Tag: cozy bear
Dutch Spies Caught Russian Hackers Invading Obama White House and Democratic Party

Dutch Spies Caught Russian Hackers Invading Obama White House and Democratic Party

Dutch spies alerted their American counterparts as early as 2014 about Russian hacking into State Department and White House computers and subsequent Russian hacking of the Democratic Party in the 2016 election, according to a series of reports in Dutch media.

The joint investigation by de Volkskrant newspaper and Nieuwsuur (“News Hour”), a current-affairs television program, describe how Dutch intelligence experts accessed the Russian hackers’ computers and cameras in hallways at a university in Moscow. The Dutch spies watched a team of Russian hackers infiltrate the State Department, the White House and the Democratic Party to pilfer emails and electronic documents, including 2016 campaign emails later published by Wikileaks.

The disclosures add new details to Russian hacking of the 2016 presidential election, which, according to the Dutch reports, was part of a larger pattern of Russian meddling in Western elections. The reports also raise questions about why the Democratic Party did not sufficiently respond when alerted to the hacking, which shadowed the Democratic National Committee and Hillary Clinton’s campaign.

“In the summer of 2015, Dutch intelligence services were the first to alert their American counterparts about the cyber-intrusion of the Democratic National Committee by Cozy Bear, a hacking group believed to be tied to the Russian government,” Nieuwsuur’s report began. “Intelligence hackers from Dutch AIVD (General Intelligence and Security Service) had penetrated the Cozy Bear computer servers as well as a security camera at the entrance of their working space, located in a university building adjacent to the Red Square in Moscow.”

“Over the course of a few months, they saw how the Russians penetrated several U.S. institutions, including the State Department, the White House, and the DNC. On all these occasions, the Dutch alerted the U.S. intelligence services, Dutch TV program Nieuwsuur and de Volkskrant, a prominent newspaper in the Netherlands, jointly report on Thursday,” Nieuwsuur said. “This account is based on interviews with a dozen political, diplomatic and intelligence sources in the Netherlands and the U.S. with direct knowledge of the matter. None of them wanted to speak on the record, given the classified details of the matter.”

Dutch intelligence spied in real time on the hackers’ computers and a hallway security camera in a nearby corridor, the journalists said. They said the Dutch soon realized they were observing a notorious Russian cyber-espionage unit. The Dutch agents “consider Cozy Bear an extension of the SVR, the Russian foreign intelligence service, which is firmly controlled by President Putin.”

“The information shared by the Netherlands about the hacks at the DNC ended up on the desk of Robert Mueller, the special prosecutor leading the FBI investigation into possible Russian interference in the American elections,” Nieuwsuur said. “As early as December, the New York Times reported that information from, among others, Australia, the United Kingdom, and the Netherlands had propelled the FBI investigation.”

The journalists also offered new details about what information and communication channels were accessed across the U.S. executive branch and Democratic Party. The report also describes battles fought in cyberspace between Russian hackers and western counter-espionage technologists, with attacks, countermoves and continued assaults.

The Dutch news reports said their country’s intelligence service broke into the elite Russian operation four years ago, but initially did not know its significance.

“It’s the summer of 2014. A hacker from the Dutch intelligence agency AIVD has penetrated the computer network of a university building next to the Red Square in Moscow, oblivious to the implications,” Volkskrant reported. “One year later, from the AIVD headquarters in Zoetermeer, he and his colleagues witness Russian hackers launching an attack on the Democratic Party in the United States. The AIVD hackers had not infiltrated just any building; they were in the computer network of the infamous Russian hacker group Cozy Bear. And unbeknownst to the Russians, they could see everything.”

Soon after, the Dutch spy agency observed a real-time and successful Russian hacking attack on State Department and White House computers, Nieuwsuur reported.

“After a few months, in November 2014, the Dutch watched as the Russian hackers penetrated the computer network of the State Department. After being alerted to this by the Dutch intelligence chiefs, it took the Americans over 24 hours to avert the Russian attack, after a digital clash which, years later, at a discussion forum in Aspen, the Deputy Director of the NSA would refer to as hand-to-hand combat. Basing itself on intelligence sources, the Washington Post wrote that a Western ally had been of assistance. In the autumn of 2014, the Russians also gained access to the non-classified computer network of the White House. This allowed them to see confidential memos and non-public information about the itinerary of President Obama, and to at least part of President Obama’s email correspondence. These hacks, too, were exposed by the Dutch intelligence services, which subsequently notified the Americans.”

Volkskrant gave more details about the State Department and White House attacks.

“Using so-called command-and-control servers, digital command centers, the Russians attempt to establish a connection to the malware in the Department, in order to request and transfer information. The Americans, having been told by the Dutch where the servers are, repeatedly and swiftly cut off access to these servers, followed each time by another attempt by the Russians. It goes back and forth like this for 24 hours. Afterwards, sources tell CNN that this was the ‘worst hack attack ever’ on the American government. The Department has to cut off access to the e-mail system for a whole weekend in order to upgrade the security.

“Luckily, the NSA was able to find out the means and tactics of their attackers, deputy director of the NSA Richard Ledgett states at a discussion forum in Aspen in March 2017. ‘So we could see how they were changing their methods. That’s very useful information.’ On the authority of intelligence services, American media write that this was thanks to a ‘western ally.’ Eventually, the Americans manage to dispel the Russians from the Department, but not before Russian attackers use their access to send an e-mail to a person in the White House.”

Volkskrant reported the Russian hackers posed as a State Department employee to gain access to the White House’s computer networks.

“A White House official ‘thinks he’s received an e-mail from the State Department—the e-mail address is similar—and clicks a link in the message. The link opens a website where the White House employee then enters his login credentials, now obtained by the Russians. And that is how the Russians infiltrate the White House,’ the paper said, adding that successful hack even allowed Russia to spy on President Obama.

“They even gain access to the email servers containing the sent and received emails of President Barack Obama, but fail to penetrate the servers that control the message traffic from his personal Blackberry, which holds state secrets, sources tell the New York Times. They do, however, manage to access e-mail traffic with embassies and diplomats, agendas, notes on policy and legislation. And again, it’s the Dutch intelligence agencies who alert the Americans about this.”

Several months later, with the 2016 presidential election underway, the Dutch spy agency saw the Russian hackers turn to a new target: The Democratic Party. According to Volkskrant:

“That’s how the AIVD becomes witness to the Russian hackers harassing and penetrating the leaders of the Democratic Party, transferring thousands of emails and documents. It won’t be the last time they alert their American counterparts. And yet, it will be months before the United States realize what this warning means: that with these hacks the Russians have interfered with the American elections. And the AIVD hackers have seen it happening before their very eyes.

“The Dutch access provides crucial evidence of the Russian involvement in the hacking of the Democratic Party, according to six American and Dutch sources who are familiar with the material, but wish to remain anonymous. It’s also grounds for the FBI to start an investigation into the influence of the Russian interference on the election race between the Democratic candidate Hillary Clinton and the Republican candidate Donald Trump.”

The FBI investigation into Russian interference in the presidential election was taken over by former FBI director Robert Mueller in 2017. The information provided by the Dutch intelligence agencies to the U.S. spy agencies was the basis for top federal officials to state with confidence in late 2016 that Russia was behind the hacking.

The Dutch report raises new questions about incompetence at the Democratic National Committee, which needless to say, did not heed warnings about Russian hacking, even though a Democratic administration had been successfully attacked.

“It is not clear why the hacks at the DNC could continue for so long despite the Dutch warnings,” Nieuwsuur wrote. “Last year, the New York Times reported that for months, the DNC had not taken the FBI warnings seriously. Eventually, cybersecurity company Crowdstrike, which was investigating the matter on behalf of the Democratic Party, also concluded that Cozy Bear and Fancy Bear were jointly responsible for the hacks. According to the U.S. intelligence services, Russian officials eventually passed on the emails hacked by Fancy Bear to Wikileaks, which published them. The published emails caused a huge scandal in the American election campaign.”

The stolen DNC emails certainly caused a scandal, one that Robert Mueller and several congressional committees are still investigating. In the meantime, it appears that a leading Dutch TV program and newspaper have filled in many blanks about what happened in the election. Their reports raise new questions about why the federal government and the Democratic Party lost the opening rounds in this century’s early cyber-wars.

Steven Rosenfeld covers national political issues for AlterNet, including America’s democracy and voting rights. He is the author of several books on elections and the co-author of Who Controls Our Schools: How Billionaire-Sponsored Privatization Is Destroying Democracy and the Charter School Industry (AlterNet eBook, 2016).

PHOTO: A view shows a construction site near the Kremlin (L) and St. Basil’s Cathedral, with the Moskva river seen in the foreground, in central Moscow, Russia, March 1, 2016. REUTERS/Grigory Dukor