Dutch spies tipped off NSA that Russia was hacking the Democrats, new reports claim

Netherlands intelligence penetrated Russia's US election hackers and alerted US counterparts, sources say.
Written by David Meyer, Contributor

The Netherlands AIVD's access to the Russian hackers' networks yielded "crucial evidence" of Russian involvement in the Democratic leaks.

Image: AIVD

When hackers operating next to Moscow's Red Square launched an attack against the Democratic Party in 2015, someone was watching. And that someone, according to new reports, was the Dutch General Intelligence and Security Service (AIVD).

Netherlands newspaper de Volkskrant and the public broadcaster NOS reported on Thursday evening that AIVD hackers had penetrated the Russian operation back in the summer of 2014.

The Russian operation was what security researchers at CrowdStrike would later dub Cozy Bear, which, along with a separate group called Fancy Bear, emerged as the prime suspects for the hacking of the Democratic National Committee (DNC) during the 2016 presidential election campaign.

The emails covered communications spanning 2015 and the early months of 2016 and -- when they appeared on a site called DCLeaks and on Julian Assange's WikiLeaks in mid-2016 -- they greatly embarrassed the Democrats at a crucial time in the campaign.

Apart from reams of sensitive personal information, the emails demonstrated that the DNC had clearly favored the candidacy of Hillary Clinton during the Democratic primaries, and had undermined Bernie Sanders' bid to take on the Republicans from the left.

According to the new reports, the AIVD's access to the Russian hackers' networks yielded "crucial evidence" of Russian involvement in the DNC leaks, a matter that is now a key focus of special prosecutor Robert Mueller's investigation into possible collusion between Donald Trump's campaign and the Kremlin.

Download now: System update policy (free PDF)

What exactly did the Dutch spies learn about Cozy Bear, also known as APT29? The precise details remain a mystery for now, but Thursday's reports draw on six US and Netherlands sources to argue that the Russian operation was responsible for attacks around the world since 2010.

Targets included "governments, energy corporations and telecom companies", some of them in the Netherlands.

Cozy Bear apparently comprised around 10 active agents at most times. The AIVD managed to hack into the security camera watching those entering and leaving the hackers' room in a university building, which allowed the Dutch to figure out that Russia's Foreign Intelligence Service (SVR) was running the operation.

After the Dutch intelligence agency spotted the Russians hacking the US State Department and warned the NSA, a 24-hour-long battle between attackers and defenders reportedly ensued.

Before being booted out of the State Department's systems, the Russians managed to send a plausible-looking email to the White House, which in turn gave them access to servers holding some of then-president Barack Obama's emails.

In return for all this intelligence, the Americans reportedly sent some back to their Dutch counterparts, along with cake and flowers. However, the story has a sour ending.

With Trump denying any Russian support in his victory, US intelligence has been leaking like a sieve to prove the contrary. According to de Volkskrant, these leaks angered the Dutch, who didn't want their access -- now lost -- to be revealed, even if they were not specifically identified to the media as the source of all this crucial information.

As is the case with Israel and the UK, both of which have been burned by Trump himself after divulging intelligence to the US, the Dutch are now warier about sharing the secrets they find with the Americans.

Previous and related coverage

Four things we learned when Facebook, Google, Twitter testified in Russia inquiry

Tuesday's hearing in the Senate marks the first of several hearings involving the tech giants and how Russian-backed hackers and propagandists used their services to spread misinformation and false news.

Google: Russian groups did use our ads and YouTube to influence 2016 elections

Google, Facebook, and Twitter reveal how Russian agents reached millions of US voters before the 2016 election.

The hackers that never went away: Brace for more state-backed attacks, leaks and copycats this year

Attacks on the US presidential election might just be the beginning; expect more hacking and leaking this year across the globe.

US election hack: Microsoft wins latest round in court against Fancy Bear phishers

A US judge has banned the Fancy Bear hackers from attacking Microsoft's customers.

Democrats urge Facebook and Twitter to probe Russian bots (CNET)

Sen. Dianne Feinstein and Rep. Adam Schiff have asked the companies to investigate Russian involvement in the #ReleaseTheMemo social media campaign.

Editorial standards