“It's the summer of 2014. A hacker from the Dutch intelligence agency AIVD has penetrated the computer network of a university building next to the Red Square in Moscow, oblivious to the implications. One year later, from the AIVD headquarters in Zoetermeer, he and his colleagues witness Russian hackers launching an attack on the Democratic Party in the United States. The AIVD hackers had not infiltrated just any building; they were in the computer network of the infamous Russian hacker group Cozy Bear. And unbeknownst to the Russians, they could see everything.”
“That's how the AIVD becomes witness to the Russian hackers harassing and penetrating the leaders of the Democratic Party, transferring thousands of emails and documents. It won't be the last time they alert their American counterparts. And yet, it will be months before the United States realize what this warning means: that with these hacks the Russians have interfered with the American elections. And the AIVD hackers have seen it happening before their very eyes.”
“The Dutch access provides crucial evidence of the Russian involvement in the hacking of the Democratic Party, according to six American and Dutch sources who are familiar with the material, but wish to remain anonymous. It's also grounds for the FBI to start an investigation into the influence of the Russian interference on the election race between the Democratic candidate Hillary Clinton and the Republican candidate Donald Trump.” (Volkskrant)
*************************
The events behind this story have been alluded to in various accounts of digital penetrations of US computer systems over the last few years. Rick Ledgett described the Department of State hack in November 2014 as intense “hand-to-hand combat within a network” against an aggressive and tenacious foe known as Cozy Bear or APT29. The fight to rid the Pentagon and JCS networks of an uncharacteristically aggressive foe in August 2015 was also attributed to Cozy Bear and the Russian government. The same person who led the NSA team in the JCS fight, Captain Johnston, USMC, faced this foe again as a CrowdStrike employee when he responded to a call from the DNC in April 2016. When the FBI first warned the DNC in September 2015 that hackers were in the DNC network, Special Agent Adrian Hawkins referred to the intruders as the Dukes, another name for Cozy Bear or APT29.
In each of these cases we knew who the intruders were because of the digital and visual surveillance of those intruders and their SVR handlers by the Dutch. Information from that surveillance let USI identify the SVR officers involved. USI subsequently bugged the SVR officers’ phones and monitored their communications. This is a major reason why the CIA, NSA and FBI were able to assess with high confidence that Moscow made a concerted effort to influence the 2016 election.
There are still many who find it inconceivable that the Russian government attempted to influence the election much less pull off the DNC and Podesta hacks. They also find it inconceivable that a concerted, long term intelligence operation could ever prove attribution. It can and it does. I’ve done it myself. I see plenty of room for doubt concerning the effects of such a Russian influence operation or whether anyone in the Trump camp knew about this or took part in it. That’s a whole different story requiring its own concerted, long term investigation. l’m more than willing to wait for this investigation to run its course. It's just a damned shame that more sources and methods will inevitably be burnt in the process.
TTG
http://www.nextgov.com/cybersecurity/2017/04/nsa-engaged-massive-battle-russian-hackers-2014/136683/
https://www.schneier.com/blog/archives/2017/04/incident_respon_1.html
https://www.nytimes.com/2016/12/13/us/politics/russia-hack-election-dnc.html
Dear TTG,
I posted your response on a forum that Suzie Dawson the author of that article should notice. I look forward to following her and your interaction.
Best,
pj
Posted by: pj | 28 January 2018 at 09:47 PM
Babak,
Russia seeks to weaken our resolve so that we are not in a united position to confront her. I never said it was a bad Russian plan.
Posted by: The Twisted Genius | 28 January 2018 at 09:50 PM
We have lost Robert Parry, a great Mensch and true patriot: https://consortiumnews.com/2018/01/28/robert-parrys-legacy-and-the-future-of-consortiumnews/
From the readers of Consortiumnews.com:
“Common sense and integrity are the hallmarks of Robert Parry’s journalism."
"We need free will thinkers like you who value the truth based on the evidence and look past the group think in Washington to report on the real reasons for our government’s and our media’s actions which attempt to deceive us all.”
His was a dignified life of a principled and courageous person.
Posted by: Anna | 28 January 2018 at 10:10 PM
"...the DNC email release could eventually strengthen the US by exposing the deep corruption within the democratic party..."
- Agree. Fresh air and sunshine kill mold
Posted by: Anna | 28 January 2018 at 10:16 PM
Seems to me like a bit of circular reasoning.
Posted by: Babak Makkinejad | 28 January 2018 at 11:35 PM
TTG,
The troubling part to me is that the description “the US is rife with doubt and internal discord” is already true, with or without Russians. It does not strike me that Russia did much, if anything, to add to this meaningfully. What bugs me, and I suspect, many others here, is that much of the loud outcry over "Russian interference" seems to be a ploy to blame Russia for this problem and imply that, but for the Russians, the doubts and internal discord would not exist. Even if it is true, it'd be best off if the talk about Russian cyperspying should be kept quiet, away from public attention, while some meaningful steps are taken to address the deeper, domestic causes of the doubts and internal discord. What saddens me is that nobody is doing this, on either side. Instead, the dispute over the Russians has become yet another cause for doubt and internal discord. This is most troubling to me.
Posted by: kao_hsien_chih | 29 January 2018 at 12:08 AM
TTG wrote: "It's just a damned shame that more sources and methods will inevitably be burnt in the process."
I wonder how much the Russians were able to learn from this and all the similar stories that these so called unauthorized leaks have revealed. During the Flynn affair, weren't there leaks of the content of Russian diplomatic communications? Which are, of course, encrypted. Maybe they should thank us for all the free COMSEC support we are providing.
Posted by: mikee | 29 January 2018 at 06:25 AM
TTG, I fully agree with you and other SST'lers, the mixing up of several different unrelated matters is highly unfortunate. As much as the partisan way, that sometimes feels a bit hysterical to me.
To complicate matters this is "cyberwar", isn't it? Why shouldn't nitwits like me expect a bit of disinformation mixed in for good measure? Irony alert: To leave out other "communicative issues" like, e.g., that this is a perfect advertisement for CrowdStrike et al. Maybe not for all parties digging admiringly into the issue, but surely for the larger rest of security concerned out there? ;)
I found the Dutch article linked below more interesting. Maybe they will translated that one too? Although, I doubt. They had their hype.
The Dutch article helps to explain why flight MT17 surfaces in the narrative. Which surely drew a bit of attention here and elsewhere. If you look into the slightly more technical context, you'll realize they mention a persistent intrusion into the Belgian Foreign Ministry in 2013. Apparently it took quite a bit of time to get the "Snake" out of the system. ... It was attributed to Russia at the time, and we are told the intruding party was interested in NATO matters related to the Ukraine.
Here is a minor trace from Belgium:
http://deredactie.be/cm/vrtnieuws.english/News/1.2053207
I could imagine that number 5 in the Dutch article is interesting related to the larger leak vs hack DNC hack debate. As you, I didn't find the argument very convincing at the time. ...
They suggest how the ex filtration of the documents the NL group watched worked. The infiltrators first encrypted then sent the packages to an existent IP address. Here care is taken that the shortest distance to that IP address is a satellite connection. The IP address since it does not recognize the packets sends them back to the satellite and are harvested there. ... I do not fully understand if there or on their way. Might be the latter.
Sounds pretty sophisticated. ;) But yes, I would need to ask people with a lot more knowledge then me.
*******
But basically this has also been discussed there is a larger national context too. The NL are in the process of debating an update to their security laws. That might be more relevant then MT17. And basically, that's from the top of my head with a hat tip to the partisans here, the NL also belongs into the group of European tax heavens, Amsterdam has exquisite schemes to save taxes for multinationals. The Dutch may not like the heightened competition Trump's tax laws bring in this context. ;)
Posted by: LeaNder | 29 January 2018 at 06:56 AM
oops forgot the link, while babbling on:
https://www.volkskrant.nl/tech/unieke-inkijk-in-werkwijze-zo-halen-russische-hackers-gestolen-data-binnen~a4562176/
Posted by: LeaNder | 29 January 2018 at 06:59 AM
Jack asks, "How do you think that plays out in the mid-terms?"
I don't think it would matter much. Even Trey Gowdy is on record supporting Mueller, twice in the last week.
Posted by: Lee A. Arnold | 29 January 2018 at 07:08 AM
Russia seeks to weaken our resolve so that we are not in a united position to confront her. I never said it was a bad Russian plan.
I didn't want to comment on this whole affair, but I might as well.
1. Russians are aware of the United States on several orders of magnitude more than it is vice-versa. It is not a theorem--it is an axiom, US "Russia Studies" field from top to bottom is a joke, including "expertise" from IC. It cannot be fixed--it is the in the ideological DNA of US current "elites". The clock work of decision making is not working right--it can't. As this article so well demonstrates.
2. This whole discussion becomes absolutely pointless and amateurish once one takes a balance sheet of the events starting from 2008 till today and sees a testimony to an utter sheer failure of the much vaunted US IC and political institutions to answer just about anything Russia presents to the US by a mere fact of her existence.
In conclusion: Russia is not interested in US collapse or departure from the international arena--why it is so is a separate affair, I am not sure that many people are ready to talk about it with facts in the US, see reasons above. But Russia sure as hell sees no reason the United States should get its "resolve" (whatever that is in US strategy-mongering lingo)into the areas of Russia's historic habitat. This is in a few sentences. When my book published this year you may try reading it to understand why US failure to get into the OODA loop of strategic decisions, as well as lack of any knowledge of Russia's history played a crucial role in the American strategic failure globally in the 21st century. In the end, "We saw the enemy and it is us." (c)
Posted by: SmoothieX12 | 29 January 2018 at 09:36 AM
Every country - barring Switzerland - is rife with doubt and internal discord. It does not help the discussion.
Posted by: Babak Makkinejad | 29 January 2018 at 10:52 AM
I agree, SmoothieX12. The failures in US strategic policy and decision making is self-inflicted. The quality of decision making by our "elites" clearly have declined if taken from a national interest perspective. Yes, they as a group and as individuals have done well by amassing even more wealth as reflected in the unprecedented wealth inequality even rivaling the 1920s. The whole revolving door system of political appointees wherein only the foxes are put in charge of the government henhouse. A simple fact is concentration of both economic and political power over the past several decades. The political duopoly with a singular set of policies yet the bread & circuses of partisan conflict. For example, there were some 50 media companies in the late 70s, now we have consolidated it to 5 major media businesses. They are now in a complete symbiotic relationship with the political establishment and the governmental elite.
We are no longer at least from a national perspective getting into anyones OODA loop since we are spiraling out of control internally. Who could have imagined even just a few decades ago that the entire national security apparatus would be weaponized for partisan purposes against a national presidential candidate and then a duly elected president? The attention of the leadership of these agencies is focused on that, not getting into the OODA loop of any adversary.
The elites want big government in a symbiotic relationship with big business. They propagandize the American people to voluntarily give up their liberty to ostensibly seek greater security, just as they sold the American people to voluntarily ship their industrial base overseas and financialize the US economy.
As David Habakkuk noted here, the west and the US in particular at least from a leadership perspective has devolved into idiocy. The time line if seen from charts of total systemic debt, which is a good proxy for financialization, is from the late 70s on with acceleration since the Bill Clinton era.
Posted by: blue peacock | 29 January 2018 at 11:22 AM
Is the ball gonna start to roll? McCabe leaving FBI early by taking extended vacation so that he still gets his pension. Taxpayers will pay him for the rest of his life even though he has to leave for potential malfeasance and criminal acts while playing an important role in the FISA abuse. This is exactly what is wrong in DC. No accountability if you are high up on the totem pole.
Posted by: Jack | 29 January 2018 at 01:23 PM
Jack,
"...even though he has to leave for potential malfeasance and criminal acts ..."
Got some evidence of that Jack? How long does it take to earn pension benefits in the civil service? Does McCabe qualify? How about acrued vactation and comp time; does he have any of that or didn't you ask him?
Posted by: Fred | 29 January 2018 at 01:59 PM
TTG,
I think you protest too much. The Forensicator stuff made no sense on practically every level. As did the "physically examine the server" thing you were discussing above. Not to mention the "lost messages" conspiracy theory of last week, which was just plain silly.
A lot of these conspiracy theories rely on utter technological BS, but if you say "metadata," everyone thinks you know what you're talking about.
If anyone is curious, "metadata" is information a server appends to a file, largely to help manage it (it's actually a separate file). When you get an email, the server takes things like the date it arrived, and name of sender, and so on, and creates a metadata file. Your email program uses that to, among other things, populate the information in your email inbox, manage the attachments, and so on. When you forward the email, you often see some of the metadata in the upper portion of your email. However, the program that receives the email creates its own metadata file, which is different from yours. As a result, the inbox entries look entirely different. This is the same thing that happens on a server.
The Forensicator's entire premise is simply goofy. Once the file had changed hands a few times, the relevant Clinton metadata was long gone because it doesn't stay with the file. And if, as TTG suggests, it was bundled and unbundled, then it would be completely lost, since you would be creating new and different files.
Not to mention that he doesn't even get it right in the first place. The email server he's talking about was well capable of the transfer speeds he says are too much. It would be hard to pack more BS in a single document, but not only did he do it, he apparently tricked some pretty good people at it.
Posted by: shepherd | 29 January 2018 at 02:42 PM
"My comment about Russia trying to ensure “the US is rife with doubt and internal discord” echoes the finding in the DNI intelligence assessment on Russian efforts to interfere in our election."
Which was thoroughly debunked by Scott Ritter and others.
The notion that anyone with a brain in Russia would believe that any "propaganda" effort they could mount would have any significant influence on the election is ludicrous at best. So Reuters comes up with some "think tank with connections to Putin" - which on the face of it is nonsense. Putin is not an idiot.
Really, the only gullible one here is you.
Posted by: Richardstevenhack | 29 January 2018 at 02:45 PM
TTG,
They also have my full-throated professional admiration, although with a big reservation. They seem to be making the mistake of focusing too short term, while allowing the big picture to erode. This chart illustrates my point:
http://news.gallup.com/poll/1642/russia.aspx
Gallup's selection set skews liberal, but it's the trend line you want to look at.
Posted by: shepherd | 29 January 2018 at 02:58 PM
So Reuters comes up with some "think tank with connections to Putin" - which on the face of it is nonsense. Putin is not an idiot.
"Think tanks" with connection to Putin are well known, they are:
1. FSB
2. General Staff with its GRU analytical structures;
3. Security Council of Russian Federation.
4. Ministry of Foreign Affairs.
These are the real deal think tanks, not some hired for money collection of BSers which push the agendas of anyone who pays more. There are NO any other "think tanks" with "connection" to Putin.
P.S. Putin is not an idiot, but there are institutions which work hard 24-7 to help him in his not being an idiot.
Posted by: SmoothieX12 | 29 January 2018 at 03:03 PM
As David Habakkuk noted here, the west and the US in particular at least from a leadership perspective has devolved into idiocy.
The tragedy of the West is that it completely lost any ability to produce real statesmen. If one seriously begins to look at the time when the United States had what could be defined as a statesmen of both truly global and national proportions--this has to be Ike. After him the quality started to decline seriously and with the coming of Bill Clinton dropped precipitously.
The whole revolving door system of political appointees wherein only the foxes are put in charge of the government henhouse.
Absolutely true. It is especially startling for anyone with even rudimentary understanding of military.
Posted by: SmoothieX12 | 29 January 2018 at 03:11 PM
Smoothiex12
George Marshall above all. pl
Posted by: turcopolier | 29 January 2018 at 03:12 PM
George Marshall above all. pl
Agree 150%.
Posted by: SmoothieX12 | 29 January 2018 at 03:19 PM
This is an alliance-wide phenomenon and not only confined to the United States.
Posted by: Babak Makkinejad | 29 January 2018 at 03:53 PM
Patience Fred.
Are you saying that pension should be payable even if malfeasance occurred during time in office?
https://saraacarter.com/mccabe-resigns-fbi-director-wray-reviews-house-fisa-abuse-memo/
Posted by: Jack | 29 January 2018 at 03:58 PM
Jack,
Has McCabe been convicted of a crime the punishment of which would include forfeiture of any pension earned?
Posted by: Fred | 29 January 2018 at 06:38 PM