Did a Trumpling ‘burn’ a foreign intel operation spying on notorious Russian hackers?
Late yesterday, Dutch news outlet de Volkskrant, in a joint investigation with NOS television’s Nieuwsuur, reported an arguably bigger development in the Russiagate scandal than Thursday’s news about former reality TV show host Donald Trump wanting to fire Special Counsel Robert Mueller last June.
What report, you say? Well, stop yer grinnin’ and drop yer linen, ’cause yer jaw’s a’gonna hit the floor:
It’s the summer of 2014. A hacker from the Dutch intelligence agency AIVD has penetrated the computer network of a university building next to the Red Square in Moscow, oblivious to the implications. One year later, from the AIVD headquarters in Zoetermeer, he and his colleagues witness Russian hackers launching an attack on the Democratic Party in the United States. The AIVD hackers had not infiltrated just any building; they were in the computer network of the infamous Russian hacker group Cozy Bear. And unbeknownst to the Russians, the Dutch hackers could see everything.
Wait — WHAT???
Three American intelligence services state with ‘high confidence’ that the Kremlin was behind the attack on the Democratic Party. That certainty, sources say, is derived from the AIVD hackers having had access to the office-like space in the center of Moscow for years. This is so exceptional that the directors of the foremost American intelligence services are all too happy to receive the Dutchmen. They provide technical evidence for the attack on the Democratic Party, and it becomes apparent that they know a lot more. …
It’s unknown what exact information the hackers acquire about the Russians, but it is clear that it contains a clue as to the whereabouts of one of the most well-known hacker groups in the world: Cozy Bear, also referred to as APT29. Since 2010, this group has attacked governments, energy corporations and telecom companies around the world, including Dutch companies and ministries. Specialists from the best intelligence services, among them the British, the Israelis and the Americans, have been hunting Cozy Bear for years, as have analysts from major cybersecurity companies. …
With some effort and patience, the team manages to penetrate the internal computer network. The AIVD can now trace the Russian hackers’ every step. But that’s not all.
The Cozy Bear hackers are in a space in a university building near the Red Square. The group’s composition varies, usually about ten people are active. The entrance is in a curved hallway. A security camera records who enters and who exits the room. The AIVD hackers manage to gain access to that camera. Not only can the intelligence service now see what the Russians are doing, they can also see who’s doing it. Pictures are taken of every visitor. In Zoetermeer, these pictures are analyzed and compared to known Russian spies. Again, they’ve acquired information that will later prove to be vital.
AIVD was directly assisting the NSA and CIA in fending off attacks by Cozy Bear for the next three years, though one successful phishing attack got Cozy Bear into White House non-classified mail servers. And there is this important nugget:
Access to Cozy Bear turns out to be a goldmine for the Dutch hackers. For years, it supplies them with valuable intelligence about targets, methods and the interests of the highest ranking officials of the Russian security service. From the pictures taken of visitors, the AIVD deduces that the hacker group is led by Russia’s external intelligence agency SVR.
That’s an important distinction — not the FSB (successor to the KGB) but Russian external/military intelligence.
Before Trump trashed the place, America’s intelligence community thanked the Dutch hackers with new tools of the trade:
In 2016, the heads of the AIVD and MIVD, Rob Bertholee and Pieter Bindt, personally discuss the access to the Russian hacker group with James Clapper, then the highest ranking official of the American intelligence services, and Michael Rogers, head of the NSA.
In return, the Dutch are given knowledge, technology and intelligence. According to one American source, in late 2015, the NSA hackers manage to penetrate the mobile devices of several high ranking Russian intelligence officers. They learn that right before a hacking attack, the Russians search the internet for any news about the oncoming attack. According to the Americans, this indirectly proves that the Russian government is involved in the hacks. Another source says it’s ‘highly likely’ that in return for the intelligence, the Dutch were given access to this specific American information.
Fast forward to Election Day 2016: Trump
praised Russia, and president Putin in particular. This is one of the reasons the American intelligence services eagerly leak information: to prove that the Russians did in fact interfere with the elections. And that is why intelligence services have told American media about the amazing access of a ‘western ally’.
This has led to anger in Zoetermeer and The Hague. Some Dutchmen even feel betrayed. It’s absolutely not done to reveal the methods of a friendly intelligence service, especially if you’re benefiting from their intelligence. But no matter how vehemently the heads of the AIVD and MIVD express their displeasure, they don’t feel understood by the Americans. It’s made the AIVD and MIVD a lot more cautious when it comes to sharing intelligence. They’ve become increasingly suspicious since Trump was elected president.
A parallel article on NOS’s Nieuwsuur site says it more explicitly:
As of now, the AIVD hackers do not seem to have access to Cozy Bear any longer. Sources suggest that the openness of US intelligence sources, who in 2017 praised the help of a Western ally in news stories, may have ruined their operation. The openness caused great anger in The Hague and Zoetermeer. In the television programme College Tour, this month, AIVD director Bertholee stated that he is extra careful when it comes to sharing intelligence with the U.S., now that Donald Trump is President.
Does anyone else read into this particular paragraph that there are a whole lot of Dutch intelligence officials who believe someone on Team Trump had a nice chat with their extra-special Russian pals and burned AIVD?
That would, by the way, be espionage. And espionage is a capital offense.
The Washington Post is the first American paper to carry the story, and folds in a reminder that Trump is doing nothing about Russian hacker meddling here or anywhere else:
Russia’s hacking attacks not only targeted the United States but have also had major repercussions in Europe, where intelligence agencies have scrambled to stop Russian interference. In a congressional report released this January, Democrats raised renewed concerns about mounting evidence of Russian interference in at least 19 European nations.
The report, commissioned by Sen. Benjamin L. Cardin (D-Md.) and numbering more than 200 pages, directly criticizes President Trump for failing to respond to the threat, even as other nations in Europe have taken much stronger measures to counter Russian efforts in the region. “Never before has a president ignored such a clear national security threat,” Cardin wrote in an op-ed for The Post.
With all due respect, Senator, it would have been more accurate to say, “Never before has a president posed such a clear national security threat.”