Russian Hacker Group Cozy Bear Was Hacked By Dutch Intelligence Service

AIVD Headquarters in Zoetermeer, Netherlands

The Netherlands’ AIVD gave the FBI critical evidence of the Russian government’s involvement in the 2016 hacking of the U.S. Democratic National Committee.

The Dutch General Intelligence and Security Service (AIVD)—the domestic security and counterintelligence agency in the Netherlands—successfully hacked into computers that were being used by the members of the Russian government-linked hacking group known as Cozy Bear.

Through this, intelligence services in the Netherlands were able to collect evidence of Russia’s hacking of the U.S. Democratic National Committee (DNC) in 2016, which was promptly provided to American officials. The news was initially reported in Volkskrant, a daily morning newspaper published in the Netherlands, and on the Dutch television news program Nieuwsuur.

According to the reports, hackers working for the Dutch General Intelligence and Security Service initially gained access to computers used by Cozy Bear in mid-2014. Dutch intelligence agents were then able to monitor the activities of Cozy Bear hackers for at least a year, even managing to watch them from security cameras they had gained access to.

In late-2014, AIVD agents were able to use the information gleaned from their surveillance activities to assist the FBI and NSA in ridding U.S. State Department computer networks of Russian Hackers who were attempting to gain access.

The 2016 Presidential Election: Russian Hackers Gain Access to DNC Networks and Email Accounts

AIVD agents watched, in real-time, as Cozy Bear hackers infiltrated the DNC’s computer networks in 2016. Unbeknownst to the Russians, AIVD hackers observed the Russians gained access to the email accounts of DNC officials and Democratic Party leaders and collected thousands of documents and emails.

Russian operatives would later release many of documents obtained by hackers through Wikileaks, D.C. Leaks, or Guccifer 2.0. Dutch officials provided this critical evidence of Russia’s involvement in the 2016 U.S. presidential elections to counterintelligence officials in the U.S. The evidence was, reportedly, a catalyst for the FBI initiating a counterintelligence investigation into the Russian government’s interference in the 2016 presidential election.

Cozy Bear is one of two hacking groups affiliated with the Russian government that infiltrated DNC networks in the run-up to the 2016 presidential election; the other is referred to as Fancy Bear. Cozy Bear has been linked to Russia’s Foreign Intelligence Service (SVR) by AIVD officials. Fancy Bear is widely understood to be connected to Russian military intelligence, GRU. Government officials and private sector cybersecurity experts believe the two groups conducted their activities independently of one another.

The report published by Volkskrant is based on the accounts of six American and Dutch sources familiar with the matter.  Security and intelligence officials in the Netherlands declined to comment on the subject when asked by reporters.

In the Hague, Dutch Interior Minister Kajsa Ollongren stated to reporters that she was “very happy that we have good security services in the Netherlands that do their work well. I can’t say anything about this case that has been published.”

Get the Global Security Brief
National Security & International Affairs Analysis in Your Inbox
You may opt-out at any time.
You might also like