Friday, January 26, 2018

Cozy Bear, Fancy Bear and the Dutch

A new report has come out in the Dutch news about how the Dutch intel services were the first to detect and report Russian hacking into US systems, including the White House itself.
In the summer of 2014, the Joint Sigint Cyber Unit (JSCU) was launched, a joint unit of AIVD and MIVD, the Dutch Military Intelligence and Security Service. Based in the Dutch city of Zoetermeer, it focuses on, among other things, obtaining intelligence through cyber operations. That same summer, the unit received a tip about a group of Russian hackers based at a university complex in Moscow. An AIVD hacking team, operating under the JSCU flag, subsequently succeeded in penetrating the internal Russian computer network. Not only did the AIVD gain access the computer network, it also hacked the security camera in the corridor.

[...]

This allowed them to see exactly who entered the hacking room. Information about these individuals was shared with the US intelligence services. Dutch intelligence services consider Cozy Bear an extension of the SVR, the Russian foreign intelligence service, which is firmly controlled by President Putin.

[...]

After a few months, in November 2014, the Dutch watched as the Russian hackers penetrated the computer network of the State Department. After being alerted to this by the Dutch intelligence chiefs, it took the Americans over 24 hours to avert the Russian attack, after a digital clash.

[...]

In the autumn of 2014, the Russians also gained access to the non-classified computer network of the White House. This allowed them to see confidential memos and non-public information about the itinerary of President Obama, and to at least part of President Obama's email correspondence. These hacks, too, were exposed by the Dutch intelligence services, which subsequently notified the Americans.

[...]

In April 2016, Fancy Bear accessed the Washington servers of the Democrats; Cozy Bear had done so as early as the summer of 2015. Once more, the group was caught red-handed by the Dutch, who again alerted their U.S. counterparts.

It is not clear why the hacks at the DNC could continue for so long despite the Dutch warnings.Last year, The New York Times reported that for months, the DNC had not taken the FBI warnings seriously. Eventually, cybersecurity company Crowdstrike, which was investigating the matter on behalf of the Democratic Party, also concluded that Cozy Bear and Fancy Bear were jointly responsible for the hacks.

  NOS
And, of course, there was a huge scandal, and the 2016 election went tits up. I, along with other smarter folk, were not convinced by the reports at the time, because there was so much ambiguous information coming out in panicked tones. None of them indicated that the Dutch had been surveilling these Russian groups for two years already. One of the problems with having any trust in our intelligence and government pronouncements is the secrecy that they are either prevented from revealing because of actual national security (ours or allies) and their propensity to be secretive for the sake of being secretive.
Last Sunday on Dutch television programme College Tour, Rob Bertholee, head of AIVD, said that he had no doubt that the Kremlin was directly responsible for the Russian cyber campaign against U.S. government agencies. Bertholee as well as Pieter Bindt, who was heading MIVD at the time, personally discussed the DNC matter with James Clapper.

[...]

As of now, the AIVD hackers do not seem to have access to Cozy Bear any longer. Sources suggest that the openness of US intelligence sources, who in 2017 praised the help of a Western ally in news stories, may have ruined their operation.
Nice going, guys.
In the television programme College Tour, this month, AIVD director Bertholee stated that he is extra careful when it comes to sharing intelligence with the U.S., now that Donald Trump is President.
Understandable. He offered the Russian ambassador and the Foreign Minister top secret information that an intel ally had US counterparts about an IS threat, and told him where, in effect revealing which ally it was. And he leaked info about where we had submarines to Duterte.  Clueless fool.  We haven't heard any stories of this kind of blunder for months.  They may have quit giving him intel reports.  If they're smart, they did.

No comments: