A Weak Link in NATO? Bulgaria, Russia, and the Lure of Espionage

Can Bulgaria remain a member in good standing of the North Atlantic Treaty Organization (NATO)? That question came to the fore on the 19th of March 2021, when the chief public prosecutor’s office in Bulgaria announced that six people, including five officials in the Bulgarian Ministry of Defense and Bulgarian army, had been arrested on charges of spying for Russian intelligence services.

This was just the latest revelation of Russian espionage in Bulgaria in recent years. In September 2019, Nikolai Malinov, a former member of the Bulgarian parliament who led the so-called Russophiles National Movement, one of several pro-Kremlin groups in Bulgaria sponsored by Moscow, was arrested on charges of espionage and money laundering for Russian “patriotic” organizations. Two months later, while awaiting trial, Malinov traveled to Moscow and received an Order of Friendship award from Russian President Vladimir Putin in a Kremlin ceremony shown on Russian television. The award included a stipend of 2.5 million rubles. In 2020, the Bulgarian government expelled five Russian diplomats and the Russian military attaché on grounds that they were using their posts to “engage in activities incompatible with the Vienna Convention on Diplomatic Relations,” a standard way of saying they were engaging in espionage.

In the latest case, Bulgarian prosecutors released damning evidence of the spy ring’s activities, including a 20-minute-long video with excerpts of secret recordings of conversations and intercepted videos. The evidence released so far suggests that financial gain was a key motive of the spies. Although the sums they received were relatively modest (the equivalent of roughly $1,700/month), Bulgaria is a poor country, and income supplements of this size can go a long way.

To be sure, when judging the significance of these arrests and subsequent revelations, circumspection is warranted. The chief prosecutor, Ivan Geshev, who is a close ally of Prime Minister Boyko Borisov, was the target of last year's lengthy mass protests (along with Borisov). Borisov and Geshev are doing their best to use the espionage arrests to help their ruling GERB party in Bulgaria’s parliamentary elections this coming Sunday, portraying themselves as valiant protectors of Bulgaria’s security.

Yet, even if political calculations have influenced the crackdown, the arrests and subsequent disclosures have raised a host of troubling security questions for U.S. and NATO policymakers. The public revelations thus far, along with many questions that have not yet been answered, are undoubtedly generating anxiety in NATO circles about Bulgaria’s role in the alliance.

One crucial thing that is not yet clear is how extensively the Bulgarian army and intelligence services have been penetrated by Russia. The alleged leader of the spy ring, Ivan Iliev, who is 74, underwent training at the Soviet Union’s military intelligence academy in the mid-1970s. Was he compromised during that training in the USSR 45 years ago, or was he a more recent turncoat driven by greed? The presentation given by the Bulgarian prosecutors thus far suggests the latter, but certain comments Iliev made in discussions with his wife as recorded on the eavesdropping tapes point to longer-term relationships. Iliev’s wife, Galina, is a joint Russian and Bulgarian citizen, and she was the alleged liaison between the spy ring and the Russian embassy in Sofia. She was among the six arrested earlier this month.

Galina Ilieva’s two main contacts at the Russian embassy, Maksim Rybkin and Aleksandr Zinkin, who were serving as the first and second secretaries of the embassy but in reality were working for Russia’s Foreign Intelligence Service (SVR), were declared persona non grata by the Bulgarian Foreign Ministry on 22 March and forced to leave the country. (Zinkin’s departure has been delayed somewhat because he is being treated for COVID-19.)

We know from the wiretaps that, several weeks before the six suspects were arrested, Rybkin and Zinkin had ordered the spies to suspend their operations for the time being. This suggests that the SVR officers had somehow learned that Bulgarian counterintelligence was going to clamp down. How did the Russians find this out? There is no way yet to know. Most likely, someone high up in Bulgarian security structures tipped them off, but whoever it was has not yet been identified. Presumably, the Bulgarian authorities at this stage do not know who let the SVR know about the impending crackdown.

The lack of clarity about this matter is just one of many reasons to be concerned about the extent of the Russian intelligence services’ penetration of the Bulgarian government and army. Iliev made his career in Bulgarian military intelligence during the Communist era and the first two decades after Communism. After retiring, he continued to work for Bulgarian military intelligence in overseeing the training of new military intelligence officers, a task he performed for several years. In light of what we know now, one can only wonder how many of these up-and-coming military intelligence officers he recruited to spy for Russia. Investigations of Iliev’s training classes are now under way, but unless Iliev cooperates, the full extent of his recruitment activities may never be known.

What we do know is that the military police officers who were sent to detain Iliev on 19 March ended up trying to help him escape. They left him unattended in a coffee shop, and he used the opportunity to flee. His escape was just barely foiled by Bulgarian counterintelligence agents who had been deployed to the Russian embassy to prevent defections. They apprehended Iliev outside the embassy, where he had apparently been planning to seek asylum.

Although none of the military police have yet been arrested, the apparent complicity of them in Iliev’s attempted escape suggests that the scandal is much wider than initially thought. Until January 2021, the Military Police Service was under the command of General Borislav Sertov, who is now serving as an aide to the Bulgarian military attaché in Russia. Reports in the Bulgarian press indicate that Bulgarian counterintelligence investigators are going methodically through Sertov’s record as head of the military police to see whether he corrupted the service and allowed Russian intelligence personnel to infiltrate sensitive military facilities in Bulgaria. Sertov has denied holding “any unregulated meetings on any occasion with employees of the Russian Embassy in Bulgaria,” but investigators have said off the record that something seems to have gone badly awry under Sertov’s watch.

Three of the others arrested on 19 March were military intelligence officers. One of them, Lyubomir Medarov, who served earlier as a diplomat as well as a military intelligence officer, had until now been in charge of the Bulgarian parliament’s office of classified communications and information. The Bulgarian authorities have not yet given a full catalog of the information allegedly handed over by Medarov, but it is clear on the surveillance tapes that he was responsible for acquiring extremely sensitive material not only about Bulgaria’s national security policies but also about the country’s connections with NATO, including the U.S. military forces who operate at a military training ground in Novo Selo in eastern Bulgaria. The tapes also indicate that Medarov and another military intelligence officer, Dimitar Ulakhov, who was also arrested on 19 March, were perfectly willing to turn over as much of this information as possible to the SVR in return for payment.

The full extent of the damage caused by another of the alleged spies, Colonel Petar Petrov, who had broad responsibility for budgeting and programs at the Ministry of Defense, also is not yet possible to gauge. Petrov had access to the most highly classified documents and cable traffic, including sensitive items from NATO’s newly established Maritime Coordination Center in Varna on Bulgaria’s Black Sea coast, and Bulgarian counterintelligence officers reportedly believe that a great deal of this information has been compromised.

During the Communist era, Bulgaria was a staunchly loyal Warsaw Pact ally of the Soviet Union. The vestiges of the Communist era only gradually dissipated in Bulgaria after the long-time ruler, Todor Zhivkov, was ousted in 1989. Even after Bulgaria became a member of NATO in 2004 and a member of the European Union in 2007, the country remained in an odd position. Bulgaria relies on Russia for nearly 100 percent of its energy imports. When Western oil companies informed the Bulgarian government fifteen years ago that sizable energy reserves in Bulgaria could be extracted through hydraulic fracturing (fracking), the Russian authorities created and funded an anti-fracking protest movement in Bulgaria. Unfortunately, the Bulgarian parliament succumbed to the demands of this phony protest movement and banned all fracking, leaving the country almost entirely dependent on Russia for energy.

Such heavy dependence on Russian energy supplies would be risky in itself, but the latest revelations about the penetration of Bulgaria’s national security bodies are much more troubling. Bulgaria’s allies in NATO will certainly be pressing for a full accounting. Although U.S. officials may be wary of disclosing too much of what they themselves have been able to find out from various sources, they should err on the side of providing whatever information is needed to help the Bulgarian government uproot the Russian spy networks that see Bulgaria as a weak link in NATO. If the Bulgarian government pursues only a lackadaisical investigation and doles out only minor disciplinary measures, NATO will have to reassess Bulgaria’s long-term role in the alliance.