Dutch ‘Cozy Bear’ Farce Does Not Show DNC Emails Were Hacked By Russians
Yesterday saw the publication of an English language version of an article written by Huib Modderkolk by Dutch news site the Volkskrant, titled “Dutch agencies provide crucial intel about Russia’s interference in US-elections.”
The article explains how Dutch intelligence agency AIVD were monitoring “Cozy Bear” (APT-29) as far back as 2014, and states that a year later the intelligence agency witnessed an attack against the Democratic National Committee (DNC).
“That’s how the AIVD becomes witness to the Russian hackers harassing and penetrating the leaders of the Democratic Party, transferring thousands of emails and documents. It won’t be the last time they alert their American counterparts. And yet, it will be months before the United States realize what this warning means: that with these hacks the Russians have interfered with the American elections. And the AIVD hackers have seen it happening before their very eyes.”
However, despite all the above assertions, there was no major leak of documents related to the DNC in 2015. The emails that were released in 2016 were acquired earlier that same year – so, it’s not clear what it was the AVID saw “happening before their very eyes” so early on.
Of course, it’s unsurprising to read on and discover:
“The Dutch access provides crucial evidence of the Russian involvement in the hacking of the Democratic Party, according to six American and Dutch sources who are familiar with the material, but wish to remain anonymous.”
The article is already introducing ambiguity between Dutch and US-based sources and, of course, those sources want to be anonymous and are not attributed to the agencies or organizations they are affiliated with.
This is then followed by a statement that may create complications for those wanting to see accountability on what they suspect to be FISA abuses. The article relates:
“It’s also grounds for the FBI to start an investigation into the influence of the Russian interference on the election race between the Democratic candidate Hillary Clinton and the Republican candidate Donald Trump.”
The article also claims that the US intelligence community made their “high confidence” assessment on the back of AIVD’s intel:
“Three American intelligence services state with ‘high confidence’ that the Kremlin was behind the attack on the Democratic Party. That certainty, sources say, is derived from the AIVD hackers having had access to the office-like space in the center of Moscow for years.”
While it’s true that the Grizzly Steppe joint analysis report from December 31, 2016, does mention APT-28 and APT-29, much of the referenced material there comes from what was reported by CrowdStrike, Fidelis, etc in relation to their efforts to investigate in 2016 .
However, in the intelligence community assessment (ICA), the document that actually contains the majority of the conclusions (released on January 5, 2017) doesn’t even cite the APT group (“Cozy Bear”/APT-29).
Understandably, there’s no mention of AIVD but it’s extraordinary not to make a reference in the document to the APT group if certainty for assessments was derived in relation to it.
It’s also strange to make a reference to MH17 without actually explaining it’s relevance for context:
“The Dutch hacker team spends weeks preparing itself. Then, in the summer of 2014, the attack takes place, most likely before the tragic crash of flight MH17. With some effort and patience, the team manages to penetrate the internal computer network. The AIVD can now trace the Russian hackers’ every step. But that’s not all.”
Putting that oddity aside, we’re then told the following:
“The Cozy Bear hackers are in a space in a university building near the Red Square. The group’s composition varies, usually about ten people are active. The entrance is in a curved hallway. A security camera records who enters and who exits the room. The AIVD hackers manage to gain access to that camera. Not only can the intelligence service now see what the Russians are doing, they can also see who’s doing it. Pictures are taken of every visitor. In Zoetermeer, these pictures are analyzed and compared to known Russian spies. Again, they’ve acquired information that will later prove to be vital.”
We could question how they knew, remotely, where different IPs were on the network in relation to the CCTV. One may also wonder how it’s known that the IP traced there wasn’t just a botnet relay (University networks are often targeted). Another issue is in regards to whether there was any consequence from comparing photos with known Russian spies, but this was all in 2014 – so none of this even relates to the DNC being hacked.
The article continues, explaining that the state department was targeted in November 2014 – which was reported on by the mainstream press at the time.
Then, we get to this section of the text:
“Access to Cozy Bear turns out to be a goldmine for the Dutch hackers. For years, it supplies them with valuable intelligence about targets, methods and the interests of the highest ranking officials of the Russian security service. From the pictures taken of visitors, the AIVD deduces that the hacker group is led by Russia’s external intelligence agency SVR.”
What’s interesting about this is that the US intelligence community has attributed APT-29 and APT-28 to the FSB and GRU, not the SVR (which actually would have made more sense). The only time they mention the SVR in the JAR or ICA reports was about separate activity relating to 2010.
Going further into the article, past the grossly familiar repetition of “undermining our democracy” hyperbole from Chris Painter, who expresses dismay that Russia would target politicians in the US, Volkskrant reports:
“In return, the Dutch are given knowledge, technology and intelligence. According to one American source, in late 2015, the NSA hackers manage to penetrate the mobile devices of several high ranking Russian intelligence officers.”
So here we return to an anonymous American source connected to the NSA, conceding that the NSA had hacked Russian intelligence officials in 2015. What did they learn from this?
“They learn that right before a hacking attack, the Russians search the internet for any news about the oncoming attack. According to the Americans, this indirectly proves that the Russian government is involved in the hacks.”
The one thing I’d inquire on here is whether the searches were genuinely specific to those attacks or whether Russian intelligence officials frequently search for hacks/leaks relating to America that may have been inferred as a causative correlation. With no examples cited, it’s difficult to assess whether it’s significant or a false-positive.
Continuing on, we are offered a speculative statement from another nameless source towards the conclusion of the text for no apparent reason. The final lines of the work address a topic with no direct connection to the rest of the story, but is nonetheless spewed out as follows:
“Another source says it’s ‘highly likely’ that in return for the intelligence, the Dutch were given access to this specific American information. Whether any intelligence about MH17 was exchanged, is unknown.”
If you think it’s odd that MH17 gets cited again, without cause or reason, you’re not alone (I know a few others have noticed this too).
As the article heads towards it’s conclusion, no reference to any technical details regarding the DNC being hacked is provided and there is no evidence cited that actually bolsters the hacking allegations we’ve already heard regarding the DNC.
Instead, we skip ahead to Clinton and Trump:
“After her defeat in November 2016, Clinton will say that the controversy about her leaked emails are what cost her the presidency.”
“President elect Donald Trump categorically refuses to explicitly acknowledge the Russian interference.”
That’s probably because:
- Many of the claims lack substance.
- The content that supposedly influenced America wasn’t about candidates or parties and it’s difficult to see how pushing adverts that were both for and against Black Lives Matter (just to use one the most common examples of ‘disinfo’ being cited) could have made any statistically significant change to the outcome of the election when it didn’t serve to alter perceptions of the candidates or parties.
- There’s evidence suggesting some parts of the alleged influence operations could have been mimicry engaged in by CrowdStrike.
- The stories about DHS confirming Russia hacked into voting infrastructure was bogus.
- The DNC’s intent of having Trump’s presidency nullified due to a premise that Russian subterfuge was the reason for him winning – is hardly something the DNC have been discrete about.
The article continues:
“It would tarnish the gleam of his electoral victory. He has also frequently praised Russia, and president Putin in particular. This is one of the reasons the American intelligence services eagerly leak information: to prove that the Russians did in fact interfere with the elections.”
And yet, despite all the resources at their disposal and a dragnet they maintain that catches all traffic in and out of the US, American intelligence services have been unable to provide any definitive proof supporting their assessments and have relied on assessing questionable evidence produced by a private-sector company that the DNC hired to investigate the alleged hacking of DNC emails while the DNC repeatedly rebuffed offers to assist and requests to investigate from intelligence agencies.
Finally, this evidence-lacking spin-fest of an article, devoid of any new evidence relating to the DNC having its emails acquired by unauthorized parties, concludes with:
“This has led to anger in Zoetermeer and The Hague. Some Dutchmen even feel betrayed. It’s absolutely not done to reveal the methods of a friendly intelligence service, especially if you’re benefiting from their intelligence. But no matter how vehemently the heads of the AIVD and MIVD express their displeasure, they don’t feel understood by the Americans. It’s made the AIVD and MIVD a lot more cautious when it comes to sharing intelligence. They’ve become increasingly suspicious since Trump was elected president.”
It’s disappointing, I’m sure, to hear AIVD “don’t feel understood” by the Americans. However, as Suzie Dawson pointed out, AIVD appear to be far from impartial and independent (even though the article gives that impression). In fact, it appears, from past leaks, that AIVD acts as a second-tier Third Party partner of the NSA and has had multiple points of contact available for the NSA to communicate with them ever since 2013.
Whether or not this is a deliberate effort to ‘gas-light’ us from one of the NSA’s international partners or not, one thing is for sure, the Volkskrant article contains nothing new or significant relating to the DNC being hacked or any details directly related to the emails being acquired.
For more reasons why the Volkskrant article is fake news, be sure to check out Suzie Dawson’s article too.