Report from Holland: Cable-bound interceptions and ‘dragnets’

Wet op de Inlichtingen- en VeiligheidsdienstenFor the past year, the Netherlands has had a new law governing its two secret services, the AIVD and the MIVD. The new Intelligence and Security Services Act (Wet op de inlichtingen- en veiligheidsdiensten or Wiv) was and still is heavily criticized, especially because it allows untargeted access to cable-bound telephone and internet traffic. Under the previous law, which dates from 2002, the intelligence services were only allowed to conduct bulk interception of wireless transmissions, like satellite and radio communications —besides of course the traditional targeted telephone and internet taps aimed at individual targets.

That prohibition of bulk cable tapping is not the only thing that makes Dutch intelligence services different from those of many other countries. Probably the biggest difference is the fact that the Wiv applies to both foreign and domestic operations, as if the two secret services were responsible for both domestic security and foreign intelligence.

The General Intelligence and Security Service (Algemene Inlichtingen- en Veiligheidsdienst, or AIVD) covers the civilian domain, and focuses at Jihadist terrorism, radicalization, rightwing and leftwing extremism, counter-intelligence and countering cyber threats. This is mostly domestic, but the AIVD also has a small branch that gathers foreign intelligence from and about a select range of countries. The Military Intelligence and Security Service (Militaire Inlichtingen- en Veiligheidsdienst, or MIVD) covers military issues, and is therefore more foreign-orientated than its civilian counterpart. The MIVD is responsible for the security of Dutch armed forces and for collecting foreign intelligence in military matters, while at the same time providing support of Dutch military missions abroad, like for example in Mali. When it comes to Signals Intelligence (SIGINT), the AIVD and MIVD combined their efforts in a joint unit called the Joint SIGINT Cyber Unit (JSCU), which became operational in 2014. The JSCU is responsible for most of the technical interception capabilities, from traditional wiretaps to cyber operations. The JSCU is not allowed to conduct offensive cyber operations. The latter are conducted by the Defence Cyber Command (DCC) of the Dutch armed forces. Read more of this post

Advertisements

Report from Holland: A heated debate over a new intelligence and security act

Wet op de Inlichtingen- en VeiligheidsdienstenOn March 21, the Dutch public cast their vote about the new Intelligence and Security Services Act, in Dutch Wet op de Inlichtingen- en Veiligheidsdiensten (or WIV). In this two-part post, we report about the debate currently taking place. In our first contribution, the discussion itself will be analyzed. In our second post, we will focus on the new special powers that the Act grants the Dutch intelligence community, more specifically the practice of cable-bound interception, which is central here.

First the discussion. Public unrest about the new intelligence act came rather late. In August, a group of concerned students from Amsterdam was able to collect more than ten thousand signatures for a consultative referendum on the Intelligence and Security Services Act, to which the House of Representatives agreed on 14 February, and the Senate on 11 July 2017. The students were supported by a variety of digital civil liberties organizations, including Amnesty International and Bits of Freedom, and successfully petitioned 300,000 signatures. By law (which has been abolished in the meantime) the Dutch government was required to hold a consultative referendum about the new Act.

What conclusions they will draw from a ‘yes’ or ‘no’ majority, based on whatever turn-out percentage, is unclear. Some leaders of the coalition parties, such as the Christian-Democratic parliamentary leader Sybrand Buma, have stated that they will ignore the referendum altogether. A bit late to the party (parliament has discussed and accepted the new Act throughout 2017), the concerned students and digital civil rights groups claim their goal is to start a discussion about the ‘tapping law’ or ‘vacuum cleaner capability’, most often referred to as the ‘dragnet law’ in popular metaphors. Although this complex and comprehensive law settles a variety of intelligence matters, the discussion has focused almost exclusively on the ‘dragnet’: the interception of communication traffic that runs through fiber optic cables, and the consequences of the application of this special power for the privacy of Dutch citizens. Read more of this post

Dutch spies identified Russian hackers who meddled in 2016 US election

Cozy BearDutch spies identified a notorious Russian hacker group that compromised computer servers belonging to the Democratic Party of the United States and notified American authorities of the attack, according to reports. In 2016, US intelligence agencies determined that a Russian hacker group known as Cozy Bear, or APT29, led a concerted effort to interfere in the US presidential election. The effort, which according to US intelligence agencies was sponsored by the Russian government, involved cyber-attacks against computer systems in the White House and the Department of State, among other targets. It also involved the theft of thousands of emails from computer servers belonging to the Democratic National Committee, which is the governing body of the Democratic Party. The stolen emails were eventually leaked to WikiLeaks, DCLeaks, and other online outlets. Prior descriptions of the Russian hacking in the media have hinted that US intelligence agencies were notified of the Russian cyber-attacks by foreign spy agencies. But there was no mention of where the initial clues came from.

Last Thursday, the Dutch current affairs program Nieuwsuur, which airs daily on Holland’s NPO 2 television, said that the initial tipoff originated from the AIVD, Holland’s General Intelligence and Security Service. On the same day, the Dutch newspaper De Volkskrant published a detailed account of what it described as AIVD’s successful penetration of Cozy Bear. According to these reports, AIVD was able to penetrate Cozy Bear in mid-2014, before the hacker group intensified its campaign against political targets in the US. Citing “six American and Dutch sources who are familiar with the material, but wish to remain anonymous”, De Volkskrant said that the AIVD was able to detect the physical base of the Cozy Bear hackers. The latter appeared to be working out of an academic facility that was adjacent to Moscow’s Red Square. The AIVD team was then able to remotely take control of security camera networks located around the facility. Eventually, the Dutch team hacked into another security camera network located inside the buildings in which the hackers worked. They soon began to collect pictures and footage of Cozy Bear members, which they then compared with photos of “known Russian spies”, according to De Volkskrant.

The paper said that the AIVD team continued to monitor Cozy Bear’s activities until at least 2017, while sharing intelligence with the Central Intelligence Agency and the National Security Agency in the US. The intelligence was allegedly instrumental in alerting US spy agencies about Russian government-sponsored efforts to meddle in the 2016 presidential election. Several newspapers, including The Washington Post in the US and The Independent in Britain, contacted the AIVD and the MIVD —Holland’s military intelligence agency— over the weekend. But the two agencies said they would not comment on reports concerning Cozy Bear.

Author: Joseph Fitsanakis | Date: 29 January 2018 | Research credit: E.J. & E.K. | Permalink

Headstone for unmarked grave of Nazi spy who died undetected in wartime Britain

Jan Willem Ter BraakThe unmarked grave of a Dutch-born Nazi spy, who killed himself after spending several months working undercover in wartime Britain, will be marked with a headstone, 76 years after his death by suicide. Born in 1914 in The Hague, Holland, Englebertus Fukken joined the National Socialist Movement in the Netherlands, the Dutch affiliate of the National Socialist German Workers’ Party led by Adolf Hitler, in 1933. In 1940, shortly after the German invasion of Holland, Fukken, who had been trained as a journalist, was recruited by the Abwehr, Nazi Germany’s military intelligence. Abwehr’s leadership decided to include Fukken in the ranks of undercover agents sent to Britain in preparation for Operation SEA LION, Germany’s plan to invade Britain.

Between October 31 and November 2, 1940, the 26-year-old Fukken was secretly parachuted over the Buckinghamshire village of Haversham in central England. British authorities found his discarded parachute a few days later, but by that time Fukken had made his way on foot to the city of Cambridge. Fukken’s precise mission remains unknown. Speculation that he was sent to Britain to assassinate the country’s wartime leader, Sir Winston Churchill, is dismissed as fantastical by most historians. What is known is that Fukken carried with him false Dutch papers identifying him as Jan Willem Ter Braak, and a suitcase that contained a radio transmitter supplied to him by the Abwehr.

In Cambridge, Fukken took lodgings with a local family, posing as a member of the Free Dutch Forces, anti-Nazi Dutch officials who had fled to London after the German invasion of Holland and formed a government in exile. Fukken spent the next four months living undercover in Cambridge, and did not register with the authorities, as required. He traveled on most days to locations in England bombed by the Luftwaffe, inspecting the damage and reporting back to his Abwehr handlers in Hamburg by radio or by mail, using secret writing techniques. But his failure to register with the authorities meant that he had no access to ration cards, which were required to purchase food in wartime Britain. He then attracted the attention of the local authorities, after presenting them with a forged ration card that was detected during inspection by a police officer. Fearing arrest, he quickly moved lodgings, but was unable to solve the problem of access to food. Repeated attempts to get the Abwehr to exfiltrate him failed, and his calls for money and usable ration cards were not facilitated, as the Nazi leadership in Berlin had begun to shelve Operation SEA LION. Read more of this post

Holland suspends its ambassador to China due to suspected honey trap

Holland Embassy in ChinaThe Dutch government has suspended its ambassador to China and has launched an official investigation into an alleged secret relationship between the ambassador and a female Chinese employee at the Dutch embassy. The ambassador, Ron Keller, is a career diplomat and senior member of the Dutch foreign service corps, who has served in Russia and Turkey among other international posts. He assumed duties as Holland’s ambassador to China in late 2015. In December of that year, he arrived in Beijing and took command of one of the largest Dutch embassies in the world.

Last weekend, however, Dutch newspaper De Telegraaf reported that Keller had been suspended from his post after it was alleged that he had a secret affair with an employee at the embassy. The employee, whose name has not been released, is reportedly a female Chinese national. Her position at the embassy is not known, but is thought to be of a clerical nature. Foreign diplomats stationed in China —whether married or single— are routinely warned to avoid having intimate relationships with Chinese nationals due to concerns that the latter may be in the service of Chinese intelligence. Some refer to this practice as a ‘honey trap’.  In 2011, Taiwan suffered its most serious espionage case in over half a century when it was revealed that the director of the Taiwanese military’s Office of Communications and Information fell for a “tall, beautiful and chic” Chinese female operative, who held an Australian passport, but later turned out to be a Chinese intelligence officer. In 2014, a leaked British military report warned United Kingdom government officials of attempts by Chinese intelligence services to compromise them using sexual entrapment.

De Telegraaf said it contacted the Dutch Ministry of Foreign Affairs about Keller’s suspension. In a statement, the ministry confirmed the diplomat’s suspension but said that it could not comment on the case. The newspaper reported that Keller is currently back in Holland and that his return to Beijing in an official capacity is not likely.

Author: Joseph Fitsanakis | Date: 19 October 2016 | Permalink

Dutch technical experts helped US bug foreign embassies in Cold War

Great Seal bugA tightly knit group of Dutch technical experts helped American spies bug foreign embassies at the height of the Cold War, new research has shown. The research, carried out by Dutch intelligence expert Cees Wiebes and journalist Maurits Martijn, has brought to light a previously unknown operation, codenamed EASY CHAIR. Initiated in secret in 1952, the operation was a collaboration between the United States Central Intelligence Agency and a small Dutch technology company called the Nederlands Radar Proefstation (Dutch Radar Research Station).

According to Dutch website De Correspondent, which published a summary of the research, the secret collaboration was initiated by the CIA. The American intelligence agency reached out to the Dutch technical experts after interception countermeasures specialists discovered a Soviet-made bug inside the US embassy in Moscow. The bug, known as ‘the Thing’, had been hidden inside a carved wooden ornament in the shape of the Great Seal of the United States. It had been presented as a gift to US Ambassador W. Averell Harriman by the Young Pioneer organization of the Soviet Union in 1945, in recognition of the US-Soviet alliance against Nazi Germany in World War II. But in 1952, the ornament, which had been hanging in the ambassador’s office in Moscow for seven years, was found to contain a cleverly designed listening device. The bug had gone undetected for years because it contained no battery and no electronic components. Instead it used what are known as ‘passive techniques’ to emit audio signals using electromagnetic energy fed from an outside source to activate its mechanism.

Wiebes and Martijn say the CIA reached out to the Dutch in 1952, soon after the discovery of ‘the Thing’, in fear that “the Soviets were streets ahead of the Americans when it came to eavesdropping technology”. According to the authors, the approach was facilitated by the BVD, the Cold War predecessor of the AIVD, Holland’s present-day intelligence agency. In the following years, technical specialists in the Netherlands produced the West’s answer to ‘the Thing’ —a device which, like its Soviet equivalent, used ‘passive techniques’ to emit audio signals. Moreover, the Americans are believed to have used the Dutch-made device to but at least two foreign embassies in The Hague, the Soviet Union’s and China’s, in the late 1950s and early 1960s.

The work by Wiebes and Martijn was initially published in Dutch by De Correspondent in September of last year. An English-language version of the article, which was published in December, can be read here.

Author: Joseph Fitsanakis | Date: 06 January 2016 | Permalink

Dutch crime investigator charged with spying for organized criminals

AIVD HollandA 28-year-old criminal investigator of the Dutch National Crime Squad was arrested by Dutch police on September 29 over allegations of corruption, neglect of duty, and money laundering. The man, named as Mark M., applied for a job at the Dutch police in 2009. According to an online résumé, M. dropped out of professional college in journalism after several years of being self-employed as a freelance reporter covering crime issues.

According to Dutch media, M. did not pass the security screening carried out by the General Intelligence and Security Service (AIVD) as part of the job application. But he was hired nonetheless as trainee in a less sensitive position that is not subject to security screening by the AIVD. The reported reason for M.’s failure to pass the screening process is that he is married to a Ukrainian woman. The AIVD has no intelligence-sharing relationship with its Ukrainian counterpart agency concerning security screenings.

M. is reported to have access to the files “of all large national criminal investigations”, and allegedly sold information on a large scale to drug organizations and criminal biker gangs. He is reported to have close ties with leaders of the biker gangs Satudarah and No Surrender.

Newspaper NRC Handelsblad, which first reported about M., states that the screening involved an investigation into M.’s social environment and personal finances. Television news service RTL Nieuws, which was the first to publicly name the man, reports that M. stood out for his luxurious lifestyle: driving a Porsche Cayenne, frequenting Curaçao and the Dominican Republic for holidays, and wearing expensive watches. During a search of his residence, the police found €235.000 ($266,266), as well as confidential police information that M. allegedly intended to sell.

The police is investigating the extent of the damage caused by M., as well as the precise investigations that he may have compromised. The question of why M. was hired despite not having passed the security screening is part of the investigation. It is, so far, believed that M. acted alone.

Addendum, Nov. 4, 2015: Pending a security clearance from the AIVD, M. was granted access to BlueView, a confidential police data search engine. When the AIVD refused to issue a security clearance, M. was transferred to the traffic department, but superiors failed to revoke his access to BlueView. In 2007, BlueView contained 55 million documents containing data about suspects, transcripts of interrogations and police reports. M.’s authorization level included access to information from the Criminal Intelligence Unit (CIE), that works with informants. M. was able to access BlueView for close to four years.

Author: Matthijs Koot | Date: 20 October 2015 | Permalink