Reminder: “Frenemies” are not friends.

News that the Chinese ATP 40 cyber-hacking unit penetrated parliamentary internet networks in 2021 has renewed concerns about the PRC’s malign intentions in Aotearoa. But is the hack that significant given the length of time that has passed since its discovery and the lack of sensitivity of the information that was accessed?  I was asked to write about this for a corporate news outlet but since it is my work I have added some details and posted it here.

The hack is unsurprising given that NZ is a 5 Eyes partner and parliamentary services and the parliament counsel’s office handle sensitive information as a matter of course. NZ may be a trading partner of the PRC but is in essence a security adversary given its membership in 5 Eyes and its close military alignment with the US, Australia and other Western states that are (whether rightly or wrongly) hostile to PRC power-projection world wide. Since the PRC is a main focus of 5 Eyes signals and technical intelligence collection, it would be remiss for ATP 40 to ignore potential avenues of exploitation when it comes to obtaining political or security-related intelligence in NZ. That is part of their mission, and complements the well-known presence of numerous PRC human intelligence agents in this country.

It is therefore reassuring that the GCSB National Cyber Security Centre (NCSC) discovered the hack and found that no strategically important or sensitive information was breached. We shall have to trust them on that. However, that does not mean that this will be the last time ATP 40 or some other PRC cyber-hacking unit will attempt to breach NZ government and private cyber defences. That is what they do, and because NZ has in the past been seen as the Achilles heel of the 5 Eyes network due to traditionally poor cyber security practices, it will likely do so again. This is an ongoing problem that the NCSC was created to address, but the offence versus defence dynamic inherent in (cyber) espionage and warfare is still in play and will continue to be so for the foreseeable future.

Some have suggested that NZ impose sanctions on the PRC in response to the parliamentary cyber intrusion. The US and UK have announced such measures due to similar PRC behaviour with regard to them (more on this below). However, for NZ that would be a mistake because sanctions at this point would be counter-productive. First, because it would be akin to poking a tiger and invite disproportionate retaliation over what is a relatively minor transgression in the broader scheme of things. Since NZ has yet to wean itself off of its self-made PRC trade dependency, it cannot afford to alienate it just yet, if ever, over an intrusion of this order.

Secondly, these type of breaches are usually handled quietly so that the offending party is not completely sure of how and why they were thwarted or countered. In other words, the GCSB does not want to show its hand when it comes to its counter-hacking capabilities. That the breach occurred in 2021 and only has been acknowledged now indicates that the GCSB feels that enough time has elapsed for operational security concerns to be ameliorated and a “fair warning” issued to the hackers that they are being identified, traced and countered. So there is no need to cause an inevitably damaging public spat with a much more powerful interlocutor. For all the coziness of the 5 Eyes members, no one will come to NZ’s economic rescue if the PRC decides to take punitive economic measures against NZ in the event that NZ tries to impose sanctions of some sort on its largest trade partner.

The timing of the GCSB announcement about the 2021 hack is also coincident with the US publishing the identities of ATP 40 hackers targetting US infrastructure and Australia and the UK warning of their and other Chinese political interference efforts in strong terms, with particular focus in the UK and US on PRC hacker compromises to voting systems in election years in both. The timing of the announcements about PRC hacking efforts therefore seems to be a 5 Eyes-coordinated “shot across the bow” that gives warning to ATP 40 and their counterparts that the times of easy access to critical data infrastructure, even if indirectly and even in NZ, are over. 

But that may be all that it is and not, at least in NZ’s case, a reason for NZ to escalate the matter beyond what it already has said and done. Chinese diplomats have been summoned to MFAT for a “please explain” and scolded for ATP 40’s misbehaviour. The PRC Foreign Ministry has rejected the accusations and warned about scurrilous attempts to besmirch the PRC’s good name. Perhaps it is time to let the dogs go back to sleep.

It remains to be seen if this type of State-backed cyber-probing ends because if nothing else the PRC hacking community is ingenious, well resourced and persistent. For them, this is part of the PRC’s ascent to having a multi-dimensional (voice and cyber encrypted communication intercept, physical and infrared (thermal) imagery aquisition, submarine fiberoptic cable “tapping,” capabilities, etc.), broad specturm, multi-domain (air, land, sea, space, cyber) warfare infrastructure on its way to achieving superpower status. As part of 5 Eyes, NZ is standing in the (albeit in a small) way of that goal. It was and is bound to be an ongoing target of Chinese espionage efforts, including in the cyber domain.

Ultimately the revelations about ATP 40s operations in NZ are a reminder against cyber complacency at home and at work, be in the public or private sectors. This is very true when dealing with so-called “frenemies,” that is, States with which NZ has cordial, even friendly relations on the public surface but with which underlying value systems and security relations are incompatible, strained or even hostile. So long as NZ is a member of the 5 Eyes network and the PRC is an adversary and target of that network even if it is NZ’s largest trade partner, ATP 40 and other PRC intelligence units will be hard at work seeking to discover and exploit any potential avenues of opportunity in NZ cyber-space as well as in other domains. It may be in that in the past “loose lips sunk ships,” but in the contemporary era all keystrokes, phone calls, encrypted messages, Tik Toks and Instas are also grist for the intelligence mill—and exploitable as such.

An earlier version of this essay appeared on March 27, 2024 in the NZ Dominion Post (, p.19) and affiliated media outlets.

Another Brief on Intelligence Matters.

Although my son is still in hospital he is recovering well and should be sent home soon. We dodged a bullet thanks to the Starship medical staff.

While at the hospital a reporter from one of Argentina’s oldest and most influential papers got in touch with me to discuss the case of the Russian double agent (for the UK) Sergei Skripal and his daughter, who were poisoned some years ago by Russian agents but survived and then disappeared. Some time ago they were reported to be hiding in NZ and I was asked about that by various media, and the Argentine reporter had seen some of the news coverage that mentioned me. He was most focused on the details of the case and whether the the Skripals could still be in NZ if they ever were. But before that he wanted a primer on intelligence operations. Here is the Q&A in English.

Why do countries spy and why do they react negatively to being spied upon? What is intelligence collection and what type of people are selected to become intelligence agents?

Espionage and intelligence-gathering is rooted in human nature. Humans fear uncertainty, and a way to diminish uncertainty is to gather information about uncertain subjects, be they economic, military, natural, political or social. It helps determine intentions as well as capabilities or other factors otherwise unknown. From that intelligence-gathering, knowledge is achieved and uncertainty is diminished. And if it is true that knowledge is power, then power is enhanced by intelligence-gathering.

Intelligence collection and analysis comes in three forms: human intelligence, signals/technical intelligence and open-source intelligence. Human intelligence refers to human collectors, i.e. intelligence agents of the State and non-State actors (say, private security firms or investigators) who collect information from personal observation, interactions and exchanges with people in a designated functional areas, regions or countries. State intelligence agents work in two ways. One is under the protection of a diplomatic passport. Known as “official cover” agents, this includes military attaches as well as other diplomatic personnel whose activities are recognised by host countries but which often extend beyond the official remit outlined in their credentials. If caught and accused of espionage, official cover agents are detained and deported as per diplomatic protocol (that is, they received diplomatic immunity).

Non-official cover (NOC) agents are what are traditionally known as spies. They are the stuff of cloak and dagger stories but the reality is a bit more mundane in most instances. They work under the cover of assumed names, aliases and occupations, for example as businesspeople, academics or developmental aid workers, among many other “covers.” If caught, they are subject to the full penalties of the jurisdiction in which their offenses were committed and where they are charged (including being subject to the death penalty in many countries). They receive no diplomatic immunity. The outed US spy Valeri Plane (outed in 2003 by the W. Bush administration as revenge for husband refusing to go along with their lies about Iraq having nuclear weapon precursor yellowcake stockpiles), who used a job as a petroleum executive as cover for her espionage activities in the Middle East, is an example of such a so-called “NOC.”

NOCs tend to work in a highly compartmentalised or “siloed” manner, dealing with one agency liaison up the collection chain and putting degrees of separation between the down-chain primary source contacts (informants who may be conscious or unconsciously helping the NOC and be paid or unpaid depending on who they are) in order to maintain tight operational security. The means of feeding intelligence up the chain are many, involving technical tools as well as personal interactions.

There is a sub-set of human intelligence agents that might be called “hunter-killers.” While all human intelligence agents will be trained in things like surreptitious entry, lock-breaking, concealed observation (static and in motion), eavesdropping and other such tradecraft, the hunter-killer sub-set includes assassination in their repertoire. The lethal means can include a range of tools, to include poison, blades, firearms, explosives or armed unmanned vehicles (for example, the CIA has its own UAV fleet, as does Mossad, among others). The individuals who engage in this type of activity are, at least when tasked to do such things, not true spies in the proper sense of the term since their focus is not on obtaining information but on acting on information previously obtained, although they may work in partnership with official or non-official cover agents because their priority focus is on tracking and eliminating targets. They are essentially assassins, although they may even engage in broader combat activities depending on circumstance. Intelligence agencies maintain paramilitary units for such purposes, and they can be embedded in or along with military forces. Given the threat environment in which a State operates and the nature of the adversaries being confronted, the number of hunter-killer agents, units or teams may be large or small. Israel has a large number of such people. The US has a fair number. New Zealand has none, as far as is known or admitted. In general and as can be expected given the nature of their rule, authoritarian regimes use hunter-killers more than democracies.

The ideal human intelligence agent must have a calm and even temperament, be able to display coolness under pressure, be resourceful, have a keen sense of curiosity and ingenuity when problem-solving, have the ability to think laterally and “out of the box,” and have a capacity to “silo” or compartmentalize their work so that their real work life as intelligence collectors is undetectable in their personal, public and private lives. They must be able to ward off being compromised, be it sexually, financially or socially. They must be able to keep a secret and rationalize their personal morals and ethics with their professional ethos and obligations. They must have a deep sense of and commitment to public service (service to the State on behalf of the Nation).

Selection to become a human intelligence agent varies from country to country. Along with the traits mentioned below, in authoritarian regimes party and personal loyalties to political elites are a significant factor in recruitment and selection. In democracies, they are not. Modern intelligence agencies in democracies maintain professional standards for recruitment and promotion that are neutral when it comes to partisan and personal politics. They use advanced psychological testing to determine a candidate’s fitness to serve. These include cognitive, physical and intellectual testing, often involving real-case scenarios in which a candidate is placed in a pressure situation in order to evaluate their decision-making capabilities. Once a candidate has been accepted into service and learned the tools of the trade (“spycraft”), they are matched with a suitable cover profile and trained in how to maintain that profile in the field (be it as a diplomat, military officer or undercover agent). There are variations to this scenario but the overall thrust is very similar in most developed States, and in fact in some instances (5 Eyes) intelligence agencies have exchange programs for officers from allied States in order to improve professional standards amongst them.

Question Two: It is said that Russia prefers human intelligence collection whereas the US and UK prefer technological means. Is this true and if so, why?

During the Cold War and the first 20 years of the post-Cold War environment, the US had a great advantage in signals and technical intelligence (SIGINT/TECHINT), moving far beyond the early 20th century techniques of eavesdropping on phones and/or in public and private places or using radar, sonar or advanced photographic techniques. It expanded the SIGINT/TECHINT collection domain to include space and submarine collection capabilities as well as sophisticated electronic and technical collection platforms using infrared, acoustic signature detection, computer intercepts and then cyber-hacking. As a result, it placed less emphasis on human intelligence collection, in part because it is a US cultural trait to believe in the superior benefits of advance technologies in everything from kitchens, cars and television to warfare. As a result, as of the 1970s the US diverted intelligence resources and focus towards signals and technical intelligence collection to the detriment of human intelligence collection. Also remember that CIA activities in Chile, Indonesia, and many other places had placed a stain on the reputations of field agents and undercover officers involved in those activities, so the move away from human intelligence collection was an expedient way of getting out of the unwanted limelight.

As a result, human intelligence collection (HUMINT) was maintained  but in diminished numbers. Given the changing priorities of the post-Cold War geopolitical environment, it left an unbalanced focus on post-Soviet dynamics without a shift to emerging threats such as ideologically motivated non-State actors like al-Qaeda.  For that HUMINT work the US increasingly relied on Israel and other allied countries. The emphasis on SIGINT/TECHINT was reproduced and compounded by the 5 Eyes network, which created economies of scale in that form of intelligence gathering that began to dominate the overall information acquisition process in their respective communities even if human intelligence agents were tasked with following up on information obtained and gleaned by SIGINT/TECHINT means by any of the partners.

The problem with over-emphasising signals and technical intelligence collection is that it often cannot discern real intent by separating bluster and idle talk from a commitment to action. Operational security counter-measures can also thwart effective SIGINT/TECHINT collection. In addition, the trouble with relying on partners for human intelligence collection and analysis is that the intelligence comes “filtered” by the interests of the sharing State, not all of which are exactly coterminous or identical to those of the US (and vice versa for its partners). In recent years the US has revived its human intelligence programs, but they are playing catch up when it comes to recruiting people with the appropriate language, social, cultural and personal skills to operate under deep cover (or even officio cover) in foreign environments. People with backgrounds in anthropology and sociology are high value recruits, but the number of them are small when compared to the amounts of subjects/targets that need covering.

As an example, when 9/11 happened the US military intelligence is reported to only have 3 Arabic speaking linguists in their ranks. NZ human intelligence (the SIS) had none, and even with the recruitment of Muslim, Chinese and Polynesian New Zealanders in recent years, it lags far behind when it comes to people with the requisite skills to undertake both official cover and NOC work given the threat environment in which NZ now operates.

As for the Russians, the situation was different. Because the Soviet Union/Russia and the PRC were considerably behind the US when it came to signals and technical intelligence well into the 1990s, they both emphasized and put resources into human intelligence collection. For decades even that form of intelligence collection was limited to internal intelligence and counter-intelligence (for example, against counter-revolutionaries, some of whom had foreign backing) and in their near abroad or against strategic adversaries (the US and its major allies). Over time the human intelligence capabilities of the USSR and later Russia expanded to have a global reach, something that China has emulated today. Other countries such as Israel have developed similar capabilities, using Jews in the diaspora as collection agents (known as “sayanim”). 

However, in the 21st century both Russia and China have put much effort and resources into developing state of the art signals and technical intelligence collection capabilities Although they do not have the economies of scale available to the 5 Eyes Anglophone signals intelligence network, they have developed sophisticated capabilities of their own. The advent of social media has facilitated and accelerated this effort, something seen in the disinformation and misinformation campaigns undertaken by the Russian signals intelligence agency, the GRU, against Western democracies via the work of dedicated units such as the Fancy Bear cyber-hacking group that interfered with and continues to interfere in US and other democratic elections while promoting socio-political discord and right-wing conspiracy theories (including in NZ).

Hence, while it is true that Russia has traditionally favored human intelligence collection methods, to include hunter-killer activities, that is no longer the absolute case. Both it and the PRC have a very expansive and sophisticated signals and technical intelligence capabilities, including in space, in the atmosphere, on land and under the sea.

Examples of technical and signals intelligence collection include photographic and thermal imagery from space, submarine interceptions (“tapping”) of undersea communications cables (such as by the PRISM system used by 5 Eyes), airborne photography, jamming and early-warning detection, metadata targeted and bulk collection of internet communications, and acoustic “reading” of vibrations from interior conversations on exterior surfaces such as windows. Plus all of the old fashioned techniques such as telephone wiretapping, coding and decoding, encryption and decryption, etc. Artificial Intelligence has been used for some years now even if the commercial applications have only become operational in recent times, and is set to become a dominant means of extracting actionable intelligence from vast quantities of data as well as more rapidly recognising, analysing and filtering threat assessments and other intelligence priorities.

Questions 3 and 4: How does UK intelligence operate and why does it treat intelligence gathering differently from espionage?

Before delving into the specifics of the question, allow me to note that oversight and regulation of intelligence operations and agencies differs greatly between democracies and authoritarian regimes. Authoritarian regimes use intelligence agencies for domestic espionage, paralleling or supplementing the work of police intelligence units that are focused on crime-fighting. In such cases the focus of intelligence agencies is on domestic political dissent, subversion, foreign agents (counter-espionage), and a number of other targets such as environmental activists and other non-conformists who the regime deems to be enemies of the State. Intelligence units are bound by their own internal rules and procedures, which usually are much looser than those in democracies. They also have para-military units of the “hunter-killer” type that are tasked with hunting down and eliminating opponents at home and abroad. The Skripal case is an example, as was the Operacion Condor network operated by the Southern Cone dictatorships in the 1970s. Authoritarian intelligence agencies and agents are not bound by the rule of law but by the boundaries set by the political (often military) leadership of the regime.

In contrast, intelligence agencies in democratic regimes operate according to the rule of law and constitutional principles. They are more restricted in their freedom or latitude of action. They tend to limit their domestic activities to counter-espionage and transnational crime with State or ideological connections, such as when monitoring and countering Hezbollah activities in the Tri-Corner region of Argentina, Brazil and Paraguay (where drugs, weapons an extremists congregate for mutually beneficial purposes). In general, however, domestic intelligence collection is a responsibility of the police or gendarmes, not intelligence agencies, who only work with the domestic intelligence units of the police and gendarmes when specifically tasked to do so and within defined legal authority.

Because of that intelligence agencies in democracies have a primary focus on foreign and transnational intelligence gathering and threat identification and analysis as well as counter-espionage. They are bound by numerous legislative and legal restraints on their activities and a system of checks via courts and other oversight mechanisms. Unless the circumstances are exceptional (say, a bomb about to go off in a crowded train station), they must adhere to civil liberties and other democratic rights accorded to the population. And even then they often need the authorization of a special court or judge in order to legally infringe on individual and collective rights and constitutional norms.

To be clear, these norms have been violated in many instances by spy agencies in liberal democracies, including in the US, UK and NZ, but if discovered they are liable under the law and can be held accountable by oversight agencies as well as legislatures (if the Executive will not act against them in such instances). Intelligence agencies do not operate according to the whims of the political leadership, but in accordance with and under penalty of law.

In terms of how the UK approaches intelligence matters, it conforms with the democratic model outlined above. It uses legal frameworks to determine the distinction between intelligence gathering by the British State, its allies and partners and even private parties like corporations, versus espionage by foreign States or British nationals working for foreign states or front entities (such as by and for Chinese firms and “friendship societies” connected to PRC military intelligence via “United Front” entities). Having a legal framework delimiting what is and is not permissible when it comes to intelligence collection and the means used to that end gives the British State (and other States in their own ways), legal cover and authority to disrupt and prosecute (often clandestine) intelligence-gathering activities deemed unlawful and illegal.

Put simply, in the UK and other democracies intelligence collection done under official cover is considered permissible up to a point. Intelligence collection done under non-official cover is considered espionage and punishable by law. If an official cover intelligence officer from a foreign embassy goes beyond his recognized intelligence gathering duties (say, by trying to poison a dissident in England), that person will be charged and a warrant issued for their arrest even if they are deported under rules of diplomatic immunity. If a Russian NOC attempts to poison someone and is caught, s/he is out of luck.

Espionage is what the bad guys do; intelligence collection is what the good guys do, and the legal distinction is there to preserve that fiction.

Question Five: Where are the Skripals?

The Skripal’s are likely in a 5 Eyes country. They need to be in a place where they can go relatively unnoticed, where security can be provided for them and where there are not many other Russians around unless those Russians are sympathetic to the Skripals and have been security vetted. They will be provided with fake identities and documentation and take language lessons to disguise their thick English/Russian accents. They will be coached on how to act under their assumed identities, for example, as a retired Bulgarian businessman and his middle-aged daughter who cares for him as per traditional custom. They could be located in a city without many Russians where they can disappear in the crowds or, contrastingly, in a rural area far from prying eyes. That depends on their personal characteristics. If they are urbanites then they would stick out in a rural setting and probably have difficulties coping, much less assimilating. Many factors will determine where exactly they are re-located and hidden from Russian intelligence.

Of course, they may be relocated to a non-5 Eyes country such as Argentina or South Africa. But Skirpal’s spying was done for the UK and 5 Eyes, not other States, so other States would be reluctant to incur Russia’s wrath in the event they are discovered. Plus, other States may be more susceptible to corruption, leaking and not be able to provide adequate levels of discrete but effective security for them. So it seems to that a 5 Eyes country is the most likely place where they have been relocated.

That could be Australia, which has few Russians, lots of anti-Russian sentiment and both large cities and remote rural areas. Likewise, Canada. Even Wales or Scotland might serve the purpose. New Zealand is too small, in my opinion, and the US, although immense, has large Russian expat communities that are not all opponents of the Putin regime and is over-run with Russian spies in any event. So my guess is that they will be in a medium sized town or city in a rural area of a large or relatively unpopulated country or area of a country with few Russians present. But there are people who are experts in this so I can only speculate as to their exact location.

One final observation. The Skripals were poisoned, like other Russian double agents. Russia reserves poisoning for traitors of some importance, not just anyone. People of lesser status fall out of windows, get run over or die in a variety of crashes and explosions, depending on opportunity (remember the Wagner Group boss Prigozhin’s plane crash last year). Lesser rivals such as journalists and whistleblowers get shot. It will therefore be interesting to find out what killed the dissident and opposition politician Alexei Navalny, who supposedly died of “natural causes” in a Siberian prison camp at age 47. My hunch is that he may have received the ultimate (ironic) honour in the way in which his demise came about.

Or to draw the analogy this way: my Italian grandmother was once discussing with my parents the death of a cousin of hers who had mob ties in New York City. My parents asked her about how he died and she said “from a heart attack.” When challenged because the press had covered the story of a low level mobster getting “hit” in some criminal feud, she replied “yes, he died of a heart attack when a piece of hot lead went through it.”

In Russia the heart attack is induced by poison, but only for the special few.