A German national accused by counterintelligence officials in Germany of being part of a Russian influence operation traveled to the United States last year and met with a host of U.S. cybersecurity officials from the Department of Homeland Security and public utility companies as well as corporate executives from Amazon and Microsoft—all of whom were seemingly unaware of his controversial status back home.
On Nov. 11, 2019, Hans-Wilhelm Dünn, president of the German Cyber-Security Council, a Berlin-based non-governmental association, visited the Department of Homeland Security in Washington, D.C. He posted photos on Twitter showing him smiling beside Deputy Assistant Secretary Richard Driggers and a number of other DHS officials. Several days earlier, on his first night in the United States, Dünn dined with Michael Chertoff, former secretary of homeland security and now the CEO of the Chertoff Group, a security risk and management company. More pics followed, including one of Dünn and Chertoff shaking hands and scenic night shots of the White House and the Washington Monument.
The meetings and visual evidence of them might have otherwise counted as any other ho-hum calendar event for America’s busy national security establishment and the many friendly specialists from overseas looking to liaise with it. Except there was one very glaring and easily google-able problem: about six months before he arrived in America, Dünn had been publicly exposed in the German media as having numerous links to Russian intelligence and influence operations, including one financed by the U.S.-sanctioned oligarch Yevgeny Prigozhin.
As a result of the exposés the German government announced it was distancing itself from Dünn’s Cyber-Security Council (CSRD) owing to its proximity to a high-ranking officer from Russia’s Federal Security Service, or FSB, the country’s domestic spy agency.
Michael Chertoff declined to comment. Richard Driggers did not respond to The Daily Beast.
The cause for Berlin’s concern was a memorandum of understanding between the CSRD and the Moscow-based National Association of International Information Security (NAIIS), a “voluntary corporate association” set up in 2018 to “promote the implementation of the state policy of the Russian Federation in the field of international information security,” signed by Dünn in the Bavarian resort town of Garmisch-Partenkirchen in April 2019. The other signatory was the president of NAIIS, Vladislav Sherstyuk, a Russian who began his career with the KGB back in 1966 and eventually rose to the rank of general-colonel. Sherstyuk headed the Third Department of Federal Agency for Governmental Telecommunications and Information (FAPSI), Russia’s electronic intelligence and surveillance agency, akin to the NSA.
“This looks very much like Russian influence, like a Russian influence strategy ”
— Gerhard Schindler, former head of Germany’s Federal Intelligence Service
According to Andrei Soldatov and Irina Borogan, authors of The Red Web, a book about Russia’s online surveillance state, “All Russian centers of electronic espionage abroad were subordinated to this department, including the radio interception center at Lourdes in Cuba, which was in charge of monitoring and intercepting radio communications from the United States.” Sherstyuk, they write, “was a spymaster, determined to exploit communications to steal US secrets and protect Russia against espionage of the same kind.” He was later promoted to director of FAPSI before being appointed to the Russian Security Council.
Since 2007, Sherstyuk has rented out the Atlas lodge-hotel in Garmisch-Partenkirchen, in the Bavarian Alps not far from NATO’s Marshall Center for Security Studies, to host an annual cybersecurity conference, drawing all manner of international attendees including U.S. officials. In fact, the conference was established, according to Soldatov, for Russian cybersecurity types to “have a dialogue” with U.S. counterparts in an informal setting. However, in the past six years, following Russia’s occupation of Crimea and especially after Russian military intelligence hacked the Democratic Party correspondence, U.S. officials have mostly shied away.
CSRD is an independent association of companies, governmental bodies and individuals. NAIIS, then, would seem an eyebrow-raising choice for a partner for any Western cybersecurity organization, let alone one with such close contacts in NATO governments and strategically important member companies such as aerospace and defence conglomerate Airbus and Germany’s national rail firm Deutsche Bahn.
The memorandum Dünn and Sherstyuk signed had all the hallmarks of a formal bilateral agreement even though it was inked by two non-governmental organizations, which, the document stated, would “proceed from the importance of facilitating” a U.N. resolution and inaugurate organizing committees and working groups. Further hammering home the official-seeming nature of the text was how it was billed on NAIIS’s website, as a memorandum between “Russia and Germany.”
“This looks very much like Russian influence, like a Russian influence strategy,” Gerhard Schindler, the former head of Germany’s Federal Intelligence Service, told broadcaster ARD about the memorandum in June 2019. Schindler added that the title of Dünn’s registered association, Cyber-Sicherheitsrat Deutschland, was “confusingly similar” to the government’s own Nationaler Cyber-Sicherheitsrat (National Cyber-Security Council), founded in 2011. “Especially abroad,” Schindler said, “it can look like someone is speaking for the German Federal Republic, which is not the case at all.”
The confusing similarity was likely the point.
Dünn’s social media postings demonstrate that his engagement with Western security experts and government officials has coincided with his work for a series of Kremlin-connected enterprises, many involving members of fascistic political parties in Europe.
“An official from a NGO is far less threatening to a government official, and hostile foreign intelligence services are certainly interested in recruiting from that sector.”
— Marc Polymeropoulos, former CIA acting chief of operations for Europe
In March, 2018, for instance, Dünn travelled to Russia’s Krasnodar region where, in the name of the CSRD, he had served as a an “electoral observer” during the presidential ballot that was described by the Organization for Security and Co-operation in Europe (OSCE) as “choice without real competition,” while noting “inappropriate pressure” on voters and the absence of critical media coverage.
Dünn wasn’t there as part of the OSCE mission, however, nor any other independent international delegation. He had been invited directly by Leonid Slutsky, chairman of the State Duma Committee on International Affairs and a member of the far-right Liberal Democratic Party of Russia—a constituent of the so-called “systemic” or state-managed opposition to Vladimir Putin whose leadership ostentatiously traffics in overt racism and irredentist rhetoric about former Soviet-occupied countries, including current NATO member-states. Other participants in this carefully curated “observation mission” in Krasnodar included Mylène Troszczynski and Gilbert Collard of France’s far-right Front National, and Czech Communist Jaromír Kohlíček, who has previously travelled with Slutsky to visit Bashar al-Assad in Damascus.
Dünn was far more complimentary about the vote in southern Russia than any legitimate international observer mission. “The atmosphere was pleasant,” he was quoted by the local council magazine as saying. “I liked the level of organization. I think that this electoral campaign can be called truly innovative due to the high level of automated infrastructure. Furthermore, we saw the realization of various election organizers’ ideas aimed at motivating people to take part in voting. It’s important that young people were included in the electoral process.”
In 2018, Dünn joined another Russian “electoral observation” mission, this one run by the Association for Free Research and International Cooperation (AFRIC), an organization overseen and financed by Russian oligarch Yevgeny Prigozhin, Putin’s caterer and the now-notorious underwriter of mercenaries, internet trolls and political technologists. The mission was to support Prigozhin’s operatives who were working to help manage the election of Emmerson Mnangagwa several months after he seized power in Zimbabwe from Robert Mugabe, his former colleague in the Zimbabwe African National Union – Patriotic Front party. The AFRIC observers were dispatched to provide glowing reports of a free and fair ballot at polling stations.
Dünn was part of a small team that included Serbian ultra-nationalist Dragana Trifkovic and Swedish neo-Nazis Sanna Hill and Vavra Suk. The tour even featured a photo-op at the home of Robert Mugabe, the longtime Zimbabwean dictator who was ousted in a military coup in 2018.
He was therefore involved with three different key Russian intelligence or influence operations, occupying a similar position to the fringe, far-right activists who make up the Kremlin’s most agents of influence.
So why was he granted access to top-level U.S. cybersecurity personnel and establishments? And why did so many Americans, including those with security clearances, agree to meet Dünn in the first place? His engagement with past or present U.S. officials goes back years. In 2014, for instance, he met with Melissa Hathaway, the former head of President Obama’s Cyberspace Policy review, and made two further tours in 2018 including to the California Public Utility Commission. The latter set of trips followed Dünn’s electoral “observation” missions to Russia and Zimbabwe. Only weeks after he returned from Harare, Dünn posted a photo of the NSA headquarters in Fort Meade, Maryland.
None of his background would have been hard to pick up from even an open-source counterintelligence survey. Dünn advertised everything on his own Twitter feed. He’d also been the subject of several news reports on German newspapers and network TV just before he touched down in Washington in November 2019. None of that stopped him, however, from making a bicoastal tour of America, all of it well documented on his social media. After D.C., he traveled to Seattle, where he held meetings at and toured the headquarters of Microsoft and Amazon, and then to Los Angeles, for another summit with DHS officials at the mayor of LA’s Cyber Security Center.
“Oh, fuck,” was the response of the CEO of one digital security company still listed as a member of CSRD when The Daily Beast explained who headed this seemingly innocuous German NGO. (The CEO asked to remain anonymous for this article.) Palo Alto Networks confirmed it was still a member of CSRD in an email. Palantir and Microsoft, also listed on CSRD’s website, did not respond to a request for confirmation.
Americans weren’t the only ones apparently oblivious to the German’s Moscow connections. He was also granted meetings in 2018 in Paris with Guillaume Poupard, director general of the National Agency for Information System Security, as well as other senior law enforcement figures. The following year, just weeks after the ARD programme went out, he was participating at a cybersecurity conference in Estonia.
It seems likely that the official-sounding nature of his organization, its membership of major companies, and its close prior cooperation with the German government, enabled Dünn to evade scrutiny and gain privileged access.
According to Marc Polymeropoulos, the former acting chief of operations for Europe and Eurasia at the CIA, “an official from a NGO is far less threatening to a government official, and hostile foreign intelligence services are certainly interested in recruiting from that sector. A well-placed and well-trained agent even in the private sector can capitalize on contacts within government circles to elicit and obtain secret foreign intelligence information or be used for spotting other recruitment targets inside government entities. The source would be able to provide travel information as well, perhaps at out of country conferences, where a separate approach would be made that would protect the source.”
It certainly didn’t help that prior to the NAIIS fiasco, the German Foreign Ministry continually allowed CSRD to hold events at its embassies abroad and to accompany diplomats to cybersecurity forums. For example, in 2018, Dünn visited Australia and joined German diplomats, including the embassy’s head of mission in Canberra, at Macquarie University for a discussion with Mike Burgess, who was then the director of the Defence Signals Directorate, Australia’s NSA equivalent.
Dünn appears to have used the CSRD as a vehicle to gain access to some of the top cybersecurity officials in the world, not only in the countries discussed above, but also Israel, the U.K., and numerous other European states. Particularly concerning are his visits to critical infrastructure-related security centers such as the California Public Utilities Commission, the North American Electric Reliability Corporation or the New York Fire Department.
In Germany, Dünn’s questionable ties have registered more urgently, at least at certain levels of government, while his connections to other, lower levels appear to have indemnified him. His former business partner, friend and cofounder of CSRD, Arne Schönbohm, now heads the Federal Office for Information Security (BSI), Germany’s cyberdefense agency. Schönbohm and Dünn are still in contact, judging from the latter’s revealing online photo reel—this, in spite of the fact that the Federal Ministry of the Interior (BMI) ordered BSI and its staff not to have any further dealings with CSRD. Berlin’s position being that “there was no longer a sufficient basis for trustworthy cooperation” with Dünn’s outfit.
As for that scandalous memorandum between CSRD and NAIIS, it was terminated in October 2019 owing to the media furore it generated. Yet Dünn continues to appear on German TV as a cybersecurity expert.
Additional reporting by Anton Shekhovtsov.