Hackteam AIVD gaf FBI cruciale info over Russische inmenging verkiezingen (Dutch intelligence provided info to FBI about Russian meddling)

The Dutch intelligence services played an important role in the current FBI investigation into Russian influence on the American elections. The intelligence services AIVD and the MIVD provided the Americans with crucial information that they had intercepted with the Russian hack group 'Cozy Bear'. This is shown by joint research by Nieuwsuur and de Volkskrant.

The Dutch services have had unique access for at least one and a maximum of two and a half years to a group of Russian hackers who, according to Western intelligence services, were commissioned by the Russian state. They saw how the Russians, among other things, invaded the White House, the US Department of State and the DNC, the daily management of the Democratic Party.

The information provided by the Netherlands on hacking from the Democrats to the US intelligence services was the basis for the FBI investigation into Russian influence on the American elections, which is currently led by special prosecutor Robert Mueller.

The Netherlands is watching Russian hackers

In the summer of 2014, the Joint Sigint Cyber ​​Unit (JSCU), a joint unit of the intelligence services AIVD and MIVD, will start, which will focus, among other things, on intelligence gathering from cyber operations from Zoetermeer. That same summer, the unit will receive an indication of a group of Russian hackers working from a university complex near the Red Square in Moscow.

A hacking team of the AIVD, operating under the banner of the JSCU, succeeds in penetrating the internal Russian computer network. The AIVD can not only look into the computer network, but also hacks a security camera in the hallway so that they can see exactly who is entering and leaving the hacker room. The Dutch observe all Russian activities. The Russian hackers - a group of about ten people - have nothing.

After a few months, in November 2014, the Dutch see how the Russian hackers penetrate the computer network of the State Department, the US Department of Foreign Affairs. In Washington, the Dutch information about "the biggest hack ever" by the US government is being reacted with great alarm, as government officials describe the burglary against American media.

It takes more than 24 hours for the Americans to repel the Russian attack, after a digital clash that the vice president of intelligence service NSA years later will describe as a "fistfight" during a discussion forum in the American Aspen. On the same occasion, Vice President Richard Ledgett said further that his service could spy on the tactics and methods of the attackers. TheWashington Post writes on the authority of intelligence sources that "a Western ally" has been helpful.

After the hack at the State Department, the Russians also provided access to the White House computer network in the autumn of 2014. This allows them to include confidential notes and information about the travel schedule of President Barack Obama, and part of Obama's e-mail traffic. These hacks are also exposed by the Dutch intelligence services, which then inform the Americans. Presumably, hacks at other government institutions are passed on to the Americans by the Dutch.

Under control of Russian security services

The Russian hackers belong to a collective that over the years was called by the intelligence services and cybersecurity companies alternately The Dukes and APT29, but since a few years is mainly known as Cozy Bear. Intelligence services assume that the group is under the control of the Russian foreign security service SVR. Western intelligence services and cybersecurity companies have been hunting the group for years, which has attacked government agencies and companies worldwide. In the Netherlands too.

Together with another group of Russian hackers (Fancy Bear, also known as APT28), Cozy Bear is also held responsible for the hacks of the Democratic Party. Fancy Bear will access the servers of the Democrats in Washington in April 2016; Cozy Bear will get that access as early as the summer of 2015. The group is also caught by the Dutch, who again alarm their American sister services. The Dutch information is one of the reasons that the FBI - only a year later - starts an investigation into Russian interference in the American elections.

Why the hacks at the DNC can continue for so long despite the Dutch warnings is not clear. Finally, the American internet security company Crowdstrike, which conducts research on behalf of the Democratic Party, concludes that Cozy Bear and Fancy Bear are jointly responsible for the hacks. According to the American intelligence services, Russian officials finally hand over the Fancy Bear hacked e-mails to WikiLeaks, which they publish. The revealed e-mails cause a big scandal in the American election campaign. College Tour

History explains why Rob Bertholee, the head of the AIVD, said last Sunday in the TV program CollegeTour "has no doubt" that the Kremlin is directly responsible for the Russian cyber campaign against US government agencies. Bertholee and the then head of the MIVD, Pieter Bindt, have discussed the Dutch information about the Russian hacks in person with James Clapper, at that time the highest boss of the American intelligence services, and Michael Rogers, who will soon retire as head of the intelligence service NSA .

The AIVD hackers no longer have access to Cozy Bear. Why and when that access ended exactly is not clear. The intelligence services take into account that the openness of American intelligence sources, which in the spring of 2017 against their American media praised the access of 'a Western ally', awakened the hackers. Openness that aroused great anger in The Hague and Zoetermeer. You do not talk about intelligence work - certainly not about that of an ally.

Timeline

Summer 2014: hackers AIVD gain access to the network of Cozy Bear, a hack group also known as APT29 and The Dukes

November 2014: Cozy Bear attacks the US State Department and enters unclassified system. AIVD and MIVD warn US intelligence services

November / December 2014: Cozy Bear enters the White House computer network and, among other things, gains access to confidential notes and agenda from President Obama. The AIVD and MIVD again warn US sister services

July 2015: Cozy Bear enters the DNC's computer system (Democratic Party Board), AIVD and MIVD warn US services

Autumn 2015: the FBI warns the DNC that hackers are in their system, the DNC is not doing anything

Spring 2016: The Russian hack group Fancy Bear (also known as APT28), which operates independently from Cozy Bear, enters DNC networks

June 2016: The internet security company Crowdstrike confirms that Fancy Bear and Cozy Bear were in computer systems

Spring 2017: FBI director James Comey confirms that the FBI is investigating Russian interference in the US election campaign

May 2017: President Trump dismisses Comey, special prosecutor Robert Mueller takes over the investigation into Russian interference

June 2017: Former FBI director Comey says during a hearing before Congress that there is 'no doubt' that the Russian government was behind the hacks at the DNC

The intelligence services take into account that the openness of American intelligence sources, which in the spring of 2017 against their American media praised the access of 'a Western ally', awakened the hackers. Openness that aroused great anger in The Hague and Zoetermeer. You do not talk about intelligence work - certainly not about that of an ally.

This is interesting. Why did the Yanks ditch the Dutch?

Looks to be interesting. I wish there was an English translation ... but it's likely to get published in our news sooner or later. The title peaks my interest. Thanks for that translation anyway.