“It's the summer of 2014. A hacker from the Dutch intelligence agency AIVD has penetrated the computer network of a university building next to the Red Square in Moscow, oblivious to the implications. One year later, from the AIVD headquarters in Zoetermeer, he and his colleagues witness Russian hackers launching an attack on the Democratic Party in the United States. The AIVD hackers had not infiltrated just any building; they were in the computer network of the infamous Russian hacker group Cozy Bear. And unbeknownst to the Russians, they could see everything.”
“That's how the AIVD becomes witness to the Russian hackers harassing and penetrating the leaders of the Democratic Party, transferring thousands of emails and documents. It won't be the last time they alert their American counterparts. And yet, it will be months before the United States realize what this warning means: that with these hacks the Russians have interfered with the American elections. And the AIVD hackers have seen it happening before their very eyes.”
“The Dutch access provides crucial evidence of the Russian involvement in the hacking of the Democratic Party, according to six American and Dutch sources who are familiar with the material, but wish to remain anonymous. It's also grounds for the FBI to start an investigation into the influence of the Russian interference on the election race between the Democratic candidate Hillary Clinton and the Republican candidate Donald Trump.” (Volkskrant)
*************************
The events behind this story have been alluded to in various accounts of digital penetrations of US computer systems over the last few years. Rick Ledgett described the Department of State hack in November 2014 as intense “hand-to-hand combat within a network” against an aggressive and tenacious foe known as Cozy Bear or APT29. The fight to rid the Pentagon and JCS networks of an uncharacteristically aggressive foe in August 2015 was also attributed to Cozy Bear and the Russian government. The same person who led the NSA team in the JCS fight, Captain Johnston, USMC, faced this foe again as a CrowdStrike employee when he responded to a call from the DNC in April 2016. When the FBI first warned the DNC in September 2015 that hackers were in the DNC network, Special Agent Adrian Hawkins referred to the intruders as the Dukes, another name for Cozy Bear or APT29.
In each of these cases we knew who the intruders were because of the digital and visual surveillance of those intruders and their SVR handlers by the Dutch. Information from that surveillance let USI identify the SVR officers involved. USI subsequently bugged the SVR officers’ phones and monitored their communications. This is a major reason why the CIA, NSA and FBI were able to assess with high confidence that Moscow made a concerted effort to influence the 2016 election.
There are still many who find it inconceivable that the Russian government attempted to influence the election much less pull off the DNC and Podesta hacks. They also find it inconceivable that a concerted, long term intelligence operation could ever prove attribution. It can and it does. I’ve done it myself. I see plenty of room for doubt concerning the effects of such a Russian influence operation or whether anyone in the Trump camp knew about this or took part in it. That’s a whole different story requiring its own concerted, long term investigation. l’m more than willing to wait for this investigation to run its course. It's just a damned shame that more sources and methods will inevitably be burnt in the process.
TTG
http://www.nextgov.com/cybersecurity/2017/04/nsa-engaged-massive-battle-russian-hackers-2014/136683/
https://www.schneier.com/blog/archives/2017/04/incident_respon_1.html
https://www.nytimes.com/2016/12/13/us/politics/russia-hack-election-dnc.html
Inconceivable? Ah! Another intelligence service says they saw it happen! I'm afraid I don't believe it.
Posted by: Walrus | 26 January 2018 at 04:37 PM
Really? Who did AIVD alert in the USA? So, you're now stating as fact that foreigners saw this happening before it happened and warned US authorities who chose to ignore the warnings?
And your evidence is?
Posted by: Publius Tacitus | 26 January 2018 at 04:42 PM
Further to my previous post, I call BS after reading the self congratulatory Dutch article.
"The Americans were taken completely by surprise by the Russian aggression, says Chris Painter in Washington. For years, Painter was responsible for America's cyber policy. He resigned last August. 'We'd never expected that the Russians would do this, attacking our vital infrastructure and undermining our democracy.'
The American intelligence services were unprepared for that, he says. That is one of the reasons the Dutch access is so appreciated. The Americans even sent 'cake' and 'flowers' to Zoetermeer, sources tell. And not just that. Intelligence is a commodity: it can be traded. In 2016, the heads of the AIVD and MIVD, Rob Bertholee and Pieter Bindt, personally discuss the access to the Russian hacker group with James Clapper, then the highest ranking official of the American intelligence services, and Michael Rogers, head of the NSA.
In return, the Dutch are given knowledge, technology and intelligence. According to one American source, in late 2015, the NSA hackers manage to penetrate the mobile devices of several high ranking Russian intelligence officers. They learn that right before a hacking attack, the Russians search the internet for any news about the oncoming attack. According to the Americans, this indirectly proves that the Russian government is involved in the hacks. Another source says it's 'highly likely' that in return for the intelligence, the Dutch were given access to this specific American information. Whether any intelligence about MH17 was exchanged, is unknown."
I refer to the Snowden leaks regarding the sophistication of Americas own cyber warfare capabilities. It is inconceivable to me that, as the story states: that the U.S. government was 'taken by surprise" or "unprepared" by any cyber warfare ploy by anyone. That statement undermines the credibility of the entire article.
Yes, I know. The plucky Poles first broke the Enigma machine that the Germans thought was inconceivably too sophisticated to be penetrated.
To me, this article looks like a "hail Mary" attemmpt by the IC to deflect attention
Posted by: Walrus | 26 January 2018 at 05:02 PM
TTG,
Russian intelligence operations should be investigated and countered. Just as we would expect the Russians would attempt to prevent and investigate and counter our intelligence operations. This game of Spy vs Spy is something we have both been playing for some time. Neither side, the Russians nor the US are innocent parties in this game. We try to fuck them over all the time and they do the same to us.
However, the attempt to frame Donald Trump for colluding with the Russians to steal a presidential election and then attempting to delegitimize his presidency is another matter. That too needs to be investigated and sunshine applied. Clearly, law enforcement & the IC can't do this investigation as they would likely hide much malfeasance under the rug of "sources & methods".
The question an old intel hand like you should be asking and attempting to answer is who are leaking stories like the Dutch IC penetration and why?
Posted by: blue peacock | 26 January 2018 at 05:10 PM
Netherlands and Australia have much dirty laundry from the latter half of 2014 to keep hidden from their public. Trump not being a Russia hater may not care about keeping their dirty laundry covered.
Posted by: Peter AU | 26 January 2018 at 05:11 PM
I should have added my respectful thanks to TTG for posting this but I bit too soon. I am sure TTG's credentials in this field are way better than mine. My concern is that the whole article reads like the resolution scene at the end of a movie; the one where the real villain is unmasked and the hero (James Clapper, the FBI, etc) is vindicated.
What possible domestic motive could the Dutch have for exposing this story?
Posted by: Walrus | 26 January 2018 at 05:15 PM
The Russians must be very disorganized or schizophrenic. The left hand not wired to the right hand. Too much vodka consumption/wet brain syndrome?? Or maybe they are merely pranksters that like to mess with elections just for fun because they have nothing better to do than risk pissing off the USA?
They "hack" the election in favor of Trump while, simultaneously, passing to Steele all kinds of damaging anti-Trump intel.
Or just maybe the Russians - like the US - just likes to gather intel on US politicians because they want to have a good understanding of the people, games, etc regardless of who wins. Isn't that conceivable?
I have no problem with the idea of Russians hacking and gathering intel.
What is absolutely a giant leap across the chasm dividing reason and faith is the belief that the Russians hacked the DNC for the purpose of assisting Trump.
Isn't it conceivable that the Russians also figured that Clinton would likely defeat Trump and that wanted to know Clinton and her world more intimately in preparation for dealing with her?
Posted by: Eric Newhill | 26 January 2018 at 05:17 PM
As they say in Syria before believing any claim where are the pictures?
That the Dutch are supposed to have them is public knowledge so why haven't the pictures been made public?
The alleged influence campaign used RT.COM, Sputnik News, a few Facebook and Twitter accounts and some trolls working out of 55 Savushkina Street and was entirely public.
The alleged hacking of the DNC and Podesta e-mails were straight forward phishing attacks that were quickly in and out.
What other attempts to influence the election were there?
So Dutch intelligence were conducting cyber attacks most likely at the behest of some part of the US IC on the Russians and then Dutch intelligence and some part of the US IC get all huffy and whiny because the Russians carry out a cyber attack on something in the United States. Excuse me while I go and have a good yawn.
The rest of the claims, I'll ascribe to someone either watching too many Hollywood movies or suffering an extended bout of projection. And if the Department of State, Pentagon and JCS can't secure their networks, they shouldn't be allowed to have computers.
Posted by: blowback | 26 January 2018 at 05:29 PM
Bravo TTG! I saw the same story and i was desperate to discuss it. So i am on the other side on this one so far. The problem i have is the sourcing is unattributable and its mighty convenient. Consider the writing. "Rick Ledgett described the Department of State hack in November 2014 as intense “hand-to-hand combat within a network” against an aggressive and tenacious foe known as Cozy Bear or APT29.". I cant help but detect some of the melodrama i would associate with a propagandist. It certainly isnt dispassionate reporting.
And they have pictures too, which sadly they cant show us! And its not the first time the Trump admin has to deal with unattributed leaks.
This does not mean i dismiss. They told us civilians they had troubling evidence of Russian "meddling" and who am i to say they are flat out lying. But no one ever seems to want to leak proof. Funny right?
Maybe they dont have proof but they want him out? Maybe they have proof but they would rather keep a traitor in the job? Which of these scenarios am i meant to admire?
I know Red Square. Im very curious about the university which has facilities near there. The nearest is which one?
And you have to be impressed with the willingness to burn sources and methods. Did team Trump irritate someone too much? Nunes? Does that mean Nunes has a point?
I think Im still on Trump's side even if its true. Who elected the other guys and who is really in charge here? Normally you dont threaten the boss.
Posted by: Harry | 26 January 2018 at 05:53 PM
TTG,
One of your sentences truly delights me especially as it comes from one of the leading members of this committee of correspondence. I quote it with its context and bolded:
I see plenty of room for doubt concerning the effects of such a Russian influence operation or whether anyone in the Trump camp knew about this or took part in it. That’s a whole different story requiring its own concerted, long term investigation. I’m more than willing to wait for this investigation to run its course.
Posted by: Jonathan House | 26 January 2018 at 05:56 PM
I believe there is a problem with the chronology of events detailed via Johnson in the Buzzfeed article: Johnson at Crowdstrike was contacted by the DNC in April 2016, but When Wikileaks published the DNC emails, the last dates of the emails were from late May 2016.
So, Johnson was either unsuccessful in cleaning the DNC's system of the Russian malware in April, the DNC continued to be compromised by the Russians or something else after Johnson's assistance.
Posted by: DC | 26 January 2018 at 06:07 PM
All
A while back I asked why people kept talking about the FSB. pl
Posted by: turcopolier | 26 January 2018 at 06:19 PM
All,
Oh, the Dutch. The people who played right along, and were not at all constrained about the charges that the Malaysian Airlines flight shot down over Ukraine was a deed traceable to those Evul Rooskies? Those guys? The ones who mumbled and evaded any disclosures about their sources for all of those great, thumping words of condemnation of said Evul Rooskies? The ones who couldn't be arsed to say word one about how hinky it seemed that the Ukronazis forbade any release of the air traffic control recordings on that fateful day?
It seems to me that perhaps the Dutch government has a lot to lose if their citizens found out that they had been lied to and propagandized...by them. That they knew that The Narrative concerning this event was a crock of shit all along, and being compliant little compradors of uni-polar hegemony they did as they were told? Maybe even now the thought of the personal and societal consequences of their actions worries them enough to get with The Program. Maybe they have been helped along in these reflections by, oh, I don't know, some parties with a vested interest? How very coincidental that this story gets floated just now when the investigations of the dirty dealings by "our" IC are getting more traction.
This smells really, really bad to me.
Posted by: JerseyJeffersonian | 26 January 2018 at 06:25 PM
DC's point regarding emails is very interesting. Also why havnt the FBI still not inspected the servers even to this day? Does that mean the NSA has all the data already? Or they are happy to take their word for it? Regarding CrowdStrike, who apparently nailed the attribution but couldn't prevent repeat penetrations, I just don't buy that it was purely happenstance that that was the security firm the DNC chose.
In the Dutch article it mentioned the original security breach was with the State Dept. How did they get access to the State dept? Is that a gentle hint that the security breach was the Secretary of States own servers?
Forgive what appear to be set ideas. I don't mean to give that impression. I am just trying to make sense of the fact set.
Posted by: Harry | 26 January 2018 at 06:35 PM
FAPSI or SVR would indeed be better. Maybe even better would be to find the real customers?
It is very convenient to blame the agressive
Soviets that want to spread the dictatorship of the proletariatRussia that wantsworld domination.euh, something.Posted by: Adrestia | 26 January 2018 at 06:50 PM
This strikes me as TS if not TS/SCI stuff. Why is it being broadcast all over the press?
Posted by: Richard | 26 January 2018 at 07:01 PM
That’ll be the same Dutch Intelligence service which has cleared up beyond reasonable doubt (!) the downing of flight MH17 in, er, summer 2014?
Colour me sceptical.
Posted by: Cortes | 26 January 2018 at 07:08 PM
Posted by: blowback | 26 January 2018 at 07:22 PM
What to make of this, then?
https://t.co/mngBXZBdw4
Posted by: Karl | 26 January 2018 at 07:40 PM
This appears to be a rather thorough debunking of this Dutch coming to the rescue of the FBI/CIA/NSA story.
https://steemit.com/steemit/@suzi3d/10-reasons-the-dutch-russia-hacking-story-is-fake-news
Posted by: pj | 26 January 2018 at 07:49 PM
And yet the DNC would not give the FBI access to their actual servers.....
Posted by: WJ | 26 January 2018 at 07:59 PM
Just reading Walrus's post after mine. Reminded me of the story of the Aussie ambassador not long back - Downing, passing on 'information' to US intel on Trump collusion or whatever. Now the Dutch come up with a 'smoking gun'.
This seems like Maxwell Smart style operation. Actually, the US story line for what Russia is up to could have come straight from Maxwell Smart and Chaos.
Posted by: Peter AU | 26 January 2018 at 08:01 PM
Ukraine for the Dossier, Australia chipping in with a bit of 'evidence', and now the Dutch. Wonder who has who by the balls over MH17.
Posted by: Peter AU | 26 January 2018 at 08:06 PM
Publius Tacitus,
AIVD would most likely have passed their info to the NSA. During the 2014 DOS hack, the Dutch passed info to the NSA in near real time. Those warning were instrumental to fighting that attack. It was probably a combination of NSA network surveillance and info from this Dutch op that lead to the first FBI warning to the DNC that their network was breached in September 2015. Neither the DNC nor the FBI realized the significance of that penetration until months later. You want evidence? I and probably you do not have the clearances or need to know to have access to the full evidence. We'll get it in bits and pieces due to leaks and good investigative reporting.
Posted by: The Twisted Genius | 26 January 2018 at 08:23 PM
How convenient!
We are on the cusp of discovering that the FBI, CIA, & NSA colluded with the Clinton
campaign to deny Trump the presidency.
So, 6 anonymous unknowns from Holland?? Really?? After all this time!!!
Come forth with the "smoking gun"?????
Anyone who believes this..... see me privately.. I have a bridge for sale....
And .... how do you account for the proven fact that the Kremlin preferred Clinton,
because they believed Trump to be a "loose cannon"?????
INDY
Posted by: Dr. George W. Oprisko | 26 January 2018 at 08:31 PM