Skip to main content
INVESTIGATION

How a pattern of strange letters at the dawn of the Cold War gave Canadian authorities their first suspicions of Moscow's attempts to influence the West – and how Russian intelligence uses those same tactics in cyberspace today


In August, 1948, a strange handwritten letter arrived in the mailbox of Rev. J.M. White of Winnipeg. Upon opening the envelope, the reverend was confused. He didn't know the writer, nor did he understand why it came to him.

Unsure what to do, Mr. White turned the letter over to the RCMP, where it was relayed with urgency to the force's headquarters in Ottawa, eventually finding its way into a file marked "Secret," along with a growing pile of correspondence just like it.

"You will be very astonished to get a letter from so far," the writer began, in carefully written cursive.

The letter, among hundreds of pages of Cold War-era files recently unsealed by the federal archives, and with many of the names and details blacked out, came from a man inside Russian-occupied East Germany. The writer was seeking Canadians to correspond with, hoping to bridge the divide between East and West through a sort of pen-pal relationship.

Mr. White could not imagine how the sender obtained his address. What he didn't know was that these odd, unsolicited letters from Russian-occupied countries were popping up all over Canada: in Nanaimo, B.C., Three Hills, Alta., and Broadview, Sask., as well as larger centres, including Edmonton, St. John's, Montreal, Ottawa and Toronto.

Several had the same opening line – "You will be astonished at my letter" – while some claimed to be the only ones of their kind. RCMP investigators noted certain letters appeared to be written on high-quality paper, perhaps higher quality than was thought readily available in post-war Europe.

More peculiar, though, was the fact that none of the letters bore any signs of being opened or screened by government authorities in the Eastern Bloc, which was unusual for outgoing mail at the time.

"It seems strange that the letter does not bear any censorship stamp," RCMP Constable A.M. Mont wrote in a report to his superiors after examining the letter received by Mr. White.

Neither the RCMP nor the Department of National Defence could pin down exactly what was going on, although their concern is evident in the files. Canada's security agencies agreed the situation merited monitoring, believing that ulterior motives might be at work – although neither could say precisely what.

"In view of the present state of world affairs and the fact that there are quite a number of requests of a similar nature being received from countries under Russian domination," one internal RCMP memo said, "it may be just as well to suggest to Rev. White that the letter be ignored."

Perhaps it was just Cold War paranoia taking hold. But to the RCMP and the DND, it appeared as though people in Russian-dominated countries were conducting a sort of fishing exercise through the mail, trying to coax responses out of unsuspecting recipients in Canada.

Viewed with suspicion, the pattern of letters fit within a strategy used by the KGB and its predecessor throughout the Cold War, known internally as activniye meropriyatiya, or Active Measures.

These were covert operations designed to probe, disrupt or influence the West through the use of non-military means. That is, without mobilizing any troops, and without firing a single shot, Active Measures could be deployed subversively as a weapon to infiltrate, persuade or undermine an adversary from within. And they could be targeted at civilians as easily as they could be used against governments.

It is a strategy that has suddenly and unexpectedly reappeared in 2017, amid growing evidence of Russian interference in the U.S. and French presidential elections, including revelations that social media platforms such as Facebook and Twitter were co-opted to spread disinformation and exploit divisions in society.

And it has become particularly relevant with the discovery of several large-scale cyber attacks on the West that have been tied to Russia – including one such hack conducted through Canada that has links to Russian intelligence.

This is the story of how, decades ago, Canadian defence authorities first began to suspect that so-called Active Measures were being deployed in Canada and how those tactics – a relic of an old KGB mindset thought to have died off when the Soviet Union dissolved – have now made a comeback in the age of the internet.

It is "the rebirth of an old playbook," said Clinton Watts, a former FBI agent who studied Russian Active Measures used during the Cold War.

The approaches are strikingly familiar – only the technology has changed.


The Rev. White Letter: One of the earliest examples of suspicious correspondence during the Cold War, according to declassified RCMP files.

1) The letter came from the “Russian Occupation Territory” of East Germany.

2) Several followed a pattern, using similar language: “You will be very astonished to get a letter from so far.”

3) Many appeared as pen-pal requests, but often requested maps, phone directories, military information, etc.

4) The RCMP and Department of Defence had concerns about Canadians answering the letters.

OPEN DOCUMENT IN NEW WINDOW


The 10-step guide

Read more below for a primer on how Canadian security agencies responded to the pattern of strange letters during the Cold War.

How fishing became phishing

The advent of the internet has made a lot of things easier, from banking to shopping – and spying.

In 2015, inside a two-storey house on a quiet street in Ancaster, Ont., a young man named Karim Baratov was given a seemingly simple task. His job was to send waves of unsolicited e-mails to people he'd never met – and to make them appear as convincing as possible. The person on the other end would need to fall for the deception.

Mr. Baratov, a Canadian citizen born in Kazakhstan, who also went by Karim Taloverov or Karim Tokbergenov, lived alone in the leafy suburb of Hamilton, in a house guarded by security cameras. Despite being unemployed and in his early 20s, Mr. Baratov boasted a garage filled with expensive cars, including an Aston Martin and a Lamborghini.

Karim Baratov pleaded guilty in November to conspiracy to commit computer fraud and aggravated identity theft. INSTAGRAM

A self-professed computer prodigy, he claimed to have dropped out of school at an early age and made it rich as an online entrepreneur. "At 14, I was making more than both my parents combined," he wrote on social media. "At 15, I got my first million."

From the outside, though, it was unclear where the money came from. But in early 2015, according to federal charges filed in March in a U.S. court, Mr. Baratov was hired for a job that would pay him well.

The men who recruited him – Igor Sushchin and Dmitry Dokuchaev – worked for the Russian Federal Security Service, the FSB, a modern-day equivalent of the KGB. A year earlier, the group had managed an extraordinary coup: hacking into the main servers of internet giant Yahoo Inc. They managed to steal its vast user database, the veritable keys to the online kingdom. Included in the mountains of data they took were the personal information of more than 500 million subscribers, including names, phone numbers and alternate e-mail addresses, along with bits of code that identified each user, akin to digital DNA.

Stealing the Yahoo database allowed the hackers to create malicious cookies – strings of specialized code that parked themselves in each user account and served as a skeleton key to their inbox – allowing the men to sift through the personal files and correspondence of the user as they pleased.

But what the group also wanted was to gain unfettered access to the alternate e-mail addresses connected to those hacked Yahoo accounts, since many turned out to be government or corporate addresses, or Gmail accounts, for people identified as potential high-value targets.

For this, they turned to Mr. Baratov in Canada. Working from home, he set about crafting fake e-mails designed to look like messages from trustworthy senders.

There were two methods: Some of his messages would warn the person that their e-mail had been compromised and ask them to click on a link immediately to reset their password to protect their data. Others would contain attachments containing malicious code that, when opened out of curiosity, would infect the computer, giving the hackers access to the account.

The strategy, known as phishing, is one of the oldest and simplest hacker tricks going – for a good reason. Done well, and convincingly, it can be highly effective.

"When Baratov was successful, as was often the case, his handling FSB officer Dokuchaev paid him a bounty," the court documents allege. Each hacked e-mail was believed to be worth $100 (U.S.).

But the strategy behind Active Measures isn't about the hack itself. It's about how the material obtained in the breach can then be used.

Sensitive information can be leveraged for blackmail purposes by threatening to expose the target, a process known as kompromat. Other documents, such as letters or official records, can be altered to change their meaning or twist facts, and then leaked in order to manipulate public perception – dezinformatsiya.

With that in mind, Mr. Baratov was given the task of breaking into the e-mail accounts of people who could be of particular value to the Russian agents. The list included international bankers, diplomats, politicians, journalists critical of Russia, civil servants, a member of the International Monetary Fund, an unnamed cloud computing company and numerous business people, including one U.S. airline executive.

It is an unprecedented case. When police finally arrested the 22-year-old hacker-for-hire at his home in March, it was the first time charges had been laid in a cyberattack linked directly to Russian intelligence agents. However, only Mr. Baratov is in custody. The other members of the ring, including Mr. Dokuchev (who was fired in a purge of the FSB's cyber division in 2016), are believed to be in Russia with no chance of extradition. Mr. Baratov's lawyer maintains his client did not know he'd been recruited by Russian agents and instead thought he was working for a man named Patrick Nagel.

Mr. Baratov's phishing method was similar – if not identical – to other high-profile hacks that have also been linked to Russia of late, including the 2016 hack of the Democratic National Committee, in which John Podesta, chairman of Hillary Clinton's presidential campaign, was duped by a phony e-mail purportedly from Google asking him to reset his password. When the contents of his inbox were leaked online, the e-mails had a damaging effect on the Clinton campaign.

And in late 2016, U.S. author and journalist David Satter, an outspoken critic of the Kremlin, was breached by a phishing e-mail that resulted in his personal documents being spilled online, with some of them strategically altered to discredit him and others.

In an example of advanced Active Measures at work, several documents were "selectively modified" to make it look as though activists and journalists inside Russia were being paid by the West to write articles critical of the government, implying an orchestrated foreign campaign against the Kremlin.

An investigation into the case by the Citizen Lab, a cybersecurity watchdog at the University of Toronto, found the hack was part of a much larger phishing expedition believed to be orchestrated from Russia, involving more than 200 high-value targets spread across 39 countries.

But this particular phishing effort wasn't just aimed at officials in government or the military. It also targeted members of civil society – academics, non-governmental organizations and other members of the public. It also sought to compromise people in "proximity" to high value targets, such as the family members of diplomats and the wife of a military attaché.

It was a trend that had been seen before.

'Each letter follows the same style'

Back in the late 1940s, what concerned the RCMP most about the strange letters arriving in random mailboxes across Canada were the requests many of them contained. While each looked like an innocent effort to initiate correspondence with people in Canada – taken at face value, many of them read like simple pen-pal requests – some asked for more.

An employee working for the British Columbia Telephone Company was asked by a man who identified himself as the head of the Museum of Ethnology in Leipzig, in Russian-controlled East Germany, to provide copies of telephone directories from Canadian cities, along with other listings.

A letter from Czechoslovakia sent to an automobile club in Montreal, sought detailed road maps of Canadian cities and towns, while other letters asked for business directories and details about factories. Another wanted "anything and everything on Labrador."

Not all of the suspicious mail necessarily came from Soviet-dominated countries. A letter postmarked in Austria and sent to multiple outposts in the Canadian Arctic requested photographs that showed "harbour views" in the North, leading one government official to suspect it may be something "pretty sinister."

Nor was it solely a Canadian phenomenon. In the fall of 1949, according to the same declassified RCMP files, a ship captain arrived in Halifax and passed a note to police on the docks, which was then forwarded at once to the Department of National Defence.

"The latest information from Sweden," the captain wrote, was that mysterious letters sent from Soviet-controlled Estonia had been arriving in small towns all over the Swedish countryside, some containing unusual requests for specific items such as newly developed Western medicines, and none bearing the stamp of a censor, indicating clearance for mailing outside the country. "Each letter follows the same style," the captain said. He also pointed out that mail service between the two countries had been formally suspended a year earlier.

In the United States, a man from Leipzig wrote the chamber of commerce in Wichita, Kan., asking for documents including maps, airline schedules, information on factories and details about oil and gas fields. After learning the chamber had dutifully fulfilled this request, sending a parcel of material to East Germany, the U.S. military grew concerned. American authorities had also seen a pattern of letters coming from the Leipzig area, which was home to one of the largest concentrations of KGB officials in Soviet-controlled Germany. Wichita was where most of the American B-29 bombers were built, and was also home to a major air force base.

In London, a security report under the heading Collection by the U.S.S.R. of Published Information, which was forwarded to security agencies in Canada, warned that an agency in Moscow had placed orders with several British publishers for a variety of "official and semi-official publications, including reports on shipbuilding and technical journals on marine and aeronautical engineering."

It was impossible to know how much of this mail was being sent to Canada and how much was actually being answered. Only the letters turned in by the public were channelled to RCMP headquarters. Some were dismissed as "innocuous," while others were catalogued inside a special section of the force tasked with investigating "Internationally subversive activities" and "Correspondence between Canada and countries under Russian domination," an office that was placed in direct contact with the RCMP Commissioner.

"Whilst this may have no significance," the head of B.C.'s RCMP said in a confidential memo to Ottawa, "it may possibly be one avenue of conveying information from this country to the U.S.S.R."


How active measures were born

The opening salvo of the Cold War was fired in Ottawa, in the fall of 1945, when a 26-year-old Soviet embassy clerk named Igor Gouzenko turned himself over to Canadian authorities.

As a cypher clerk, Mr. Gouzenko's job was to decode secret messages from Moscow. But on Sept. 5, only three days after Japan's formal surrender in the Second World War, Mr. Gouzenko stuffed 109 carefully selected documents under his shirt, sucked in his stomach to camouflage the bulge, and walked out of the embassy undetected. Within those documents, he harboured a story few at the time were willing to believe.

His first stop was the Ottawa Journal newspaper, where a nervous Mr. Gouzenko told the newspaper's night editor, Chester Frowde: "It's war. It's Russia." Mr. Frowde sent him away. "That didn't ring a bell with me," he later recalled. "World War II was over – and we were not at war with Russia."

Mr. Gouzenko then went to the Department of Justice, where he got a similar reaction. It was only after two undercover RCMP officers sent to investigate Mr. Gouzenko witnessed Russian embassy officials breaking into his apartment in search of the stolen files that they began to suspect he was telling the truth.

Igor Gouzenko gives a television interview in 1954, wearing a hood to hide his identity. THE CANADIAN PRESS ARCHIVES

The documents Mr. Gouzenko smuggled out of the embassy contained stunning revelations that Soviet spies had infiltrated several key government departments, the National Research Council and the Canadian military, and had stolen nuclear secrets from the coalition effort to build the atomic bomb.

They were hard revelations for the Canadian government to swallow – prime minister Mackenzie King included – since Russia had been viewed as an ally throughout the war. But Mr. Gouzenko's files revealed espionage going back years, leading to the arrest of 12 people and a Royal Commission into the activities of Soviet spying. Mr. Gouzenko would go down in history as the first person to warn the West of about Russian espionage following the war, touching off decades of tense relations between the two sides.

Former KGB archivist Vasili Mitrokhin, who defected to Britain in 1992, would later write that the Gouzenko affair crippled Russian spy efforts in North America for more than a decade. Unsure which agents had been exposed by Mr. Gouzenko, the KGB was forced to dramatically curtail or rejig operations in Canada and the United States.

The residual effect on Canada, psychologically, was paranoia.

The Soviet Union had gone from ally to, suddenly, the Red Scare. It was in that tense climate – and during Communist witch hunts in the United States led by senator Joseph McCarthy – that the strange letters began arriving in Canada, causing angst among those who received them.

A high school teacher in Mossbank, Sask., turned one letter over to the RCMP along with a note insisting he was "a loyal Canadian." At least one man volunteered to take a lie detector test. Meanwhile, RCMP files show the police also regularly conducted secret background checks on Canadians who contacted them about the mail.

It was also a time when the KGB was increasingly deploying Active Measures against the West, from within a special department created specifically to hone the craft.

According to former KGB veteran Sergey Kondrashev, who led the agency's covert Active Measures operations from Berlin, Vienna and Moscow during his career, and later wrote about them in his memoirs, such tactics go back as far as 1923.

The KGB, then known as the OGPU, developed covert methods to disrupt counter revolutionaries within the Soviet Union, which gave rise to the invention of kompromat and dezinformatsiya. By the 1950s, Active Measures were enshrined as a critical tool within the country's intelligence service and were consolidated under a specialized unit called Service A, inside the First Main Directorate of what became the KGB.

If espionage was the kind of serious cloak-and-dagger work depicted in spy movies and John le Carré novels, Service A was more like the department of meddling.

Active Measures drew upon creativity – with methods that involved the collection of official documents from foreign powers so that they could be altered or forged and then released back into circulation to sow confusion, or by placing false rumours or statistics in the media.

In some cases, Active Measures included writing fake letters to newspapers, politicians, activists, sympathizers and church groups, always under assumed names, in an effort to shift opinions, stoke discord or to build close relationships that could be leveraged at a later date.

Other plans were more diabolical. The KGB once forged a classified letter between two U.S. military officials warning that bomber pilots transporting nuclear weapons were experiencing alarming side effects, including psychotic episodes and suicidal thoughts. The document was then leaked in Western Europe to stoke fear about the United States' nuclear program among its allies.

And in 1963, the Section A office in Hungary published an entirely counterfeit edition of Newsweek magazine, which it slipped onto newsstands in Europe to erode foreign support for John F. Kennedy.

One of the most infamous examples of Active Measures, though, was a conspiracy that circulated in the 1980s that the AIDS virus had been created by the CIA at a government lab in Fort Detrick, Md., which was known for biological weapons experiments in the 1960s. Mr. Kondraschev acknowledged the rumour was actually the work of the KGB. The file was codenamed Operation Infektion.

However, Mr. Kondraschev said it was naive to think Russians were the only ones practising these disruptive tactics. In the West, he argued, such techniques simply go by different names, such as political action or, simply, dirty tricks.

In 1958, when British and U.S. intelligence saw a manuscript of Dr. Zhivago, the Boris Pasternak novel critical of the Soviet system that was banned in Russia, they arranged to have Russian-language versions snuck into the country. This included a miniature edition that could be split in half for easy concealment.

"This book has great propaganda value," said a secret CIA memo detailing the plan, which was declassified in 2014. "We have the opportunity to make Soviet citizens wonder what is wrong with their government."

What was seen as disinformation or propaganda in part depended on what side you were on. For decades, the Soviet Union viewed Radio Free Europe, which broadcast a mixture of Western news, viewpoints and rock music into the Eastern Bloc, as an Active Measure aimed at turning the public against the Soviet government.

More recently, Russian President Vladimir Putin – himself a former KGB intelligence officer – has accused the United States of using similar tactics to incite anti-Russian "hysteria." In 2012, when mass demonstrations broke out in Moscow over his return to the presidency, Mr. Putin accused Ms. Clinton, then U.S. secretary of state, of fomenting the public protests through U.S. "active measures."

"She set the tone for some actors in our country and gave them a signal," he said. "They heard the signal and, with the support of the U.S. State Department, began active work."

Similar accusations have emerged in recent months about Russian meddling in the U.S. election. In late October, investigators at Facebook revealed they'd identified more than 80,000 posts originating from Russia between January, 2015, and August, 2017. Each post zeroed in on a divisive political issue such as religion, race, gun rights and gay and transgender issues.

One such Russian Facebook account called "Heart of Texas" – which addressed readers as "Fellow Texans!" – sought to organize an anti-Clinton rally before the election, urging those in the state to form a movement to secede from the United States. The sponsored post, which paid Facebook to place the message into users' feeds, was shared 1,200 times. Another, from a different Russian-linked account, announced a rally in Manhattan to protest Donald Trump just four days after the election, using the slogan "Not My President."

The political agendas differed wildly, depending on the intended audience. The apparent goal, Facebook general counsel Colin Stretch told a Congressional hearing in Washington in October, was "to drive people apart."

How the concerns, and paranoia, escalated

In the fall of 1950, after the Montreal automobile club responded to the letter it received from Czechoslovakia, a large package arrived at its office, again bearing no censorship stamp. Inside were roughly 100 pamphlets written by the Czechoslovak Committee of the Defenders of Peace, urging people to stand up against the U.S nuclear program. The Committee requested they be distributed to Canadians who would take up the fight.

It is the earliest instance on record of the letter campaign being used to distribute propaganda into Canada, although subsequent notes in the RCMP file suggest there were others.

For a while, the flow of such letters seemed to dwindle. But in 1957, the RCMP noticed a new and potentially unsettling pattern emerge.

People in government or military roles, or their children, began receiving unsolicited letters. In some cases, those involved held highly classified jobs.

The first case on record involved a letter sent in September, 1957, to a soldier in Quebec. The letter purported to be from a New York-based organization called People to People, a friendship club that sought to connect citizens around the world.

This struck the soldier as odd: He had no idea how they had obtained his address, what they wanted or who the group was. Upon turning the letter over to his superiors, the matter was elevated to the Department of National Defence.

"It is not improbable that this organization is circularizing other members of the armed forces," Colonel E.S. Tate, director of military intelligence for the Canadian Army, told the RCMP. "In time, this could result in the formation of a type of 'pen pal' club designed to exploit the military characteristics of its members." The DND investigated the organization, but could find no indication it was a front.

Further questions were raised in 1960 when a Grade 11 student in Ottawa took part in a seemingly harmless class project that involved writing letters to students in foreign countries. The young woman received a letter purportedly from the United Nations Association in Canada telling her she had been matched up with a 17-year-old boy in Soviet East Germany.

This concerned her parents. Her father, Major H. Colyer, worked in the Canadian Army Operational Research Establishment in Ottawa, a classified department that provided strategic analysis and planning for military operations. Her mother worked as a librarian for the National Research Council, one of the departments targeted for espionage during the Second World War, according to the Gouzenko papers.

"Because of the classified nature of my work in the Army, and because I hesitate to jeopardize my daughter's future standing as a reliable security risk, I wish to report this East German pen-friend so that no security risk is liable," Major Colyer wrote in a letter to the Department of Military Intelligence on Oct. 25, 1960.

The army had its concerns, too. In a secret memo sent to RCMP headquarters, the head of military intelligence, Colonel R.E. Hogarth, questioned the legitimacy of the East German connection, saying it appeared "somewhat strange."

Canadian intelligence officials investigated, but ultimately left the decision to pursue the matter up to the family. "The Colyers will, no doubt, be on the lookout for pointed requests that may arouse their curiosity," a senior NRC official said in a memo to the RCMP.

Internally, the force considered running counterintelligence measures – asking people to engage the letters, play along and report back – and debated what advice to give publicly about writing back. People had the right to send a letter anywhere they wanted, but the RCMP didn't necessarily want that.

"Care must be taken, of course, not to give the impression … that we approve of Canadians corresponding with residents of the U.S.S.R.," Inspector D.E. McLaren said in one internal RCMP memo.

Suspicions also rose among the public, driven by Cold War fears.

A doctor in Peterborough, Ont., wrote the RCMP with a strange revelation: "My nine-year-old daughter has acquired an adult pen pal in Russia," he said, having no explanation for how it happened. "We share your reluctance," the RCMP wrote back.

And in June, 1961, Major Homer Thomas, a retired senior officer in the Canadian army, returned home to find an envelope from East Germany in his mailbox, addressed to his daughter. Concerned, he opened it, finding a carefully written letter that claimed to be from a 13-year-old boy in Babelsberg, in the Soviet-occupied region just outside Berlin. His daughter's class had written a letter to Germany a few months earlier as an assignment, signed by 15 students. Major Thomas's daughter received a direct response, which he found peculiar.

The letter was forwarded to the RCMP crime detection laboratory, which analyzed the paper under ultraviolet light, tested the composition of the envelope and its adhesive, and conducted a forensic analysis of the handwriting. Two months later, B.B. Coldwell, a chemist at the lab, reported the letter was written on "low quality, inexpensive paper" and that the adhesive was standard.

"There is nothing to suggest it was not written by a 13-year-old boy," Mr. Coldwell concluded.

The RCMP closed the case – but not before quietly running background checks on the teacher, the principal and others at the school. Those came back stamped "no record."

Investigating a suspicious pen-pal letter to a retired Canadian army officer's daughter in 1963, authorities conducted background checks on the girl's teacher and school principal. Both files are blank, stamped 'no record.'

Not everything was a case of suspected Active Measures – some things just looked suspicious – but nothing was above question.

In 1963, Canada's Director of Military Intelligence, Colonel H.T. Fosbery, sent an urgent memo from Canadian Army Headquarters to the RCMP Commissioner in Ottawa, marked "Confidential." Enclosed were two pages torn from a glossy magazine.

"Attached hereto are pages 62 and 63 of the February 1963 issue of TEEN Magazine which," the Colonel said, "are self-explanatory."

"This information is forwarded to you for whatever action you deem appropriate," Col. Fosbery told the RCMP.

That month, the magazine published an article profiling eight teens living in Soviet countries who wanted pen pals in Canada and the United States.

But because TEEN Magazine was unavailable in most of the Russian-dominated places the students said they were from, the military doubted their personas were real and suspected, again, that some sort of fishing expedition was afoot.

The article included a profile of Maria Angelova of Yugoslavia, who listed her favourite celebrity as Yugoslav dictator Marshal Tito. Another profile was of Ryszard Jarosz from Poland, who described himself as "a typical Polish youth" who gets his copies of TEEN Magazine "from a friend."

It had been 18 years since Igor Gouzenko exposed Canada's susceptibility to espionage. In the intervening years, Active Measures had become a critical element of Soviet intelligence, but the line between suspicion and paranoia in Canada had grown very blurry.

That same unease is now evident once more, as details emerge about Russia's alleged cyberoperations over the past few years, from e-mail hacks and phishing to social media influence campaigns.

The February, 1963 issue of TEEN magazine profiled eight teenagers in Russian-dominated countries seeking pen pals in Canada and the United States. At the height of Cold-War paranoia, Canada’s director of military intelligence viewed the article as highly suspicious.


How Russia became a cyber superpower

More than a quarter-century after the collapse of the Soviet Union, Russia has turned itself into a leader in cyberwarfare. The advent of the internet has proven to be a valuable tool for Active Measures.

Six months before Mr. Baratov was arrested near Hamilton this year, a report from the Ottawa-based policy organization the Canadian Association for Security and Intelligence Studies examined Russia's growing stature as a hacking country – along with other cyberpowers such as China – and why the West appears to be lagging behind.

The answer goes back to the very emergence of the internet itself.

In the late 1980s, and early 1990s, Russia was an industrial superpower in decline, consumed by the fall of Communism and the breakup of the U.S.S.R.

The rise of the internet happened mostly with Russia on the sidelines – looking on as a new online world unfolded, built using technology developed almost exclusively by the West.

"This came as a tremendous shock to the Russians, who were now using cyberspace, which not only supported Western political and economic systems but was in a sense 'owned' by the West," the CASIS report said. "This 'colonization' of cyberspace by a foreign power impacted and drove how Russians view and use cyberspace."

Russia's early approach became one of caution and skepticism. The term "cybersecurity" was rarely used by Moscow. Instead, Russia spoke of "information security" – a slightly different concept.

"They realized that they had the least degree of control over the technical networks, and that the information on these networks was the real concern," the report said.

"The internet was designed to be reliable; it was not designed with security in mind," it added. "The Russians have much longer strategic thinking in this area."

Russia has long seen itself as the victim of an onslaught of so-called soft power from the West, designed to undermine its authority. Soft power, a term coined by Harvard University professor Joseph Nye, refers to the way countries can shift geopolitics through tools such as economic aid, cultural exports and the work of non-governmental organizations.

As a result, Russia feels compelled to assert itself. Information warfare is one means of levelling the playing field.

"One particular area where the FSB has expanded its role is cyberoperations," said a report published in March by the Canadian Security Intelligence Service (CSIS), which assumed security intelligence duties from the RCMP in 1984.

"Russian doctrine puts information warfare as a priority in its policy."

This has manifested itself in the emergence of two Russian organizations in particular – The Internet Research Agency, a Saint Petersburg-based company with links to the Kremlin, from which many of the Russian influence campaigns on Facebook and Twitter are said to have originated, and APT28, a hacking group specializing in malware and phishing that U.S. security agencies believe is linked to Russian military intelligence.

Asked about the country's growing reputation as a leader in cyberoperations, including hacking, a spokesman for the Russian Embassy in Ottawa did not respond.

But the reason for Russia's investment in cybercampaigns is clear, said Mr. Watts, the former FBI agent who is now a senior fellow at the Center for Cyber and Homeland Security at George Washington University.

Those old Cold War subversion strategies can be far more effective now because of the amplification, immediacy and reach the internet provides – allowing audiences to be approached and influenced en masse, and with relative ease and economy. Yesterday's clunky letter-writing campaign is today's viral call-to-arms on social media.

"It is very difficult to exert information and influence in any sort of rapid fashion without the internet," Mr. Watts said. "And it's even more dynamic with social media."

Clinton Watts. C-SPAN

The online Russian influence campaign aimed at U.S. voters, which began in 2015, ultimately reached 126 million users on Facebook, the company told a recent congressional hearing. Twitter discovered more than 131,000 messages on its platform that could be traced back to the Internet Research Agency in Saint Petersburg, while Google said the Russian organization uploaded more than 1,100 videos – 43 hours of content – on YouTube. Some of the campaigns were amplified by so-called bots, which are fake, automated accounts made to look like real people, but controlled centrally by one person.

Richard Fadden, the former head of CSIS who recently served as security adviser to prime ministers Stephen Harper and Justin Trudeau, believes the Russians, after expanding their cybercapabilities inside the FSB, are now out to make a statement, whether online or through foreign policy.

"[Russia] is unhappy about its position in the world; it is not getting the respect that it thinks it deserves. It has no particular desire, I think, to return to an era of Communism, but it does have the desire to return to the day when it was viewed as a player on every file on the planet, and where it got some respect," Mr. Fadden said.

Richard Fadden. SEAN KILPATRICK/THE CANADIAN PRESS

"In particular, after the fall of the Soviet Union – and this is not a unique thought from me; many, many people have talked about this – we basically gave Russia the back of the hand. And I think most people in governments around the world have now come to regret that."

When it comes to matters of cybersecurity, the West needs to come to terms with its own vulnerability, he said.

"I think it's important for us to recognize that – to use the vernacular – we ain't winning these battles."


What's old is new

It's a staggering statistic: Canada's federal computer systems are probed more than 100 million times a day by suspected hackers, or legions of automated bots looking for vulnerabilities, according to the federal government.

The motives behind those attempted intrusions are, for the most part, never uncovered. They come from all over the globe and can be the work of state-backed efforts or individuals acting alone. Untangling the web is difficult.

When the National Research Council was hacked in 2014, forcing the department to revamp its entire computer system to protect the scientific and industrial secrets it holds, the Canadian government took the unusual step of singling out China publicly as the culprit, although the Chinese denied the allegation.

Similarly, when Moscow faced criticism from the United States this summer over the alleged attacks surrounding the U.S. election, Mr. Putin disavowed any state involvement, but suggested the perpetrators could have instead been "patriotic hackers" inside Russia who acted on their own.

The origins of today's cyberattacks – much like the stacks of odd, unsolicited letters catalogued by the RCMP during the Cold War – are difficult to pin down.

The letters never had their Gouzenko moment, in which the curtain was suddenly pulled back and the hidden plot revealed. The file, relegated to the federal archives long ago, remains an open question.

By today's high-tech standards, the suspected fishing exercise using the mail seems almost quaint. But that doesn't mean it wouldn't have been effective.

"The thing about spying," Mr. Fadden said, "people tend to immediately think about James Bond. But there weren't very many James Bonds. A lot of it is very mundane – somebody from an embassy visits a government department and asks for information or paperwork … develops a relationship with a clerk, and the next thing you know they're being given classified maps. You can't get much more boring than that, but boring is good sometimes."

"And people, I think, are pretty trusting – witness the success of phishing."

Mr. Baratov pleaded guilty in late November to conspiracy to commit computer fraud and eight counts of aggravated identity theft, and will be sentenced in March. The targets of the phishing campaign were spread all over the globe, but the discovery of an FSB-led hacking operation conducted on Canadian soil is an unprecedented event.

The Gouzenko affair showed that Russian spying was more sophisticated than those at the highest levels of the Canadian government in 1945 knew, or were willing to believe. Meanwhile, the stacks of unusual letters indicated – at least in the eyes of the country's defence agencies – that Canada was a target for Active Measures.

And what the Baratov case now demonstrates, along with the well-orchestrated Russian influence campaigns and meddling uncovered on social media, is that similar tactics, though updated, appear to be very much alive and well today.

As the former head of Canada's spy agency, Mr. Fadden doesn't want to be alarmist. He's never seen the file containing the letters, nor is he willing to comment on cases such as the Baratov hacking investigation. But he is a realist.

"It would be, I think, irrational for Canadians to assume that we're not a target."


EXPLAINER


How Canada’s security agencies investigated the Cold War letters

1. Beginning in the late 1940s, a pattern

of strange letters starts to arrive in cities

and towns across Canada from countries

under Russian control.

2. The recipients can’t figure out how

the senders acquired their address.

Some letters seek ongoing correspond-

ence; others have more specific

requests: maps, phone directories, and

photos of Northern ports. People begin

turning these letters in to the RCMP.

3. RCMP detachments across Canada

forward these letters to RCMP head

quarters in Ottawa, which creates a

special section to monitor this strange

correspondence, working with the

Department of National Defence.

4. The RCMP interviews some recip-

ients, and conducts background checks

on others. Some volunteer to take lie

detector tests.

5. Some letters are sent to the

RCMP crime lab for forensic invest-

igation, including chemical and

handwriting analysis.

6. Investigation results are

forwarded directly to the RCMP

Commissioner, who is kept

apprised of the growing file.

7. The RCMP co-ordinates with

authorities in the U.S., where a

similar pattern of letters has been

spotted, including several that

originate from similar areas.

8. The RCMP and the Department of

External Affairs warn recipients to be

wary, questioning the motives of whoever

is behind the letters.

9. In at least one case, in 1948, the gov-

ernment rushes to intercept a parcel

headed from Halifax to East Germany,

after learning that a recipient in Nova

Scotia had responded to one of the

letters, mailing a box containing official

documents, maps, and airline schedules.

10. After being investigated, each letter is

catalogued and placed inside a file

marked “Secret” inside RCMP Headquar-

ters. The files remained classified

throughout the Cold War until recently

being made public

by Archives Canada.

grant robertson and JOHN SOPINSKI/THE GLOBE AND MAIL

How Canada’s security agencies investigated the Cold War letters

1. Beginning in the

late 1940s, a pattern

of strange letters

starts to arrive in cities

and towns across

Canada from countries

under Russian control.

2. The recipients can’t

figure out how the senders

acquired their address.

Some letters seek ongoing

correspondence; others

have more specific

requests: maps, phone

directories, and photos of

Northern ports. People

begin turning these letters

in to the RCMP.

3. RCMP detachments

across Canada forward

these letters to RCMP

headquarters in Ottawa,

which creates a special

section to monitor this

strange correspondence,

working with the Depart-

ment of National

Defence.

4. The RCMP interviews

some recipients, and

conducts background

checks on others. Some

volunteer to take lie

detector tests.

6. Investigation

results are forwarded

directly to the RCMP

Commissioner, who

is kept apprised of

the growing file.

5. Some letters are sent to

the RCMP crime lab for

forensic investigation,

including chemical and

handwriting analysis.

7. The RCMP co-ordinates

with authorities in the

U.S., where a similar

pattern of letters has been

spotted, including several

that originate from similar

areas.

8. The RCMP and the

Department of Exter-

nal Affairs warn recipi-

ents to be wary,

questioning the mo

tives of whoever is

behind the letters.

10. After being invest-

igated, each letter is

catalogued and placed

inside a file marked

“Secret” inside RCMP

Headquarters. The

files remained clas-

sified throughout the

Cold War until recent

ly being made public

by Archives Canada.

9. In at least one case,

in 1948, the govern-

ment rushes to inter-

cept a parcel headed

from Halifax to East

Germany, after learning

that a recipient in Nova

Scotia had responded

to one of the letters,

mailing a box contain-

ing official documents,

maps, and airline

schedules.

grant robertson and JOHN SOPINSKI/THE GLOBE AND MAIL

How Canada’s security agencies investigated the Cold War letters

1. Beginning in the

late 1940s, a pattern

of strange letters

starts to arrive in cities

and towns across

Canada from countries

under Russian control.

2. The recipients can’t figure

out how the senders

acquired their address. Some

letters seek ongoing corre-

spondence; others have

more specific requests:

maps, phone directories, and

photos of Northern ports.

People begin turning these

letters in to the RCMP.

3. RCMP detachments

across Canada forward

these letters to RCMP

headquarters in Ottawa,

which creates a special

section to monitor this

strange correspondence,

working with the Depart-

ment of National Defence.

6. Investigation results are

forwarded directly to the

RCMP Commissioner,

who is kept apprised of

the growing file.

4. The RCMP interviews

some recipients, and

conducts background

checks on others.

Some volunteer to take

lie detector tests.

5. Some letters are sent to

the RCMP crime lab for

forensic investigation,

including chemical and

handwriting analysis.

7. The RCMP

co-ordinates

with authorities

in the U.S.,

where a similar

pattern of

letters has been

spotted, includ-

ing several that

originate from

similar areas.

8. The RCMP and

the Department

of External

Affairs warn

recipients to be

wary, question-

ing the motives

of whoever is

behind the

letters.

9. In at least one case, in 1948, the gov-

ernment rushes to intercept a parcel

headed from Halifax to East Germany,

after learning that a recipient in Nova

Scotia had responded to one of the

letters, mailing a box containing official

documents, maps, and airline schedules.

10. After being investigated, each

letter is catalogued and placed inside

a file marked “Secret” inside RCMP

Headquarters. The files remained

classified throughout the Cold War

until recently being made public by

Archives Canada.

grant robertson and JOHN SOPINSKI/THE GLOBE AND MAIL

(Return to story)