The Secret Lives of Spies: Through the Eyes of an Innocent Child

Imagine an 11-year-old girl living a quiet life in Slovenia as an Argentinian expatriate. Her parents seem like any other couple, blending into their surroundings. She has a cozy home, friends, and a sense of security. But in December 2022, just as her family is preparing for Christmas, everything falls apart. Slovenian police raid her home and arrest her parents. For over a year, she remains in the dark, unaware of the truth about who her parents really are. 

The authorities don’t explain the situation to the girl or her younger brother. They are sent to foster care, continuing their education at an international school in Ljubljana. For months, they are left to wonder why their family was torn apart. Meanwhile, their parents become the focal point of an international spy scandal, a secret kept from their children until their parents' shocking return.

Finally, after a year of confusion and fear, she is reunited with her parents and escorted onto a plane. It’s only as the plane departs Slovenia that her mother tearfully explains the truth: they are not Argentine, nor Slovenian. In fact, the girl is Russian, heading to a country she’s never known. Her entire identity, including her name, was a fabrication.

Her parents—whom she thought were Maria Rosa Mayer Munos and Ludwig Gisch, an art gallery owner and IT specialist—are actually Russian sleeper agents Artyom and Anna Dultsev. Their ordinary lives were a cover for their espionage activities, connecting sleeper cells across Europe. This revelation turns the girl’s world upside down. On the flight to Moscow, she begins to comprehend that her parents were far from the suburban entrepreneurs she believed them to be. 

Upon arriving in Moscow, her confusion grows. Her parents, excited, inform her that they are about to meet someone very important—someone instrumental in their safe return. She steps off the plane onto a dark, unfamiliar tarmac, where everyone speaks Russian, a language foreign to her. Her parents had always spoken Spanish and English. An older man, small but commanding, greets her parents and then turns to her and her younger brother. With a smile, he says, “Buenas noches.” The man is Vladimir Putin, Russia’s president—a name the girl has never even heard.

The life of a sleeper agent may sound like fiction, but it has been a critical component of espionage throughout history. Russian sleeper agents live undercover in foreign countries, often for years, posing as ordinary citizens while secretly gathering intelligence. Unlike active agents, sleepers avoid immediate engagement, instead blending into society until called upon for a mission.

This case is reminiscent of the 2011 FBI operation known as Ghost Stories, where 10 Russian “Illegals” were arrested after years of living covertly in the United States. Both cases show the complexity and scope of Russia’s deep-cover operations, where agents live seemingly normal lives while collecting intelligence to influence global politics.

In another similar case, Tim and Alex Foley, sons of Russian spies Donald Heathfield and Tracey Foley, were living in suburban Massachusetts, oblivious to their parents' true identities. The 2010 FBI sting revealed their parents were Russian operatives Andrei Bezrukov and Elena Vavilova, who had lived under forged Canadian identities for years. The children, like the Dultseva siblings, were completely unaware of their parents' espionage, thinking they were Canadian.

After their parents' arrest, Tim and Alex were flown to Moscow and learned the truth about their parents’ secret lives. Their world, much like the Dultseva children’s, was upended by a history hidden from them.

The arrest of Artyom and Anna Dultsev was part of a larger high-profile prisoner swap involving the United States, Russia, and several other nations. The Dultsevas were among eight Russian agents held across various countries, traded for 16 political prisoners, including four Americans. Among them were journalist Evan Gershkovich and former Marine Paul Whelan, who had been wrongfully detained in Russia for years.

The Russian "illegals" program is a nightmare for Western counterintelligence. Agents like the Dultsevs can live for decades under fabricated identities, making them nearly impossible to detect. Your friendly neighbor could be a sleeper agent quietly gathering intelligence, or your pickleball partner might be sending clandestine messages back to Moscow. The difficulty in locating such operatives makes the program highly effective but poses a substantial security threat.

As a new counterintelligence operative for the FBI, our briefings on the Russian illegals program were grim because uncovering sleeper agents is a daunting task. Operations like Ghost Stories take years of surveillance and investigation to uncover just one network. The personal cost is often devastating, with innocent children caught up in a world of espionage they never chose. Families are destroyed as secrets emerge, leaving a trail of broken lives and altered identities. The geopolitical stakes are high, but the human cost is immeasurable.

News Roundup

Instagram seeks privacy for teens

Instagram recently introduced privacy-focused changes for teens, including default private accounts for new users under 16 and stronger detection of suspicious adult interactions. These changes come as teens face growing risks of bullying, harassment, scams, and sextortion online. For parents, this is an ideal time to initiate conversations about online privacy, helping their children stay safe in the digital world. By understanding these updates, families can foster stronger habits around digital safety.

Iran’s Election Interference

An Iranian state-sponsored hacking group targeted both the Biden and Trump political campaigns, successfully stealing emails from the Trump campaign and then shared them with Democrats. According to the FBI, in late June and early July, Iranian cyber actors sent unsolicited emails to individuals associated with President Biden's campaign, containing excerpts from stolen, non-public material from former President Trump's campaign. There is no information indicating that the recipients responded. Additionally, since June, these Iranian actors have continued efforts to send stolen Trump campaign material to U.S. media organizations. The Trump campaign called for Democrats to disclose any use of the hacked material. The Harris campaign stated they cooperated with law enforcement, were unaware of any material being sent to them, and condemned foreign interference in U.S. elections.

Is your device a Chinese spy?

The FBI has dismantled a massive botnet called Raptor Train, which Chinese state-sponsored hackers used over four years to attack government agencies, telecoms, defense contractors, and other targets in the U.S. and Taiwan. Comprising mainly small office and home routers, surveillance cameras, and other Internet-connected devices worldwide, the botnet cycled through 260,000 compromised devices and peaked at over 60,000 in June 2023, according to Black Lotus Labs. This operation reflects a consistent pattern by Chinese intelligence to employ such tactics for spying on Western countries. (More at Ars Technica)

Ransomware on the rise

A recent report from SpyCloud reveals critical insights into the ongoing rise of ransomware attacks. According to the report, 75% of organizations experienced multiple ransomware incidents in the past year. One emerging tactic is session hijacking, where attackers steal session cookies (data that keeps users logged in) to impersonate legitimate users without needing their passwords. This method bypasses traditional security measures like multi-factor authentication (MFA). SpyCloud found that 54% of devices infected by malware in the first half of 2024 had antivirus protection, suggesting that next-gen cybersecurity strategies are critical (More at SpyCloud)

Did you catch my keynote at Druva’s Cyber Summit?

Last week I explained how attackers often exploit trusted insiders or compromised credentials, making these threats difficult to detect. As one possible solution, I emphasized the need for early detection and continuous monitoring, supported by AI-driven solutions to flag suspicious behaviors. Read more recaps at Druva’s post.

Is your information on the dark web?

Recently nearly 3 billion records containing all our sensitive data was exposed on the dark web for criminals, fraudsters and scammers to data mine for identity fraud. Was your social security number and birthdate exposed? How can you check and what can you do about it? Cybersecurity company Aura published a handy guide to help you answer these questions. Want to try Aura? Use this link. My subscribers get up to 60% off.

Have any questions about cybersecurity or a topic you’d like me to cover? Reply to this email or comment on the web version, and I’ll include your question in next month’s issue!

Thank you for subscribing to Spies, Lies and Cybercrime. Please comment and share the newsletter. I look forward to helping you stay safe in the digital world.

Best,
Eric

Let's make sure my emails land straight in your inbox.

Gmail users: Move this email to your primary inbox

On your phone? Hit the 3 dots at top right corner, click "Move to" then "Primary."

On desktop? Close this email then drag and drop this email into the "Primary" tab near the top left of your screen

Apple mail users: Tap on our email address at the top of this email (next to "From:" on mobile) and click “Add to VIPs”

For everyone else: follow these instructions