Russian Collection Against German Intelligence Services: Access to Personnel, Procedures and Infrastructure
24. Juni 2026
Richard Krauss
The Essentials in 30 Seconds
The BND and BfV face increased collection pressure. Personnel, facilities, access systems and security procedures constitute separate intelligence targets.
No public attribution links the reported incidents at BND sites to Russian services. The confirmed assessment concerns the particular Russian collection interest in employees of German intelligence services.
Drone flights, vehicle surveillance, test contacts at access points and approaches toward employees can produce data on response times, security zones, technical installations and personal contact surfaces.
Intelligence facilities require local C-UAS sensors, pre-arranged JÜKO procedures, fixed police interfaces and integrated assessment of physical, digital and personnel-related indicators.
Russian intelligence services treat German security authorities as operational target environments. Relevant collection targets include classified material, technical capabilities, source access, security procedures, infrastructure and personnel.
Access controls, guard routines, alerting procedures, technical protection measures, energy supply, delivery traffic and employee movement patterns provide information on the protection level, response time and vulnerabilities of a facility.
Publicly known suspected incidents include conspicuous visitors at BND headquarters, drone overflights, repeatedly observed vehicles, possible surveillance of employees, unusual contact attempts and an alleged fence breach at the Centre for Intelligence Training and Further Education.
The Federal Office for the Protection of the Constitution assesses its employees as subject to particular Russian collection interest because of their access to state secrets. The threat situation is continuously assessed with national and international partners. Protective measures are adjusted according to the situation.
Suspicion Indicators and Attribution
The BND does not publicly comment on operational security incidents. The known events therefore rely largely on information from security circles and internal sources.
No public attribution links any of the described individual cases to a Russian intelligence service. Individuals mentioned in connection with certain incidents and described as belonging to the Chechen community cannot be assigned to a foreign service without investigative files, communications data, verified tasking relationships or substantiated operational contacts.
Origin, community affiliation or prior awareness by authorities do not establish proof of intelligence activity. The open-source record does not support identification of a Russian operational group targeting BND headquarters.
The known incidents have increased internal sensitivity. Employees are expected to report observations, contact attempts and irregularities even where they appear minor or inconclusive.
Since early 2026, armed guard personnel have patrolled BND headquarters. The measure increases deterrence against spontaneous approaches, test contacts and physical breach attempts. It reduces the time required to challenge a person at the site. Any change in rules of engagement, authorities or intervention thresholds is not publicly established.
Collection Fields
Foreign services do not require access to protected building areas to assess security architecture. Visitor flows, checkpoints, shift changes, access routes, delivery traffic, lines of sight, camera locations and alerting procedures can be recorded over extended periods.
Repeated test contacts at entry points can reveal identity-verification procedures, communication chains, reinforcement times and guard-force behaviour. Vehicles operating around a facility can record personnel movements, parking patterns, shift changes, security zones and control routines.
Operational value emerges through data fusion. Physical observations can be combined with satellite imagery, open geospatial data, publicly available building photographs, delivery patterns, digital profiles and technical signatures. This enables the gradual mapping of technical installations, access areas, movement corridors and possible contact surfaces.
Employees expand this collection picture. Commutes, recurring locations, communication habits, private contact surfaces, foreign connections and personal stress factors can provide opportunities for approach, surveillance, coercion or recruitment.
Russian services can distribute individual tasks among travelling operatives, recruited auxiliaries, criminal contractors, digital contact channels and short-duration surveillance operations. This division of labour reduces the visibility of a coherent operation and complicates attribution.
Drone Reconnaissance and C-UAS Command Arrangements
Small unmanned aerial systems enable close-range reconnaissance against intelligence facilities. They can capture roof areas, antenna systems, technical structures, access routes, visual screening, entry zones, guard positions and movement patterns.
Brief overflights are sufficient to compare imagery with mapping material, building photographs, traffic observations and digital pre-reconnaissance. This can reveal technical equipment, security zones, lines of sight and possible approaches.
The Joint Drone Defence Centre of the federal and state authorities consolidates information, produces situational pictures, assesses threats and coordinates cooperation among relevant agencies. It does not command a tactical response at an individual BND or BfV facility.
The immediate response begins at the site. Object-protection personnel must detect and document the aircraft, alert the responsible operations centre and involve the locally competent police authority. The police lead immediate hazard response. The Federal Police and specialised C-UAS units can provide technical support, detection, tracking and counter-UAS capabilities.
The Bundeswehr may support Länder and police authorities through administrative assistance in qualified threat situations. The use of military capabilities remains dependent on a formal request, the assessed threat level, availability and military command approval.
JÜKO procedures must be established before an incident occurs at intelligence facilities. Required elements include named points of contact, alerting routes, readiness timelines, handover points, communications channels, technical interfaces and responsibility for securing possible launch sites.
Without pre-arranged JÜKO procedures, coordination begins only after detection. During a short reconnaissance flight, the operator may already have left the operating area before specialised forces arrive or countermeasures are authorised.
Four capabilities must be available at the facility:
Sensors to detect aircraft, radio links and possible launch points.
Binding operational protocols between object protection, police, Federal Police and the intelligence operations centre.
Technical means for identification, tracking, evidence preservation and, where legally permitted, disruption or seizure.
Investigative capability to identify the operator, control device, communications channels and possible preparatory reconnaissance in the surrounding area.
Repeated drone flights must be cross-checked against vehicle surveillance, contact attempts, personnel links and technical signatures. This fusion enables a substantiated intelligence assessment.
Facilities, Contractors and Resilience
BND headquarters in Berlin has layered access controls, technical protection measures and independent energy supply. These measures reduce the risk of direct intrusion and stabilise operations during outages.
Outstations do not necessarily operate at the same protection level. Structural security and resilience requirements at individual sites include perimeter protection, access control, video surveillance, energy supply, communications redundancy, technical surveillance countermeasures and C-UAS coverage.
IT maintenance, building systems, energy supply, telecommunications links, security services and logistics create external entry vectors. Maintenance contractors may require access to technical rooms, network components, power systems, roof areas or restricted zones. Supply chains can reveal operating rhythms, technical equipment, contact personnel and access routines.
Security planning must include contractors, maintenance windows, remote-access arrangements, spare-parts chains and technical handover points. A compromised contractor can enable access to sensitive areas or provide information on physical and technical protection structures.
Intelligence operations under hybrid pressure require secured energy supply, redundant communications, protected personnel access and resilient emergency command. Disruption across several of these areas can simultaneously affect information protection, intelligence processing and crisis communications.
Personnel Security
External collection targets security procedures, movement patterns and technical infrastructure. The Carsten L. case additionally demonstrates the operational value of human access within an intelligence service.
The Federal Prosecutor General brought charges of particularly serious treason against former BND employee Carsten L. and Arthur E. According to the indictment, Carsten L. allegedly provided nine documents from internal BND systems. The material concerned a project for technical intelligence collection.
Arthur E. allegedly transported the material to Moscow and transferred it to FSB personnel. The FSB allegedly transmitted specific questions that were answered using information from BND holdings.
Insider access can provide capability profiles, source-related information, technical procedures, priorities, dependencies and operational vulnerabilities. External observation cannot generate information at comparable depth.
Personnel security must continuously assess contact patterns, financial irregularities, digital risks, foreign links, unusual information requests, behavioural changes and access profiles. Indicators from human resources, IT security, counter-intelligence, specialist units and senior management must converge in a common security picture.
Protection Priorities
The BND and BfV require binding C-UAS response concepts for sensitive facilities, with clearly assigned roles. Object protection detects and documents. The locally competent police authority leads hazard response. The Federal Police and the Joint Drone Defence Centre provide technical and analytical support in qualified incidents. Administrative-assistance procedures with the Bundeswehr must be prepared in advance for incidents involving high potential damage.
Protection of employees must continue beyond facility boundaries. Personnel in exposed functions require defined reporting channels for surveillance, contact attempts, digital anomalies and unusual observation. Counter-intelligence and personnel security must cross-check these reports against technical and physical incidents.
Repeated drone flights, vehicles operating in the vicinity, test contacts at entry points and anomalies in personal environments must not remain distributed across separate jurisdictions. The common operational picture must identify recurring patterns, location links, personnel links and technical signatures. This supports decisions on enhanced protection, investigative measures and counter-intelligence activity.
References
tagesschau / WDR
tagesschau . de / investigativ / wdr / spione-sicherheit-100 . html
Federal Office for the Protection of the Constitution
verfassungsschutz . de / SharedDocs / publikationen / DE / spionage-und-proliferationsabwehr / 2025-05-gefaehrdungen-durch-russische-spionage-sabotage-und-desinformation . html
Federal Ministry of the Interior
bmi . bund . de / SharedDocs / pressemitteilungen / DE / 2025 / 12 / gdaz-dez . html
Federal Government
bundesregierung . de / breg-de / aktuelles / aenderung-luftsicherheitsgesetz-2394310
Federal Prosecutor General at the Federal Court of Justice
generalbundesanwalt . de / SharedDocs / Pressemitteilungen / DE / 2023 / Pressemitteilung-vom-08-09-2023 . html