Dutch intelligence agents were the first to discover that Russian government hackers supposedly attacked the 2016 United States presidential election, and even now might possess video proof that hackers from the Russian intelligence-linked group now known as “Cozy Bear” regularly attacked United States computer systems, including the White House computer network and the State Department, according to a joint investigative report by the Dutch newspaper de Volkskrant and public television network NOS.
But the Dutch spies, who hacked into the Russian hackers’ own computers as well as into security cameras in the hackers’ Moscow headquarters, also witnessed the Russians breaking into servers owned by the Democratic National Committee as early as 2015, according to the reports.
Another Russian hacking group, dubbed “Fancy Bear” by U.S. security specialists, purportedly staged a hack of DNC servers in 2016, stealing thousands of internal emails and documents which were then posted on the site Wikileaks, as well as on other online sites.
The Dutch spies alerted their American counterparts in the Central Intelligence Agency and National Security Agency every time they saw a Russian hacking attack take place — but despite the warnings, the DNC servers remained vulnerable to later attacks.
“It is not clear why the hacks at the DNC could continue for so long despite the Dutch warnings,” journalists for the TV network NOS wrote in their report published Friday. In the following video, NOS reporter Eelco Bosch van Rosenthal summarizes the investigation’s findings.
WATCH: I spoke to the Dutch journalist @eelcobvr who broke the news that Dutch intel spied on Russian “Cozy Bear” hackers and warned the U.S. government. Here’s Eelco Bosch van Rosenthal from CNN affiliate NOS: https://t.co/9texznwavG
— Robyn Curnow (@RobynCurnowCNN) January 26, 2018
A hacker from the Dutch intelligence agency AIVD, known in English as the General Intelligence and Security Service, first infiltrated the Cozy Bear network in 2014. Despite their own ingenuity in breaking into U.S. government computers, the Russians remained oblivious to the Dutch spies watching their every move. The AIVD cyber spies roamed so freely throughout the Cozy Bear network that they were able to access the closed-circuit TV cameras in the building where the Russian hackers worked, just off of Moscow’s famed Red Square.
The Dutch intelligence agents used images from the security cameras to identify personnel who worked in the building, matching the pictures against images of known Russian intelligence agents. Using the images, the Dutch spies determined that Cozy Bear was operated by Russia’s Foreign Intelligence Service, known as the SVR.
The Dutch media reports cite “six American and Dutch sources who are familiar with the material” saying that the AIVD operation has provided crucial evidence that helped lead the U.S. intelligence agencies to conclude that Russia was behind the 2016 election hacks, including the DNC hack and a later hack of John Podesta, who chaired the campaign of Democratic nominee Hillary Clinton.
Read the entire de Volkskrant report on the Dutch operation by visiting this link.
But the Dutch, according to the reports, have been reluctant to share intelligence information with the U.S. government under the Donald Trump administration, citing Trump’s repeated denials that Russia was, in fact, responsible for the 2016 election hacks that intelligence experts say were designed at least in part to help tilt the election toward Trump.
Rob Bertholee, director of the AIVD, said that his agency will be “extra careful” in sharing intelligence with the Trump administration, likely due to Trump’s apparent sympathies for Russia and the country’s president, Vladimir Putin. In May of 2017, Trump met with two top Russian government officials in the Oval Office — where he allegedly leaked classified information about an Israeli intelligence source to the Russians.