“It's the summer of 2014. A hacker from the Dutch intelligence agency AIVD has penetrated the computer network of a university building next to the Red Square in Moscow, oblivious to the implications. One year later, from the AIVD headquarters in Zoetermeer, he and his colleagues witness Russian hackers launching an attack on the Democratic Party in the United States. The AIVD hackers had not infiltrated just any building; they were in the computer network of the infamous Russian hacker group Cozy Bear. And unbeknownst to the Russians, they could see everything.”
“That's how the AIVD becomes witness to the Russian hackers harassing and penetrating the leaders of the Democratic Party, transferring thousands of emails and documents. It won't be the last time they alert their American counterparts. And yet, it will be months before the United States realize what this warning means: that with these hacks the Russians have interfered with the American elections. And the AIVD hackers have seen it happening before their very eyes.”
“The Dutch access provides crucial evidence of the Russian involvement in the hacking of the Democratic Party, according to six American and Dutch sources who are familiar with the material, but wish to remain anonymous. It's also grounds for the FBI to start an investigation into the influence of the Russian interference on the election race between the Democratic candidate Hillary Clinton and the Republican candidate Donald Trump.” (Volkskrant)
*************************
The events behind this story have been alluded to in various accounts of digital penetrations of US computer systems over the last few years. Rick Ledgett described the Department of State hack in November 2014 as intense “hand-to-hand combat within a network” against an aggressive and tenacious foe known as Cozy Bear or APT29. The fight to rid the Pentagon and JCS networks of an uncharacteristically aggressive foe in August 2015 was also attributed to Cozy Bear and the Russian government. The same person who led the NSA team in the JCS fight, Captain Johnston, USMC, faced this foe again as a CrowdStrike employee when he responded to a call from the DNC in April 2016. When the FBI first warned the DNC in September 2015 that hackers were in the DNC network, Special Agent Adrian Hawkins referred to the intruders as the Dukes, another name for Cozy Bear or APT29.
In each of these cases we knew who the intruders were because of the digital and visual surveillance of those intruders and their SVR handlers by the Dutch. Information from that surveillance let USI identify the SVR officers involved. USI subsequently bugged the SVR officers’ phones and monitored their communications. This is a major reason why the CIA, NSA and FBI were able to assess with high confidence that Moscow made a concerted effort to influence the 2016 election.
There are still many who find it inconceivable that the Russian government attempted to influence the election much less pull off the DNC and Podesta hacks. They also find it inconceivable that a concerted, long term intelligence operation could ever prove attribution. It can and it does. I’ve done it myself. I see plenty of room for doubt concerning the effects of such a Russian influence operation or whether anyone in the Trump camp knew about this or took part in it. That’s a whole different story requiring its own concerted, long term investigation. l’m more than willing to wait for this investigation to run its course. It's just a damned shame that more sources and methods will inevitably be burnt in the process.
TTG
http://www.nextgov.com/cybersecurity/2017/04/nsa-engaged-massive-battle-russian-hackers-2014/136683/
https://www.schneier.com/blog/archives/2017/04/incident_respon_1.html
https://www.nytimes.com/2016/12/13/us/politics/russia-hack-election-dnc.html
Thank you pj for that link. What I notice about all these IC leaks are there are a lot of assertions and very little evidence. It is all about "Trust Us".
This analysis by Sundance shows how the IC and the media maintain a symbiotic relationship to launder leaks to further info ops agendas.
https://theconservativetreehouse.com/2018/01/26/questioning-assumptions-revelations-of-key-fbi-officials-leaking-to-wapo-should-cause-review-of-underlying-media-narratives/
My question in all these IC information operations is always the same. Who leaked and why?
Is this leak to keep the story on Russiagate as attention is being diverted to the Nunes memo and it's possibly explosive accusations of a massive conspiracy at the highest levels of law enforcement & the IC?
Posted by: blue peacock | 27 January 2018 at 02:28 AM
Thanks TTG
Posted by: Peter AU | 27 January 2018 at 02:59 AM
Reply to catherine's comment (#47).
Yes it is stupid. From what I have read the only 'election hacking' was of a few voter registration databases. A money making opportunity for a 3rd world hacker but of little to no value to a foreign intelligence service. It's a campaign of deception.
Gut feeling, (I have no evidence) this is a political disinformation campaign to prevent 4 more years of Trump, supported by the DC (global) establishment and their financiers (aka the Borg).
BTW, It looks to me like Russia and Iran are a close tie for the #1 spot.
Posted by: mikee | 27 January 2018 at 03:11 AM
A few thoughts. Under the circumstances in which it occurred - Russia being banned from the Olympics, I strongly suspect official Russia was behind the WADA hack, which simply gave information to the public. Same with Shadow Brokers - happened at a time when US were bragging of their total superiority in cyber warfare. A comeback for Morrel on the Charlie Rose interview. Very noticeable the Russia dunit crowd did not try and blame this on Russian hacking. Vault seven went to wikileaks so most likely a CIA whistle blower.
Assange.. His information has mostly been from leakers, whistle blowers rather than anonymous hackers.
The DNC hack narrative, and Steele dossier, on the other have been designed for an audience that avidly watches reality tv shows and takes their news in soundbites.
Posted by: Peter AU | 27 January 2018 at 03:17 AM
TTG: Here is the problem with your piece. Like so many others here and just about everywhere else there is no evidence presented.
“You are young yet, my friend,” replied my host, “but the time will arrive when you will learn to judge for yourself of what is going on in the world, without trusting to the gossip of others. Believe nothing you hear, and only one half that you see."
1845 - Edgar Allan Poe
(courtesy of The Quote Investigator)
https://quoteinvestigator.com/2017/06/23/half-see/
Posted by: mikee | 27 January 2018 at 03:32 AM
A leak not a hack.
Posted by: mathiasalexander | 27 January 2018 at 04:51 AM
Yes. Thank you.
Posted by: mathiasalexander | 27 January 2018 at 05:27 AM
"It's the summer of 2014. A hacker from the Dutch intelligence agency AIVD has penetrated the computer network of a university building next to the Red Square in Moscow"
One question immediately springs to mind: is there a Russian University building next to Red Square?
Because if there isn't then this story falls at the very first hurdle....
Posted by: Yeah, Right | 27 January 2018 at 05:43 AM
TTG,
‘What they do care about is ensuring that the US is rife with doubt and internal discord so that we are unable to confront Russia in any meaningful way.’
Do you have credible evidence to support this analysis of Putin’s objectives?
The consequences of a ‘rush to judgement’ on a matter like this might turn somewhat serious, as Philip Giraldi brought out yesterday, in a discussion of the recently released declassified summary of the 2018 National Defense Strategy report, and the prepared remarks by the Secretary of Defense about that document:
‘At times Mattis’ supplementary “remarks” were more bombastic than reassuring, as when he warned “…those who would threaten America’s experiment in democracy: if you challenge us, it will be your longest and worst day.” He did not exactly go into what the military response to hacking a politician’s emails might be and one can only speculate, which is precisely the problem.’
(See https://www.strategic-culture.org/news/2018/01/26/america-national-defense-really-offense.html .)
Posted by: David Habakkuk | 27 January 2018 at 06:17 AM
So the Ukrainian Crowdstrike called up the Pakistani DNC IT specialists the Awan brothers and had them install a "digital tool". My guess is that there would have been IP conflicts with the hundreds of Pakistani ISI "digital tools" already bogging down the CPU's of every laptop, server and smart phone used by the entire Democrat party.
Posted by: Jubal | 27 January 2018 at 06:47 AM
LOL...
This doesn't get much exposure, even the BBC is quiet about it, the Russiagate nutcases may have ruined their credibility beyond repair if the BBC get wary of such "news"!
Posted by: jld | 27 January 2018 at 06:59 AM
Former NSA engineer William Binney has publicly noted that the lifting of National Democrat Committee files was an inside job. This is because the transfer of data from the National Democrat Committee server was 10x faster than could be managed over the web, probably 20x faster given internet links to Moscow.
So the statement of Julian Assange that Wikileaks received the material from a 'non-govermental' actor is confirmed.
Posted by: RC | 27 January 2018 at 08:06 AM
mikee
The "problem" as you call it is that you want SST to be a platform for academic papers replete with footnotes everywhere, but that is not what it is. I want it to be a platform for various kinds of opinion pieces many of which represent the wisdom of writers rather than the pedantry of professors. pl
Posted by: turcopolier | 27 January 2018 at 08:25 AM
pj #53,
It's not just risking the potential for war. It is also the very real potential for sanctions and other non-shooting, but damaging reactions.
Posted by: Eric Newhill | 27 January 2018 at 09:19 AM
RC,
Binney's theory relied on the work of "the forensicator" who relied on the metadata of the last transfer of the DNC files released by Guccifer 2.0. That July transfer date is well after the arrival of CrowdStrike and well after the FBI told the DNC the intruders were calling home (transferring data out of the DNC servers). Some debunkers of the forensicator theory point out that the date transfer speed is quite possible over commercial networks. Others point out the most plausible theory is that the files were copied multiple times after they were transferred out of the DNC network. The metadata only captures data from the last transfer. I would note that I have never seen a hacker transfer large amounts of data directly from a network without first tarballing the files into a more manageable bundle. Also the date, time zone, character set and language of a computer is highly changeable. That's hacker/trickster 101. I'm surprised Binney, who I admire, went all in on the forensicator theory.
http://thehill.com/policy/cybersecurity/346468-why-the-latest-theory-about-the-dnc-not-being-a-hack-is-probably-wrong
Posted by: The Twisted Genius | 27 January 2018 at 09:33 AM
TTG,
I don't mean this to be insulting to any correspondents who have - or are - working in the IC, but, as someone up-thread noted, the IC is simply not be trusted. Nothing they release can be taken at face value.
They have been caught lying far too many times.Everyone knows about "yellow cake from Niger" and so much more. And then there is the nature of the work even when the intentions are pure and noble. So it's always, "Well yes, that was a deception as part of an operation, but this time it's the truth. Really! Trust us!"
Thus, at the end of the day, someone like me has no idea what to make of the Dutch story or any other story around Russian hacking and the conclusion we draw is more akin to making a story out of an ink blot test than a rational conclusion.
If it could be clearly proven that Russians got into voting machines and altered the counts, I would be an activated citizen. Otherwise, I shrug and have better things to worry about, like an investigation into the FBI's possible involvement in altering the outcome of the election. There seems to be actionable evidence on that one that is worth pursuing.
Posted by: Eric Newhill | 27 January 2018 at 09:34 AM
I remain curious about how the hacking of the DNC is a matter of influencing the election, as many consider various examples of ads described as amounting to propaganda and disinformation on social media. If either or both ops are the work of the Russians, they seem to be separate initiatives to me.
Posted by: Annem | 27 January 2018 at 09:44 AM
Eric Newhill,
I can't argue with having a healthy dose of skepticism. However, why do so many swallow the words of politicians and pundits with obvious political agendas as God-sent truth?
Even the DCI report says there is no evidence of vote tampering and I have seen no legitimate claims of that happening. Have you seen any legitimate claims that the FBI altered votes? I certainly haven't.
Posted by: The Twisted Genius | 27 January 2018 at 09:44 AM
TTG,
Just in time, a post comes along to point out just how right all the people are about just how bad the Colluder in Chief is; and to think I was worrying about the statement by Nobel Prize winning economist Paul Krugman on election night: “If the question is when markets will recover, a first-pass answer is never.” while listening to a radio news report of yet another company, because of the Trump tax cuts, giving bonuses to employees and, shockingly, putting a billion dollars into its employee pension plan. Thank goodness for the reality-based community. I am grateful that (according to Buzzfeed) “in the middle of a white-knuckle presidential campaign” … “ former Marine Corps cyberwarrior Robert Johnston left the hallowed Halls
of MontezumaCrowdstrike to report to the FBI head of counterintelligence Peter, what’s that guys name, it was on the tip of my tongue, Peterbuilt, Peter Pan, Peter Principle; ah it’ll come to me eventually, he was in the news for something to do with investigations and evidence. It’s not like he’d want any evidence to disappear, that would be inconceivable. Then the bravecorporate employeecyber-warrior went the DNC to give the leadership of the non-profit 501C4 corporation the bad news.https://www.irs.gov/pub/irs-pdf/p4221nc.pdf
I wonder who the head of the DNC, Debbie Wasserman Schultz, might have talked to about confirmation.? Surely the head of her own IT staff would be such an expert. It’s not like he’s some guy whose family is from a foreign country and he has for years been busy hiring his relatives at inflated salaries, lining his pockets and getting ready to skedaddle because someone has found out he’s used his position and skills for nefarious reasons. That would be - inconceivable!
http://www.dailymail.co.uk/news/article-4730382/House-aide-arrested-fraud.html
Perhaps the Honorable Congresswoman could talk to the head of security for the House of Representatives, one of the three equal branches of government established by the Constitution, rather than employees of a department of the Executive Branch (even if it is currently headed by a member of her own political party). I wonder what he would have to say:
http://www.foxnews.com/politics/2017/07/19/wasserman-schultz-to-allow-laptop-scan-after-months-stonewalling-in-it-probe.html
To quote Achemed “holy crap” https://www.youtube.com/watch?v=C4x9NAINBbo
Next thing you know somebody will be trying to tell me the Clinton campaign tried to rig the Democratic Primary.
https://www.cbsnews.com/video/controversy-rigging-democratic-national-committee-donna-brazile/
Oh no, that’s - inconceivable! How on Earth did
mommapapababycozy bear hackers manage that? Maybe we should hire those guys, really.A question for the espionage professionals. What is the possibility of recruiting an asset who has a deep seated emotional need that you (can at least promise) to fulfil? What could you get from such an asset in the short and long term? Shouldn’t we have a counter-intelligence effort in place in say, Human Resources, so that we could screen out applicants with potential vulnerabilities? Maybe we should put the head of FBI counter intelligence on that for a while. I seem to recall his name was in the news lately for some reason……
Posted by: Fred | 27 January 2018 at 09:44 AM
"What possible domestic motive could the Dutch have for exposing this story?"
The current stories are just not gaining much traction and stubbornly suffer from lack of proof. The Mueller "investigation" drags on an on, with nothing but rumor and a few convictions for totally unrelated issues. So the Borg drags up a few anonymous Dutch folks with yet another "blockbuster revelation" from unnamed sources and the media promptly jumps through its own asshole in "pursuit of the truth."
Posted by: Bill H | 27 January 2018 at 09:45 AM
Peter AU - this hits the spot:-
"After a publicly disclosed investment (not to mention undisclosed) of 5 billion in regime change in Ukraine, it is inconceivable US intel was not monitoring the battlefield. They would have Ukie radar emissions mapped same as Russia, launch flare most likely pinpointed to a few square meters, plus most likely humint and other intel on who was responsible ..."
The Maidan shootings, MH17, who authorised Steele, Khan Shaykhun - the list of events that are only a mystery to the public is endless.
That's not to say one is not grateful to TTG and the many others who minutely dissect what evidence is available and seek to penetrate the fog. Nor that one doesn't accept that there are security considerations that prevent full disclosure. But the dance of the seven veils that now follows all such events makes not just the politicians but also the IC ridiculous.
I'm one of the diminishing number of those who get the print version of our national newspapers. A local shop gives the broadsheets away for free and the broader the better for me because I always take one for lighting the stove. The best is the Daily Telegraph. Good paper and lots of it. Here's the big headline from the 26th January -
'RUSSIA IS READY TO KILL US BY THE THOUSANDS'
It seems they've been hacking our power infrastructure and can meddle with it if they want to. So now the Russians know that we know that, and can probably glean a few indications as to how we know that. Great security.
Time and time again we see the politicians prepared to throw security to the winds to make a political point or to reinforce the PR. Yet never to allow us to see a little further through the fog. We accept it all, most of us, as meekly as ever. I don't know who the greater fools are, them or us.
Posted by: English Outsider | 27 January 2018 at 09:48 AM
So what you're basically saying is that the (alleged) facts of this case of hacking are largely inconsistent with the FSB's usual modus operandi. Doesn't that strike you as just a little bit odd?
Posted by: Seamus Padraig | 27 January 2018 at 09:51 AM
Good points all. And please also note that neither Clinton nor her campaign ever disputed the *contents* of those "hacked" emails, which are quite damning.
Posted by: Seamus Padraig | 27 January 2018 at 10:04 AM
Personally, I am weary of all the people who say, essentially, 'if you could only see--fully--what I have seen you would know........". Along the lines of...'war is too serious an event to be left to Generals', these kinds of allegations are too serious to keep the evidence secret or even semi secret (redacted). ALL cards face up on the table and damn the consequences.
Second, I can personally state that this sentence is 100% bullshit: ". For years, Painter was responsible for America's cyber policy. He resigned last August. 'We'd never expected that the Russians would do this, attacking our vital infrastructure and undermining our democracy.". I have sat, more than once, with Painter in the Speakers Room at the RSA Conference, had relatively long conversations with him on these subjects, and he is not telling the truth here based upon his own words. In fact, this is just the opposite of his general attitude. All this stuff, running both ways, has long, long, been assumed. And Painter knows it. Unless he has experienced , in Nietzsche's words, 'a metamorphosis only slightly less startling than Saul's on the Road to Damascus.
This I know for myself. To the extent it is of any relevance.
Posted by: jonst | 27 January 2018 at 10:14 AM
With respect, none of that proves diddly. Words in the press. Even Schneier has only conjecture.
OTH, OF COURSE the Russians spy on America. duh. We are the most unstable, treacherous and backstabbing people in the world. You'd have to be a fool not to watch us closely, with a great deal of circumspection.
Posted by: Covergirl | 27 January 2018 at 10:31 AM