At the start of June, Admiral Robert Bauer, head of NATO’s military committee, announced that the military alliance had finalized plans to recognize state-backed cyberattacks on its members as a dedicated pretext for activating Article 5. Reportedly “a joint decision of all allies,” from now on, foreign hacking blitzes can be countered with a collective NATO response, up to and including military measures. Bauer’s disclosure passed the media by entirely—but this is a seismic development, heralding a modern, digital form of “false flag.”

Article 5, which provides for collective defense in the event a NATO member is attacked, was a core component of the military alliance’s founding treaty. While it has been invoked just once—by the U.S., in the wake of 9/11, to invade Afghanistan—there have been efforts to spark it before and since. Most recently, in November 2022, the government of Ukraine falsely declared a missile fired by Kyiv that struck Poland, killing two people, was Russian in origin.

The purpose of this deceit was undoubtedly to embroil NATO formally and directly in the proxy war. Wise to the ruse, U.S. officials harshly rebuked President Volodymyr Zelensky publicly for the world war-threatening fraud. Such incidents amply underline Article 5’s susceptibility to abuse. Yet apparently, military alliance chiefs—and the bloc’s members—are keen to ever-expand its terms well beyond its initial remit. Adding cyberattacks to the roster of grounds for collective response is a long-standing objective.

In August 2019, NATO Secretary General Jens Stoltenberg authored a bombastic op-ed declaring the military alliance would “guard its cyber domain and invoke collective defense if required.” A “serious cyberattack” on one member state could be “treated as an attack against us all,” he wrote, triggering Article 5 in the process. Fast forward two years, and Keith Alexander, U.S. National Security Agency director 2005-2014, called on the “Five Eyes” global spying network to construct a unified global cyberattack “radar”:

“Imagine if we built a radar picture for cyber that covered not only what impacts Australia, but what impacts other countries, and we could share, in real time, threats that are hitting our countries…What we can do is share information and work together…Cyber is going to be hugely important for our future. It’s the one area where adversaries can attack Australia and the U.S. without trying to cross the oceans…We have this anomaly: how are you gonna defend that which you can’t see?”

Alexander, who lied brazenly to the public about his agency’s spying capabilities—including while testifying under oath to Congress—during his time as NSA chief, suggested this worldwide dragnet would contribute significantly to collective defense, in the obvious spirit of NATO’s Article 5. Given “proposals” for Orwellian, futuristic resources from Western politicians and military and intelligence officials almost invariably presage their real-world rollout, we can only assume, in light of Bauer’s announcement, that such a “radar” is coming.

“Security Failures”

This interpretation is reinforced by Bauer remarking that invoking Article 5 could only happen once it was confirmed a cyberattack was carried out by a state actor, and not by a private person or structure. “In that case, it would not be clear who to go to war with,” he added. It is certainly a source of some relief that NATO is committed to securing clarity on “who to go to war with” before launching a military “response” to a cyberattack.

However, these comments illuminate a very obvious, grave problem with adding cyberattacks to Article 5’s ambit. Identifying who or what is responsible for them to an absolute certainty is extremely difficult. This task is further complicated by a frequent lack of certainty over whether hackers operating from a particular state are doing so at the behest of authorities. For example, much has been made in Britain recently of  Russian hacking group Qilin, which supposedly infiltrated NHS servers.

Mainstream media reports have universally framed Qilin as a malign instrument of the Kremlin, although whether Russian officials command the group, let alone even know of its very existence, is far from clear. A representative iNews article refers to Qilin as “a syndicate made up of more than 100 groups…not believed to be under the direct control of the Russian government.” Instead, Qilin is “a useful tool of global disruption that the Kremlin is happy to turn a blind eye to.” (Emphasis added.]

Further muddying the picture, it has been confirmed that Western intelligence services can falsely attribute cyberattacks, with devastating effect. In 2017, secret CIA files published by WikiLeaks revealed how the agency masked its hacking exploits, to make it appear that another country—such as China, or Russia—was responsible. Dubbed “Marble Framework,” among other things the resource inserts foreign-language text into malware source codes to misdirect security analysts. The Framework can obfuscate in this manner via Arabic, Chinese, English, Farsi, Korean and Russian.

Moreover, CIA hackers employ crafty tricks and double bluffs to reinforce these bogus attributions, such as creating the appearance of attempts to conceal foreign-language text. Thus, forensic investigators are successfully conned into concluding even more strongly that the country framed by Langley is responsible. Unbelievably, this seismic disclosure prompted no Western journalist to reappraise the widely received narrative that Moscow’s GRU was responsible for the hack and leak of damaging Democratic National Committee emails in 2016. 

That conclusion, universally reinforced by the Western media, was initially peddled by Matt Tait, a former GCHQ spy. He did not base his conclusions on anything technical, but “basic operational security failures” he detected on the part of the individual(s) who released the communications, including their computer username referencing the founder of the Soviet Union’s secret police, and “ham-fisted” attempts to pose as Romanian. Which is, of course, precisely how the CIA would cover its own tracks via Marble Framework.

“Irrevocable Proof”

Similarly, there has been no mainstream discussion of why the Agency would seek to acquire and maintain this capability in the first place. Now that NATO considers cyberattacks an Article 5 matter, this question has never been more urgent, given the CIA’s extensive and deplorable history of false-flag operations to overthrow governments and kickstart conflicts.   

For example, in April 1953, the CIA and MI6 launched a welter of covert actions to undermine Iranian Prime Minister Mohammad Mosaddegh, in order to lay the foundations for his ouster. One key tactic in which the pair engaged was bombing mosques and homes of prominent Muslim figures by operatives posing as members of Tehran’s Communist Party. A subsequent internal review of the coup noted that this incendiary activity mobilized Mullahs to take action against Mosaddegh. 

These efforts were judged to have contributed to the “positive outcome” of the wider coup effort. Such a glowing appraisal of these false-flag maneuvers may have informed the dimensions of Operation Northwoods, a daring set of proposals under which the CIA would stage and commit acts of terrorism against U.S. military and civilian targets. These could then be blamed on the government of Fidel Castro, precipitating all-out war with Cuba.

Potential false-flag actions outlined in extraordinary declassified documents include assassinating of Cuban immigrants on U.S. soil, sinking boats ferrying Cuban refugees to Florida, shooting down U.S. civilian airlines, blowing up U.S. ships, and more. One specific element of Operation Northwoods is particularly relevant to consider in light of alleged state cyberattacks becoming Article 5 worthy. If the 1962 Mercury endeavor—the first U.S. orbital spaceflight—went awry, Castro would be blamed by concocting

“Irrevocable proof…the fault lies with the Communists…this to be accomplished by manufacturing various pieces of evidence which would prove electronic interference on the part of the Cubans.”

While Northwoods was ultimately rejected by President John F. Kennedy, the U.S. military and intelligence community continued constructing false-flag blueprints thereafter. In 1963, a Pentagon policy paper advocated making it appear that Cuba had attacked a member of the Organization of American States (OAS), justifying U.S. retaliation:

“A contrived ‘Cuban’ attack on an OAS member could be set up, and the attacked state could be urged to take measures of self-defense and request assistance from the U.S. and OAS,” it states.

Langley’s cyberattack connivances have surely only grown more sophisticated, and more difficult to unravel, in the years since Marble Framework was publicly exposed. Falsely pinning blame on a foreign country for a cyberattack it did not actually commit is surely even easier and more effective today. As a result, a tripwire for Beijing, Moscow, or any other Washington-mandated “enemy” state to unwittingly and unwillingly stumble over, triggering the outbreak of global war, has now been forged by NATO.

---

CovertAction Magazine is made possible by subscriptions, orders and donations from readers like you.

Blow the Whistle on U.S. Imperialism

Click the whistle and donate

When you donate to CovertAction Magazine, you are supporting investigative journalism. Your contributions go directly to supporting the development, production, editing, and dissemination of the Magazine.

CovertAction Magazine does not receive corporate or government sponsorship. Yet, we hold a steadfast commitment to providing compensation for writers, editorial and technical support. Your support helps facilitate this compensation as well as increase the caliber of this work.

Please make a donation by clicking on the donate logo above and enter the amount and your credit or debit card information.

CovertAction Institute, Inc. (CAI) is a 501(c)(3) non-profit organization and your gift is tax-deductible for federal income purposes. CAI’s tax-exempt ID number is 87-2461683.

We sincerely thank you for your support.

---

Disclaimer: The contents of this article are the sole responsibility of the author(s). CovertAction Institute, Inc. (CAI), including its Board of Directors (BD), Editorial Board (EB), Advisory Board (AB), staff, volunteers and its projects (including CovertAction Magazine) are not responsible for any inaccurate or incorrect statement in this article. This article also does not necessarily represent the views the BD, the EB, the AB, staff, volunteers, or any members of its projects.

Differing viewpoints: CAM publishes articles with differing viewpoints in an effort to nurture vibrant debate and thoughtful critical analysis. Feel free to comment on the articles in the comment section and/or send your letters to the Editors, which we will publish in the Letters column.

Copyrighted Material: This web site may contain copyrighted material the use of which has not always been specifically authorized by the copyright owner. As a not-for-profit charitable organization incorporated in the State of New York, we are making such material available in an effort to advance the understanding of humanity’s problems and hopefully to help find solutions for those problems. We believe this constitutes a ‘fair use’ of any such copyrighted material as provided for in section 107 of the US Copyright Law. You can read more about ‘fair use’ and US Copyright Law at the Legal Information Institute of Cornell Law School.

Republishing: CovertAction Magazine (CAM) grants permission to cross-post CAM articles on not-for-profit community internet sites as long as the source is acknowledged together with a hyperlink to the original CovertAction Magazine article. Also, kindly let us know at info@CovertActionMagazine.com. For publication of CAM articles in print or other forms including commercial internet sites, contact: info@CovertActionMagazine.com.

By using this site, you agree to these terms above.

---

About the Author