Dutch Security Services Infiltrated Russian DNC Hackers
Dutch security services watched Russian hackers break into email accounts at the State Department, the White House, and the Democratic National Committee and passed critical intelligence along to U.S. officials between 2014 and 2016, according to a report Thursday in the Dutch news outlets Nieuwsuur and Volkskrant.
This intelligence from Dutch security services reportedly prompted the Federal Bureau of Investigations to first look into Russian meddling in the 2016 U.S. presidential election.
In the summer of 2014, Dutch AIVD and MIVD intelligence agencies infiltrated computers used by Cozy Bear, one of two state-sponsored Russian hacking operations U.S. intelligence officials believe swiped emails and other documents from the DNC in 2016. Their goal was to influence the general election in favor of President Donald Trump.
At the time, Cozy Bear was based out of a university building near Red Square, in Moscow, the outlets reported. Dutch intelligence infiltrated their systems so completely that they were able to capture security footage of the hackers as they entered and exited the room where they worked.
Most significantly, the Dutch spies captured footage that proves Cozy Bear operated under the direction of Russia’s Foreign Intelligence Service, according to Volkskrant.
The new report cites “six American and Dutch sources who are familiar with the material, but wish to remain anonymous,” according to Volkskrant.
Last April, The Washington Post first reported details of a 24-hour pitched battle that occurred in 2014 between the U.S. National Security Agency and Russian hackers who had infiltrated unclassified State Department email systems.
“It was hand-to-hand combat,” former NSA Deputy Director Richard Legett told a cyber forum at the Aspen Institute last March, according to The Post.
The NSA eventually cut off Cozy Bear’s access to computers at the State Department, according to the reports in both The Post and Volkskrant. But Russian hackers were able to use their brief State Department access to compromise computers systems at the White House, Volkskrant reported Thursday.
The relationship between Dutch and U.S. intelligence agencies grew so close, according to Volkskrant, that U.S. officials sent their Dutch counterparts cake and flowers to express their appreciation. In 2016, Rob Bertholee and Pieter Bindt, who headed AIVD and MIVD, met then-Director of National Intelligence James Clapper and outgoing NSA Director Michael Rodgers.
That same year, email servers at the Democratic National Committee were infiltrated by Cozy Bear and another group of state-sponsored Russian hackers, Fancy Bear, that acted independently. Those emails would later leak to the online transparency group Wikileaks, which published them as part of what U.S. intelligence agencies believe was a Russian campaign to sway the election toward Trump.
Dutch intelligence reportedly passed key intelligence about the DNC hack to U.S. officials. That triggered an ongoing investigation into Russian election meddling by the Federal Bureau of Investigations.
At some point, Dutch security services lost access to Cozy Bear’s systems. But they also came to trust their American counterparts less. The Washington Post report from last April attributed the tipoff about the 2014 State Department hack to a “western ally.” That leak upset Dutch officials who felt their American counterparts had betrayed their trust, according to Thursday’s reports.
President Donald Trump has also openly praised Russian President Vladimir Putin while criticizing the very U.S. security services the Dutch worked alongside so closely. Trump’s position reportedly made Dutch officials nervous about sharing future intelligence.
A spokesperson for Russian President Vladimir Putin, Dmitry Peskov, criticized Thursday’s report.
“If the Dutch media want to fuel anti-Russian hysteria in the U.S., it’s an activity that can’t be called honorable,” Peskov told the Associated Press.
Dutch officials did not confirm or deny the report. “I cannot not go into causation,” Dutch Interior Minister Kajsa Ollongren told Nieuwsuur, according to a translation. “In general, I have pointed to the risk of state actors trying to influence democracies by, for example, spreading disinformation or hacking. And not for nothing.”
Joshua Eaton is an investigative reporter at ThinkProgress. His work has also appeared at The Washington Post, The Boston Globe, The Christian Science Monitor, Al Jazeera America, The Intercept, PRI’s The World, and Teen Vogue. Before joining ThinkProgress, Joshua was a digital producer at the New England Center for Investigative Reporting (now The Eye) and WGBH News.
ThinkProgress is launching a membership program to help fund our work.
If just a small percentage of our readers chip in a few dollars each month, we’ll be able to do more to hold the administration and their allies accountable.
If you invest in us, we also want to invest in our relationship with you. We’re creating a members-only Facebook page where you can interact with ThinkProgress writers and editors, talk about your ideas for stories, and connect with each other.