Intelligence-sharing agreements between various countries are nothing new; the United States’ “Five Eyes” agreement between Australia, Canada, New Zealand, the UK, and the US is one well-known top-level alliance for sharing signals intelligence that dates back to the post-WW2 era. It’s just one of many systems, both formal and informal, the US has in place for sharing information with our allies (and, in certain specific instances, countries we normally wouldn’t label that way).
Generally, we don’t find out which nations specifically contribute intelligence in which cases, this being a cataclysmic breach of operational security in its own right. But a recent report suggests the Dutch national intelligence service shared critical data with US agencies back in 2014 and 2015 — material that underpinned the findings of fact issued by the US national intelligence communities joint assessment that Russia had hacked the DNC and interfered in the 2016 election.
According to a new report published by de Volkskrant, the Dutch intelligence agency AIVD penetrated the computer network of a university adjacent to Red Square back in 2014, only to later realize they had tapped into APT29, aka Cozy Bear, one of the Russian government-affiliated organizations that penetrated the DNC and targeted other US government departments at various points. One question raised by many during the tumultuous 2016 US presidential election was how the US government and its various institutions could be certain of its analysis. Then-candidate Trump once argued that the individual behind the intrusions “could be somebody sitting on their bed that weighs 400 pounds.”
We now know why various government agencies were certain of their conclusions. The building the Dutch hackers compromised had a closed-circuit TV network. Over a period of months, the AIVD team was able to watch everything the Russians did, including which specific individuals came and went. One reason the US intelligence agencies were so confident Russia was responsible was that the Dutch did a great lead of early legwork to demonstrate that known Russian intelligence operatives were working within Cozy Bear.
The de Volkskrant story implies that the Dutch government began targeting the Russians after the downing of MH17. In the aftermath of that attack, both the US and Ukraine stated that the missile was almost certainly fired from a Soviet-era Buk missile system.
Russia first claimed MH17 was shot down by a Ukrainian Su-25, before cycling through a variety of alternatives — it was a Ukrainian Su-25, using an Israeli missile, no, it was a Ukrainian Buk missile system (fired by Ukrainians as part of a false flag). Or that the plane was actually MH370 and full of corpses when it took off from Amsterdam. Or that the Ukrainian military was trying to assassinate Putin. The one thing Russia wasn’t interested in doing was admitting that Russia had anything to do with the attack in any way, shape, or form. Of the 298 people killed, 193 were Netherlands citizens. As motivations go, the idea that the Netherlands might’ve been motivated to go hacking around to see what it could find isn’t much of a stretch.
In November of 2014, the AIVD sees Cozy Bear launching attacks on the US State Department. It and the military organization MIVD coordinate with the FBI and NSA to thwart the attack in real time, with the Dutch literally watching the operation via CCTV provided courtesy of APT29. The intense attack occurs over 24 hours, and the Dutch assistance is critical enough that the NSA begins coordinating with AIVD directly.
This attack is the one NSA Deputy Director Richard Ledgett referred to as “hand-to-hand combat,” in a speech at the Aspen Institute in March 2017. At the time, Ledgett said the NSA had been assisted by a Western intelligence agency, one that had managed to hack the surveillance cameras being used by the attacking agency. Now we know the identities of the players — we had assistance from the Dutch, who’d been watching the Russians (and verifying their identities) for months at the time the attacks took place.
The de Volkskrant report notes that the Dutch may have traded information on Russian hacking attempts and tactics to the United States in exchange for data on the MH17 attack. The last twist in the story is that Dutch sources are apparently quite unhappy with the way Ledgett revealed the US had cooperated with a “Western ally” in its defense of the State Department back in 2014, because such assets are not supposed to be disclosed. But the story also implies that information revealed by the Dutch is part of why the various US government intelligence agencies were so confident in their own conclusions on who hacked the DNC.
A New Wave of Spectre-Class Attacks May Be Coming for Intel CPUs
A new set of CPU vulnerabilities could be inbound, with up to eight different attacks said to target Intel CPUs — but we'd recommend adopting a wait-and-see approach.
Serious Rowhammer Attacks Can Now Be Carried Out Remotely
Memory corrupting techniques used for local attacks can now be launched remotely, with no need for privilege escalation or direct system access.
North Korea Targeting Defectors with Android Malware Attacks
The attack likely infected around 100 targets, which isn't a huge number compared with most malware campaigns. However, these were all highly targeted infiltrations to gather intelligence on political opponents.