Now that Robert Mueller, the Russiagate special counsel, has indicted 13 Russian actors—including the shadowy Internet Research Agency, the “troll farm” that used social media to help elect Donald Trump, as well as Yevgeny Prigozhin, a key Russian oligarch and friend of Vladimir Putin—for meddling in the 2016 US presidential election, could his next act be to indict Russians involved in the hacking attack against the Democratic National Committee and John Podesta? Important evidence, including secrets obtained by Dutch intelligence, points in that direction.
In this space last week, I reported that as early as December 2016, just a few weeks after Trump’s Electoral College victory, The New York Times informed us that US intelligence agencies had identified specific individuals from Russian intelligence who’d overseen the hackers from APT28 and APT29, better known as, respectively, Fancy Bear and Cozy Bear. In other words, for more than a year now, and probably going back much longer, the US intelligence community—including the FBI, and therefore the investigators in the Office of the Special Counsel, too—has probably known who inside the GRU, Russia’s military-intelligence agency, and the SVR, its foreign-intelligence service, was responsible for the two bears, for the DNC and Podesta hacks, and presumably for the release of the stolen e-mails to WikiLeaks and other outlets in 2016.
In November 2017, The Wall Street Journal reported that the FBI and the Justice Department had identified at least half a dozen implicated Russians, and that the department is preparing to charge them with criminal acts as a result. “The Justice Department has identified more than six members of the Russian government involved in hacking the Democratic National Committee’s computers and swiping sensitive information that became public during the 2016 presidential election, according to people familiar with the investigation,” said the Journal report, by Aruna Viswanatha and Del Quentin Wilber. “Prosecutors and agents have assembled evidence to charge the Russian officials and could bring a case next year, these people said. Discussions about the case are in the early stages, they said.” Could bring a case next year—meaning, 2018.
Neither the 2016 Times report nor the Journal’s story in November said much about how the United States might have identified the Russians. Now, thanks to a report in the Dutch newspaper de Volkskrant by Huib Modderkolk, it appears that as early as 2014 Holland’s General Intelligence and Security Service (AIVD) had hacked into Cozy Bear’s innermost workings—including, astonishingly, its internal security cameras. And AIVD spent as long as the next two and half years watching Cozy Bear do its dirty work, including the DNC break-in. “Unbeknownst to the Russians, they could see everything,” reported de Volkskrant.
In what follows, I’ll report many of the details contained in the Dutch paper’s report. Some points to begin with, however:
First, it’s been widely reported for more than a year that the CIA, FBI, and NSA learned some of what they know about Russia’s 2016 election interference from allied intelligence services, including the Australians, the British, and the Dutch. (For instance, it was the Australians, we now know, who tipped off the US intelligence community when George Papadopoulos, a Trump campaign aide, drunkenly blabbed to an Australian diplomat that he’d learned in March 2016 the Russians had “dirt” on Hillary Clinton, including “thousands of emails.” Papadopoulos is now cooperating with Mueller under a plea agreement.) So it seems plausible that if the Dutch had intel about Cozy Bear, they shared it with the CIA under the usual allied-intelligence protocols.
Second, Mueller’s sweeping indictment last week of Russians involved in a pro-Trump social-media offensive generated by worker bees at the Internet Research Agency in St. Petersburg reveals that Mueller can build his criminal charges based on what we must assume is secret intelligence from wiretaps and electronic intercepts. (The 37-page indictment contains excerpts of internal communications from within the Russian conspiracy.) That means the material that was presumably shared with the NSA, the CIA, and the FBI by the Dutch can be used to assemble a criminal case against Russians involved in the DNC hacking, too. As important as Russia’s illegal social-media campaign was, it was the DNC-Podesta hack that led to nonstop headlines in the mainstream media citing those hacked (and then leaked) e-mails from mid-summer of 2016 right up to election day.
Third, Mueller’s indictment of the 13 Russians proves beyond any doubt that he’s not just looking at possible collusion with Russia or obstruction of justice by Team Trump, as crucial as those issues may prove to be. He’s also looking at Russiagate’s Original Sin, namely, Moscow’s meddling in 2016, including the DNC-Podesta hack, regardless of whether Trump, his family, his advisers, or his campaign aides had anything to do with them. For that reason alone, there is no doubt that a fair number of Russian operatives in St. Petersburg and Moscow are worried about not only being indicted but being sanctioned, which could affect their finances as well as their ability to travel outside Russia.
And finally, all parties involved—including Mueller, the congressional committees, and the US intelligence community itself—should start releasing the classified intelligence that pertains to Russiagate. It can be scrubbed of “sources and methods,” of course. But, as Leonid Bershidsky and Eli Lake have argued separately in Bloomberg View, the more secrets declassified, the better. For one thing, it’ll quiet the conspiracy theorists.
So, with all that in mind, let’s look at what de Volkskrant reported.
According to the paper, the Dutch AIVD and the Dutch Military Intelligence and Security Service (MIVD) cyber operations team, under the umbrella of what the Dutch call the Joint Sigint Cyber Unit, managed to penetrate directly into Cozy Bear’s internal computer network. That network, according to de Volkskrant, was housed “in a space in a university building near Red Square.” The actual location of Cozy Bear’s operational facility had not previously been disclosed.
De Volkskrant notes that the Dutch turned their spies onto the Russian hackers just around the time that a Malaysian airliner, Flight MH-17, was shot down over Ukraine on July 17, 2014, by Russian-backed rebels in eastern Ukraine. Many Dutch citizens died aboard Flight MH-17, giving AIVD a special motive to intensify its counterintelligence work against Moscow. By November 2014, AIVD began tracking Cozy Bear’s attempts to hack into the US State Department, says the paper, and the Dutch quietly informed the NSA about what they’d learned.
By hacking into Cozy Bear, AIVD gained enormous amounts of live, real-time intelligence, allowing them to “trace the Russian hackers’ every step.” In the words of de Volkskrant: “That’s how the AIVD becomes witness to the Russian hackers harassing and penetrating the leaders of the Democratic Party, transferring thousands of emails and documents.… And the AIVD hackers have seen it happening before their very eyes.”
AIVD acquired granular detail, including photographs of Russian operatives coming and going. “The group’s composition varies, usually about ten people are active. The entrance is in a curved hallway. A security camera records who enters and who exits the room. The AIVD hackers manage to gain access to that camera. Not only can the intelligence service now see what the Russians are doing, they can also see who’s doing it. Pictures are taken of every visitor. In Zoetermeer [AIVD’s headquarters, the Dutch equivalent of the CIA’s Langley], these pictures are analyzed and compared to known Russian spies,” reported de Volkskrant. “They’ve acquired information that will later prove to be vital.”
If this report is accurate, and so far it hasn’t been challenged, it appears that Mueller and the FBI—relying not only on AIVD’s identification of GRU and SVR officers but also on the CIA’s facial-recognition technology and its files on Russian spies—can use those IDs to make a case for an indictment paralleling the just-announced indictment of the Internet Research Agency and its dozen-plus operatives. The report in de Volkskrant doesn’t mean that the information shared with the United States by AIVD is the only source that identifies the Russians involved. If the underlying intelligence that went into the January 2017 Intelligence Community Assessment is released, we’ll learn a great deal more about what those other sources might have been.
Following the release of Mueller’s indictment of the 13 Russians on Friday, Trump descended into a paroxysm of unhinged tweets, with 10 over a 13-hour period. He attacked “Liddle Adam Schiff” (the Democratic congressman on the House intelligence committee), blamed the FBI for the Florida high-school massacre because the bureau is allegedly too obsessed with Russiagate, and claimed that he has never said that Russia didn’t meddle in the election, though he’s said exactly that countless times. Trump attacked his own national security adviser, H.R. McMaster, who said in a speech in Munich that the evidence for Russia’s interference is “incontrovertible.” And, weirdly, Trump said that because of Russiagate, “they are laughing their asses off in Moscow.”
There’s more to come. One who may know a lot more than most of us, since he prepared the 2017 Intelligence Community Assessment, is James Clapper, President Obama’s former director of national intelligence. Appearing Sunday on CNN’s State of the Union, Clapper warned that we should be expecting additional indictments from Mueller.
Clapper first noted that last Friday’s indictment said nothing about Trump-Russia collusion. “The indictment very—as was the deputy attorney general’s statement, was very precisely and carefully worded, that the indictment itself reflected no collusion, in the same way that it acknowledged that the members of the Trump campaign were unwitting participants in this,” said Clapper.
But he added: “This is not to say there weren’t. And I do think there are other shoes to drop here besides this indictment, which, by the way, I think, does—did serve to validate with a higher evidentiary bar the intelligence community assessment that was rendered in January of 2017.”
There are, indeed, plenty of other shoes that might begin dropping from the centipede that is Russiagate, and Clapper suggested that among them might be news about “financial entanglements [of] the Trump Organization.”
But if the Dutch intel is correct, at the top of the list may be an indictment of more Russian “specialists” over the DNC break-in and leaking.