Dutch ‘Cozy Bear’ Farce Does Not Show DNC Emails Were Hacked By Russians


by Adam Carter, Disobedient Media:

Yesterday saw the publication of an English language version of an article written by Huib Modderkolk by Dutch news site the Volkskrant, titled “Dutch agencies provide crucial intel about Russia’s interference in US-elections.”

The article explains how Dutch intelligence agency AIVD were monitoring “Cozy Bear” (APT-29) as far back as 2014, and states that a year later the intelligence agency witnessed an attack against the Democratic National Committee (DNC).

“That’s how the AIVD becomes witness to the Russian hackers harassing and penetrating the leaders of the Democratic Party, transferring thousands of emails and documents. It won’t be the last time they alert their American counterparts. And yet, it will be months before the United States realize what this warning means: that with these hacks the Russians have interfered with the American elections. And the AIVD hackers have seen it happening before their very eyes.”

However, despite all the above assertions, there was no major leak of documents related to the DNC in 2015. The emails that were released in 2016 were acquired earlier that same year – so, it’s not clear what it was the AVID saw “happening before their very eyes” so early on.

Of course, it’s unsurprising to read on and discover:

“The Dutch access provides crucial evidence of the Russian involvement in the hacking of the Democratic Party, according to six American and Dutch sources who are familiar with the material, but wish to remain anonymous.”

The article is already introducing ambiguity between Dutch and US-based sources and, of course, those sources want to be anonymous and are not attributed to the agencies or organizations they are affiliated with.

This is then followed by a statement that may create complications for those wanting to see accountability on what they suspect to be FISA abuses. The article relates:

“It’s also grounds for the FBI to start an investigation into the influence of the Russian interference on the election race between the Democratic candidate Hillary Clinton and the Republican candidate Donald Trump.”

The article also claims that the US intelligence community made their “high confidence” assessment on the back of AIVD’s intel:

“Three American intelligence services state with ‘high confidence’ that the Kremlin was behind the attack on the Democratic Party. That certainty, sources say, is derived from the AIVD hackers having had access to the office-like space in the center of Moscow for years.”

While it’s true that the Grizzly Steppe joint analysis report from December 31, 2016, does mention APT-28 and APT-29, much of the referenced material there comes from what was reported by CrowdStrike, Fidelis, etc in relation to their efforts to investigate in 2016 .

However, in the intelligence community assessment (ICA), the document that actually contains the majority of the conclusions (released on January 5, 2017) doesn’t even cite the APT group (“Cozy Bear”/APT-29).

Understandably, there’s no mention of AIVD but it’s extraordinary not to make a reference in the document to the APT group if certainty for assessments was derived in relation to it.

It’s also strange to make a reference to MH17 without actually explaining it’s relevance for context:

“The Dutch hacker team spends weeks preparing itself. Then, in the summer of 2014, the attack takes place, most likely before the tragic crash of flight MH17. With some effort and patience, the team manages to penetrate the internal computer network. The AIVD can now trace the Russian hackers’ every step. But that’s not all.”

Putting that oddity aside, we’re then told the following:

“The Cozy Bear hackers are in a space in a university building near the Red Square. The group’s composition varies, usually about ten people are active. The entrance is in a curved hallway. A security camera records who enters and who exits the room. The AIVD hackers manage to gain access to that camera. Not only can the intelligence service now see what the Russians are doing, they can also see who’s doing it. Pictures are taken of every visitor. In Zoetermeer, these pictures are analyzed and compared to known Russian spies. Again, they’ve acquired information that will later prove to be vital.”

We could question how they knew, remotely, where different IPs were on the network in relation to the CCTV. One may also wonder how it’s known that the IP traced there wasn’t just a botnet relay (University networks are often targeted). Another issue is in regards to whether there was any consequence from comparing photos with known Russian spies, but this was all in 2014 – so none of this even relates to the DNC being hacked.

The article continues, explaining that the state department was targeted in November 2014 – which was reported on by the mainstream press at the time.

Then, we get to this section of the text:

“Access to Cozy Bear turns out to be a goldmine for the Dutch hackers. For years, it supplies them with valuable intelligence about targets, methods and the interests of the highest ranking officials of the Russian security service. From the pictures taken of visitors, the AIVD deduces that the hacker group is led by Russia’s external intelligence agency SVR.”

What’s interesting about this is that the US intelligence community has attributed APT-29 and APT-28 to the FSB and GRU, not the SVR (which actually would have made more sense). The only time they mention the SVR in the JAR or ICA reports was about separate activity relating to 2010.

Read More @ DisobedientMedia.com