top of page

Espionage: a threat to your organization

Updated: Mar 19, 2023

Written by Daan Vegter


In April of 2022, a person named Viktor Muller Ferreira was apprehended at Schiphol Airport by Dutch authorities and declared Unacceptable for admission into the country. The reason? The AIVD, in collaboration with other parties, identified the individual as a Russian GRU Intelligence Officer named Sergey Vladimirovich Cherkasov.

The man possessed a Brazilian Passport which claimed that he had been born in 1989, he was the son of an Irish father, and that his mother originated from Rio de Janeiro. However, the scope of this person’s constructed identity spans further than just a false travel document.

Cherkson worked as a travel agent in Brazil before commencing his bachelor’s study in 2014 at Trinity College, Dublin. He later moved to Washington DC in 2018 to pursue a Master’s at Johns Hopkins University School of Advanced International Studies. Cherkasov’s decision to apply for the International Criminal Court (ICC) in 2020 led to his apprehension by the Dutch intelligence services.

Following a successful application as an intern at the ICC, his arrival to the Netherlands was postponed due to Covid. During this time, the AIVD was able to detect and investigate Ferreira, discovering beyond reasonable doubt that he was a GRU intelligence officer. Upon arrival in the Netherlands, Cherkasov was informed about the predicament he was in, was ordered to leave the country, and was placed on the first flight back to Brazil.

Why does espionage happen?

Due to Russia’s involvement in the 2008 Georgian War, its protracted mission in Syria, and most recently, its invasion of Ukraine, the Russian Government is eager to know the inner workings of the ICC. But to fund such a long and extensive operation, an additional concrete threat to Russian citizens, military personnel, and politicians must have existed and worried the Russian intelligence apparatus.

Especially in cases concerning matters of (real or perceived) national security, the world of espionage does not stop at placing individuals in strategic positions for gathering sensitive information. Stealing, sabotaging, or even destroying information and/or equipment falls within the responsibility of international intelligence. Famous examples are China stealing the blueprints of Lockheed Marin’s F-35 Joint Strike Fighter and Israel digitally sabotaging an Iranian Uranium enrichment site.

Both the stealing of the F-35 blueprints and sabotaging of the Uranium enrichment site are examples of cyber espionage. Cyber espionage is the practice of stealing or sabotaging sensitive or classified data and intellectual property, to gain an advantage over a rival entity, through digital means such as cyber-attacks and data breaches. When people are used to do this, it is called human intelligence (HUMINT). Here, intelligence is gathered through means of interpersonal contact. Either a spy goes undercover and steals sensitive information, or people who are close to the information gather it for a thrid party. These activities serve the primary function of international intelligence, or to search for angles/leads that will eventually help protect or advance the interest of their governments. For this reason, any individual, company, government, and non-governmental organization that deals with sensitive information could be a target of international intelligence gathering campaigns. While highly dependent on the profile of the company, typical targets for said campaigns are technology, agriculture, security, medical, and aviation sectors.

What can be done to prevent (industrial) espionage?

Awareness is key. Companies and organizations need to be aware that they might be a target of espionage. As said above, not only governments deal with espionage threats. Certain companies and organizations might also have valuable information useful to outside actors. To assess whether or not an organization is at risk, questions need to be asked internally such as: what type of business is this; where does the organization operate; who is hired and what actors the organization deals with on a day-to-day basis. For example, an innovative high-tech company or international NGO with government contacts is more likely to be a target than a small bed and breakfast in the countryside.

Insider threats are real and need to be identified. One threat that organizations need to recognize is that people in crisis tend to be more susceptible to committing espionage. It is essential for companies to be aware of personal crises at an early stage to minimise the risk of employees being lured into espionage. Potential indicators of people committing espionage include, but are not limited to, drastic changes in behaviour, efforts to avoid security measures, financial hardship, unreported and excessive foreign travel, after-hours access to company buildings and classified documents. All employees need to be aware of these indicators and feel comfortable sharing their concerns about colleagues.

Be on the offensive, do not sit and wait for something to happen. In the cases of information leaks or personnel being identified as working for foreign actors, the damage is often already done. However, when State counter-espionage campaigns miss outside actors entirely, the situation can be far more worrying. For this reason, it is essential that companies gain the relevant skills to protect their data, intellectual property, and their staff, which fall under their duty of care.

Dyami offers solutions. We provide counter-espionage trainings, risk assessments, and help revising, designing, and implementing tailor-made security measures and policies. We work closely with former employees of, among others, the Dutch Ministry of Foreign Affairs (BZ), the Dutch General Intelligence and Security Service (AIVD) and the U.S. Central Intelligence Agency (CIA), to make organizations resilient against espionage and aware of the threats they may face.

2022-09-26 ICC Espionage WP
Download PDF • 225KB

About the author:

Daan Vegter

Daan interns as an intelligence analyst at Dyami. He is currently pursuing a Masters in Peace and Conflict Studies at Uppsala University. Experienced in analyzing large datasets and doing research on international terrorism, civil wars and emerging security threats. Although originally Dutch, Daan has also lived in the United States and Sweden.


bottom of page