Nytt

Bildet: FSB-hovedkvarteret på Ljubljanka-plassen i Moskva.

Den nederlandske etterretningstjenesten AIVD hacket seg inn hos to russiske hackersentraler, Cozy Bear og Fancy Bear, som holder til i lokaler like i nærheten av den Røde plass i Moskva, skriver Volkskrant.

Det er en utrolig historie: Nederlenderne hacket seg inn på et overvåkingskamera utenfor lokalene og var i stand til å overvåke alle som kom og gikk.

According to the Dutch media report, Dutch intelligence agency AIVD first hacked into Cozy Bear, situated in a university building next to Moscow’s Red Square, in summer 2014. About 10 hackers were there at any given time, and the Dutch hacked into a security camera showing who entered and exited the room. Pictures were taken of all visitors; these were compared to images of known spies.

Høsten 2014 forberedte russerne seg på et storstilt angrep på amerikansk UD, State Department. Nederlenderne varslet amerikanerne.

In November 2014, the Volkskrant report said, Dutch intelligence were watching as the Russian hackers geared up for their cyberattack on the State Department. The Dutch tipped off U.S. intelligence, and a 24-hour cyberbattle ensued between the Russian attackers and U.S. defenders, with Dutch spies in their corner. The State Department attack was beaten back, but not before Cozy Bear had phished the White House by sending an email to a staffer who opened it and clicked on a link within, believing it was from a State colleague.

Nederlenderne fikk overbevist Det hvite hus om at russerne hadde trengt gjennom og var på innsiden av deres kommunikasjonsnettverk.

The Dutch alerted U.S. intelligence that Cozy Bear had gained access to White House email servers. The head of AIVD said there was «no question» the Russian government was behind Cozy Bear’s hacking.

Russerne drev altså statlig styrt hacking lenge før valgkampen. De hadde allerede know-how.

Den brukte de til å trenge inn i Demokratenes hovedkvarter. Demokratenes sikkerhetsfirma Crowdstrike var sene med å oppdage hva som foregikk:

Cybersecurity company CrowdStrike reportedly first noticed the DNC hack by two Russian intelligence groups on June 14, 2016; CrowdStrike CTO Dmitri Alperovitch wrote in a blog post at the time that they were called upon by the DNC to investigate a suspected breach and «immediately identified two sophisticated adversaries on the network – COZY BEAR and FANCY BEAR.»

«In fact, our team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups we encounter on a daily basis. Their tradecraft is superb, operational security second to none and the extensive usage of ‘living-off-the-land’ techniques enables them to easily bypass many security solutions they encounter,» Alperovitch said. «…Both adversaries engage in and are believed to be closely linked to the Russian government’s powerful and highly capable intelligence services.»

Det er flere spørsmål knyttet til hacking av demokratenes hovedkvarter. Hvorfor fikk ikke FBI undersøkt serverne? Da kunne man bedre visst hvem som hadde hacket seg inn og når. Kanskje man kunne kastet lys over hvem som ga John Podestas eposter til wikielaks?

Ifølge artikkelen er AIVD blitt mer reserverte siden Donald Trump ble valgt og deler ikke info i samme grad.

Dutch Spies Infiltrated Russian Hacking Unit Before DNC Attack