facilitate such operations, the GRU placed highly trained deep-cover “illegals” in target countries.
Fortunately, such plans were never fully actualized during the Cold War. In the post-Cold War era, we have not been so lucky. One GRU entity sanctioned by the UK - Unit 29155 - is assessed as having been responsible for the 2014 destruction of a shipment of Czech-origin 152mm artillery shells on route to Georgia and attacks that same year on a Czech ammunition depot. Officers of the same unit poisoned Russian defector Sergei Skripal in the UK in 2018.
The current Russian sabotage campaign is, however, being waged on a far larger – and potentially much more dangerous – scale than previously seen Russian. Since Moscow’s 2022 invasion of Ukraine, the GRU has engaged in extensive sabotage designed to disrupt the flow of Western aid to Ukraine, to demoralize that country, and to pressure its allies to reduce their support for Kiev. With a focus on entities supplying the Ukrainian military, these operations have targeted air, rail, maritime, and logistics supply chain, as well as energy infrastructure and undersea cables.
Most alarmingly, in 2024 Western intelligence detected a GRU-backed scheme to place incendiaries in air cargo packages destined for the UK, Poland, and potentially North America. In one incident, a magnesium-based device caused a fire on a plane in Leipzig, Germany. This was a method evolved from Cold War sabotage tradecraft. Other incendiary parcels were intercepted or ignited in warehouses in Poland and the UK. The Poles arrested four persons tied to this operation, which is believed to have been the work of the GRU.
Thankfully, plans to down or destroy civilian aircraft have thus far failed. But such plots—and their exposure—are indicative of Moscow’s willingness to accept considerable operational and political risk in targeting logistics and supply networks delivering Western support to Ukraine. For Russian President Vladimir Putin, this is an existential war. The Russian leader appears prepared to do whatever he believes necessary to hammer out something he can call victory. At minimum, this means establishing Russian control over the Ukrainian districts - Donetsk, Luhansk, Kherson, and Zaporizhzhia—annexed by Moscow in 2022.
The friction surrounding any intelligence operation can lead to its failure no matter how well planned. But that peril is compounded when the intelligence service concerned has a well-deserved reputation for mounting operations both conceptually imprudent and flawed in their implementation. Soviet and Russian espionage history is rife with GRU operations that failed due to the sloppy tradecraft employed, a reality attested to in extensive open source reporting on that service’s supposedly secret operations by Bellingcat and others.
There can be no doubt that Putin, as a former KGB officer and Director of the Russian FSB, is aware of the GRU’s checkered operational history. The fact that he, nonetheless, sanctioned that service’s sabotage campaign speaks to the importance the Russian leader ascribes to impeding Western military assistance to Ukraine. At the same time, Putin surely also understands that his sabotage campaign might undermine his policy goals. Ongoing GRU sabotage operations – particularly if they result in a high-profile attack – can rebound against Russia’ goal of seeking to undermine Western backing for Kiev. A historical example of a sabotage campaign undertaken against non-belligerent targets by a military intelligence service with less than stellar operational acumen is instructive in this regard.
Everyone needs a good nightcap. Ours happens to come in the form of a M-F newsletter that keeps you up to speed on national security. Sign up today.
Early on July 30, 1916, one of the largest non-nuclear explosions in history rocked Black Tom Island, located in what is now Liberty State Park in Jersey City, New Jersey. A freight terminal and munitions depot storing approximately 2 million pounds of ammunition and explosives awaiting shipment to World War I’s Allied powers (primarily Russia and Britain) blew up with a force that measured between 5.0 and 5.5 on the Richter scale. Guards had noticed fires breaking out on the pier shortly after midnight. Despite efforts to raise the alarm and call firefighters, the blaze eventually reached massive stores of explosives, triggering the first and largest explosion. Additional blasts followed as the blaze spread through adjacent railcars and barges. Debris and shrapnel rained down across the region, injuring hundreds and sending residents fleeing their homes. Windows up to 25 miles away were broken and the Statue of Liberty was damaged, her torch closed to visitors thereafter. The catastrophe caused over $20 million in property damage (equivalent to over $580 million today). At least three adults and one child are known to have been killed, but some estimates put the toll much higher.
American investigators initially thought the disaster resulted from carelessness. There were, however, suspicions from the outset that it resulted from an act of sabotage perpetrated by German Military Intelligence. The only surprise was how long it took the U.S. to attribute responsibility to the Kaiser’s men given the many operational errors they made while carrying out a sabotage campaign against targets in what was then a non-belligerent U.S.
From the outset of World War I, the Germans were confronted with a conundrum as they sought to keep Washington neutral while at same time closing off the flow of food and war materiel from the U.S. to the Allied Powers. The strategy Berlin adopted – to rely on diplomacy to deal with the former challenge and on sabotage to achieve the latter objective – was mutually contradictory unless those sabotage operations were executed with perfect deniability. Unfortunately for the Kaiser, perfection is unachievable in clandestine operations.
Shortly after the 1914 assassination of the Austrian Archduke Franz Ferdinand, Berlin named the German Ambassador in Washington, Johann Count von Bernstoff, as Germany’s espionage and sabotage chief for the Western Hemisphere. This was not a wise choice. Not only was the Ambassador ill-suited to the task, his involvement in intelligence operations, coupled with Germany’s initiation of unrestricted submarine warfare the following year, hamstrung Bernstoff’s ability to fulfill his diplomatic function as he was thrust into the center of a diplomatic firestorm that grew in intensity and culminated in America’s declaration of war against Germany in 1917. Those chosen to assist the Ambassador likewise proved unsuited to the task.
Military attaché Captain Franz von Papen - who, as Germany’s Chancellor in the early 1930’s, would play a key role in dissolving the Weimar Republic and paving the way for Adolf Hitler’s appointment as Chancellor - and Naval attaché Captain Karl Boy-Ed operated brazenly out of a commercial office in New York. They set up a proprietary company which ostensibly did business with the intent of providing munitions to the Allied Powers. Their intent, in fact, was exactly the opposite.
Like the GRU, which has blended sabotage operations with cyberattacks on telecommunication and transportation networks in an apparent attempt to disrupt supply lines and undermine public support for Ukraine, German military intelligence disseminated propaganda to counter information unfavorable to their country. Operatives also manufactured counterfeit U.S. passports for ethnic Germans returning to the Fatherland to fight. Papen and Boy-Ed, however, concentrated most of their attention on directly impeding shipments of munitions and food from America to the Allied Powers.
To that end, the Germans sought to recruit agents to assist with sabotage and subversion operations. Americans of German heritage and Irish-Americans, with their innate disdain for Britain, were particularly susceptible to their approaches. Similarly, as the recent Polish arrest of a Colombian national suspected of involvement in two arson attacks on warehouses in that country attests, the GRU has used third country nationals as well as local recruits in their sabotage operations.
Much like the GRU operatives behind the current sabotage campaign, the inexperience of Papen and his colleagues, as well as the bad tradecraft they employed, were evident from the outset. Their involvement in a plot to dynamite the Welland Canal linking Lakes Erie and Ontario - through which raw material needed to produce American munitions transited - was detected by the New York City Bomb Squad. This was not surprising in that they, among other things, had used material linked to a German firm in constructing the explosive device to be used; used the so-called German Club in New York – an establishment that doubled as a bordello - as a safe house (employing a site of criminality for espionage purposes being an operational faux pas); and used the office of a German-run commercial investigative agency for operational purposes (thus coming under suspicion for the wrong reasons).
The financier for German operations in the U.S., Dr. Heinrich Friedrich Albert, committed the cardinal sins of leading surveillance to a meeting with an agent and then leaving a briefcase filled with telegrams from Berlin, communications from German agents and financial records on a New York tram. Some of the material in the briefcase, which was picked up by an alert surveillant, was passed by the White House to The New York Sun. That paper’s publication of it led to the 1915 recalls of Papen; his colleague, Boy-Ed, and Albert to Germany.
As intended, this press reporting also lent support to President Woodrow Wilson’s previously voiced suspicion that he was “sure the country is honey-combed with German intrigue and infested with German spies.” Although Wilson sought to modestly augment the capabilities of the two agencies then charged with monitoring German spies and agents in the U.S. - the U.S. Secret Service and the predecessor to the modern FBI, the Bureau of Investigation – their capacity to do so remained woefully inadequate. Unfortunately, as has been the case with the current GRU campaign, diplomatic responses and legal sanctions did not deter the Germans.
The Cipher Brief Threat Conference is happening October 19-22 in Sea Island, GA. The world's leading minds on national security from both the public and private sectors will be there. Will you? Apply for a seat at the table today.
Boy-Ed’s successor, Captain Franz von Rintelen, arrived in the U.S. in April 1915 on a doctored Swiss passport. He would prove the driving force behind the sabotage campaign, injecting energy - if not operational acumen - into it. Leading a network of intelligence officers infiltrated into the U.S., Rintelen sought to foment strikes, firebomb shipping, instigate embargoes against the Allied Powers, distribute pacifist propaganda, foment revolution in Mexico, and purchase munitions for the German government. His most important mission, however, was to impede or, if necessary, sabotage shipments of arms and munitions from America to the Allied Powers. Rintelen was clear about his intent, saying: “Munitions are my job - what I can't buy I'll blow up, kaput schlagen!"
He immediately set to work, directing a string of attacks against arms shipments to the Allied powers. Employing a tactic echoed by the GRU, his agents placed cigar-shaped incendiary devices in the holds of ships carrying weapons and munitions. The resulting investigations resulted in several of the saboteurs being identified. Soon, operational friction had begun to catch up with Rintelen himself. His involvement in a wide array of operations meant that the exposure of any one of them could lead to the compromise of all the others. The possibility this could occur was made certain by a string of operational errors.
Those mistakes included Rintelen’s personal interaction with German officials and a German bank even though he was ostensibly working undercover in the same job his compromised predecessor had used; using those banks to move operational funds; exercising minimal operational control over his agents who were subjected to minimal vetting; and using potentially hostile intermediaries - the Russians - to facilitate the diversion of arms being shipped to their country, and then bilking them out of money they paid for the shipment; and conveying covert messages over open communications.
Finally, and sensationally, Rintelen got scammed by the original “Wolf of Wall Street,” David Lamar. The German passed Lamar ca. $350,000 to fund a plan to foment strikes in munitions factories and shipping agencies; to hinder the manufacture and shipping of munitions by attacks on financial institutions and by litigation against pro-Allied businesses; to promote a U.S. peace movement; and to enhance public support for Germany. Only later would Rintelen come to realize that Lamar had swindled him.
In August 1915, with investigators closing in, Rintelen fled the U.S. by ship but was arrested by British authorities during a port call in the UK. Extradited to the U.S. in 1917 after America entered the war, he was convicted on a string of charges to include firebombing a ship, perjury and conspiracy to obtain a U.S. passport. Rintelen spent the remainder of the war in prison.
Rintelen’s departure did not, however, end the sabotage campaign. In February 1916, an explosion initiated by the saboteurs destroyed a munitions plant in Bethlehem, Pennsylvania. This was followed by equally effective operations against an armaments factory in Bridgeport, Connecticut and a chemical plant in Cadillac, Michigan. After the successful attack on Black Tom, the saboteurs initiated a fire that destroyed a Canadian factory contracted by Russia to manufacture artillery shells. In February 1917, three Germans were arrested for attempting to (again) sabotage the Black Tom Island facility, which had been rebuilt. Because the April 1917 American entry into the war meant sabotage was no longer an option since the penalty was death to anyone caught in the act, the remaining German saboteurs fled the U.S.
U.S. efforts to seek post-war redress from Germany for the damage wrought by its sabotage campaign – and for Black Tom in particular – underscore the difficulty of holding a nation-state legally liable for its clandestine activities. The post-World War I German-American Mixed Claims Commission sought to assess Berlin’s responsibility and adjudicate indemnities for the consequences of the attack. Weimar Republic lawyers argued there was no evidence incontrovertibly linking German intelligence to it and the Commission ruled in their favor. In 1930, with more evidence of German culpability having come to light, the Black Tom case was re-opened. Once the Nazis came to power, however, the German representative to the Commission resigned when it looked like his country would be implicated in the case. Nonetheless, the Commission declared Germany guilty in 1939 and ordered Berlin to pay 50 million dollars. Unsurprisingly, the Nazi regime did not comply.
Although more evidence convincingly establishing German guilt and detailing the breadth of its pre-World War I sabotage campaign has emerged thereafter, Germany was never held to account for Black Tom. One suspects that, absent the arrest of the GRU operatives involved in the current sabotage campaign should they – like Rintelen – be unwise enough to travel to the UK, it is also unlikely Russia will be held to account for its actions.
The recent GRU sabotage campaign seems to have slowed since reaching its peak in 2023-24, possibly due to better coordination European security agencies and a conscious decision by the Kremlin to scale back operations in deference to discussions between Moscow and Washington about ending the war. With Putin apparently having resolved to continue his war against Ukraine, there is every possibility his security and intelligence services will renew sabotage operations in Europe.
But the UK’s public exposure of the GRU’s activities and U.S. warnings to Moscow that any attack causing an aircraft crash would be treated as terrorism and prompt a severe response are useful to the extent they cause Putin to rein in the aggressiveness of that service’s sabotage operations, thereby hopefully avoiding the repetition of a tragedy on the scale of Black Tom.
Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.
