Russian actors had access to Dutch police computer network during MH17 probe

June 17, 2021 by Leave a comment

Flight MH17

Russian hackers compromised the computer systems of the Dutch national police while the latter were conducting a criminal probe into the downing of Malaysia Airlines Flight 17 (MH17), according to a new report. MH17 was a scheduled passenger flight from Amsterdam to Kuala Lumpur, which was shot down over eastern Ukraine on July 17, 2014. All 283 passengers and 15 crew on board, 196 of them Dutch citizens, were killed.

Dutch newspaper De Volkskrant, which revealed this new information last week, said the compromise of the Dutch national police’s computer systems was not detected by Dutch police themselves, but by the Dutch General Intelligence and Security Service (AIVD). The paper said that neither the police nor the AIVD were willing to confirm the breach, but added that it had confirmed the breach took place through multiple anonymous sources.

On July 5, 2017, the Netherlands, Ukraine, Belgium, Australia and Malaysia announced the establishment of the Joint Investigation Team (JIT) into the downing of flight MH-17. The multinational group stipulated that possible suspects of the downing of flight MH17 would be tried in the Netherlands. In September 2017, the AIVD said it possessed information about Russian targets in the Netherlands, which included an IP address of a police academy system. That system turned out to have been compromised, which allowed the attackers to access police systems. According to four anonymous sources, evidence of the attack was detected in several different places.

The police academy is part of the Dutch national police, and non-academy police personnel can access the network using their log-in credentials. Some sources suggest that the Russian Foreign Intelligence Service (SVR) carried out the attack through a Russian hacker group known as APT29, or Cozy Bear. However, a growing number of sources claim the attack was perpetrated by the Main Directorate of the Russian Armed Forces’ General Staff, known commonly as GRU, through a hacker group known as APT28, or Fancy Bear. SVR attackers are often involved in prolonged espionage operations and are careful to stay below the radar, whereas the GRU is believed to be more heavy-handed and faster. The SVR is believed to be partly responsible for the compromise of United States government agencies and companies through the supply chain attack known as the SolarWinds cyber attack, which came to light in late 2020.

Russia has tried to sabotage and undermine investigation activities into the MH17 disaster through various means: influence campaigns on social media, hacking of the Dutch Safety Board, theft of data from Dutch investigators, manipulation of other countries involved in the investigation, and the use of military spies. The Dutch police and public prosecution service were repeatedly targeted by phishing emails, police computer systems were subjected to direct attacks, and a Russian hacker drove a car with hacking equipment near the public prosecution office in Rotterdam.

The above efforts are not believed to have been successful. But the attack that came to light in September 2017 may have been. The infected police academy system ran “exotic” (meaning uncommon) software, according to a well-informed source. The Russians reportedly exploited a zero day vulnerability in that software. After the incident, the national police made improvements in their logging and monitoring capabilities, and in their Security Operations Center (SOC). It is not currently known how long the attackers had access to the national police system, nor what information they were able to obtain.

Author: Matthijs Koot | Date: 17 June 2021 | Permalink

Filed under A specialized intelligence website written by experts, since 2008 Tagged with , , , , , , , , , ,

Ukraine, Russia, spied on Dutch investigators of MH17 plane disaster, TV report claims

June 28, 2018 by 1 Comment

MH17 crashDozens of Dutch security officers, legal experts, diplomats and other civil servants were systematically spied on by Ukrainian and Russian intelligence services while probing the aftermath of the MH17 disaster, according to a report on Dutch television. Malaysia Airlines Flight 17, a scheduled passenger flight from Amsterdam to Kuala Lumpur, was shot down over eastern Ukraine on July 17, 2014. All 283 passengers and 15 crew on board, 196 of them Dutch citizens, were killed. In the aftermath of the disaster, the Dutch Safety Board spearheaded the establishment of the multinational Joint Investigation Team (JIT), which is still engaged in a criminal probe aimed at identifying, arresting and convicting the culprits behind the unprovoked attack on Flight MH17. As part of the JIT, dozens of Dutch officials traveled to Ukraine to initiate the investigation into the plane crash and repatriate victims’ bodies and belongings. Their activities were conducted with the support of the Ukrainian government, which is party to the JIT.

But on Tuesday, Holland’s RTL Niews broadcaster said that members of the Dutch JIT delegation were subjected to systematic and persistent spying by both Ukrainian and Russian government operatives. According to RTL, Dutch investigators found sophisticated eavesdropping devices in their hotel rooms in Ukraine, and believed that their electronic devices had been compromised. Citing “inside sources” from the Dutch government, the broadcaster said that, during their stay in Ukraine, members of the Dutch JIT delegation noticed that the microphones and cameras on their wireless electronic devices would turn on without being prompted. They also noticed that the devices would constantly try to connect to public WiFi networks without being prompted. Upon their return to Holland, Dutch officials had their wireless devices examined by Dutch government security experts. They were told that numerous malware were discovered on the devices.

RTL Niews said that the question of whether valuable information relating to the MH17 investigation was stolen by foreign spies remains unanswered. But it noted that the members of the Dutch JIT delegation were warned about possible espionage by foreign powers prior to traveling to Ukraine. During their stay there, they were not allowed to send messages in unencrypted format and were only permitted to hold sensitive conversations in especially designated rooms inside the Dutch embassy in Kiev. The Dutch government did not respond to questions submitted to it by RTL Niews. But it issued a statement saying that its security experts had briefed and trained the Dutch JIT delegation prior to its trip to Ukraine. Members of the delegation were told that foreign parties would seek to collect intelligence, because the MH17 investigation was taking place in a “conflict area with significant geopolitical interest” for many parties. They were therefore advised to “assume that they were being spied on [and] adjust [their] behavior accordingly” while in Ukraine, the Dutch government’s statement said.

Author: Ian Allen | Date: 28 June 2018 | Permalink

Filed under A specialized intelligence website written by experts, since 2008 Tagged with , , , , , , ,

Informant ‘got $47m reward’ for clues on MH17 downing over Ukraine

June 18, 2015 by 1 Comment

MH17 crashA German investigator, who is probing the downing of a civilian airliner over Ukraine nearly a year ago, says that an informant has claimed a multimillion reward for information pointing to those responsible for the attack. The investigator, Josef Resch, of Lübeck, Germany, says that a binding non-disclosure agreement does not allow him to reveal his client, who offered the $47 million reward. But he told German business magazine Capital that he is hopeful his client will soon reveal the details, since “people who pay that kind of money in exchange for information do not keep it for themselves”. However, he also hinted that his client may be an intelligence agency, who may decide to “deal with the matter without fanfare”.

Resch was speaking in reference to the murder of 295 people in July 2014, who died when the Malaysia Airlines Boeing 777-200 they were on was shot down 1 near the Ukrainian city of Donetsk. The city has a large Russian population and constitutes a major front in the current War in Donbass, which is being fought between the Ukrainian government and pro-Russian Ukrainians. For that reason, the downing of MH17 has become politically contentious: the United States claims 2 that it was shot down by Russian-supported rebels, while Russia accuses 3 the Ukrainian Air Force of deliberately firing on the airliner in order to blame the rebels.

If Resch’s claim is accurate, it would mean that someone with inside knowledge about the identity of the shooters has has come forward with crucial information about the killing of nearly 300 civilians over Donetsk. The size of the award also implies that those offering it are prepared to take some form of action in response to the information. Capital notes 4 that the multimillion award is higher than the amount offered in the past by the government of the United States for information leading to the capture of Osama bin Laden.

Resch told Capital that he is not certain whether the anonymous informant was able to claim the entire reward amount, or just part of it. He also said that he never came in direct contact with the informant, as the latter was represented “by a Swiss middleman” throughout the negotiations.

Author: Ian Allen | Date: 18 June 2015 | Permalink: https://intelnews.org/2015/06/18/01-1717/

  1. J. FITSANAKIS “Ukraine rebels ‘admit downing Malaysia plane’ in phone intercepts” intelNews [18jul2014] 
  2. I. ALLEN “US spies say incriminating flight MA17 recordings are genuine” intelNews [24jul2014] 
  3. I. ALLEN “Russia says it traced Ukraine fighter jet near downed Malaysia plane” intelNews [22jul2014 
  4. J. BRAMBUSCH “Informant zu MH 17 packt aus” Capital [15jun2015] 

Filed under A specialized intelligence website written by experts, since 2008 Tagged with , , , , , ,

US spies say incriminating flight MH17 recordings are genuine

July 24, 2014 by 4 Comments

Malaysia Airlines crash site near DonetskBy IAN ALLEN | intelNews.org
American intelligence officials said on Tuesday that the intercepted conversations between pro-Russian rebels in Ukraine, in which they admit shooting down a plane at approximately the same time Malaysian Airlines Flight 17 crashed in eastern Ukraine, are “authentic”. The officials were speaking on condition of anonymity at a press briefing in Washington, organized by the United States government to provide its own take on the tragic incident, which killed almost 300 people last week. On Monday, Russian military officials said Moscow had evidence that a Ukrainian fighter jet was trailing the civilian airliner shortly before it crashed. But American officials told reporters on Tuesday that satellite images, voice traffic, as well as information gathered from social media used by pro-Russian rebels in Ukraine, “point overwhelmingly” to direct rebel responsibility for the attack. The officials said that the possibility that Ukrainian military forces might have shot down the plane was “not a plausible scenario”, because Kiev had “no antiaircraft missile system within range of the Malaysian flight at the time it was struck”. They added that photos from the crash site showed damage consistent with that caused by a Russian-made SA-11 missile, though they stressed that the data backing this assertion is still preliminary. They also pointed out, however, that US intelligence experts had verified the authenticity of the intercepted telephone conversations released shortly after the plane disaster by the Security Service of Ukraine. The voices in the recordings are allegedly those of senior pro-Russian rebel commanders, as well as of officials in Russia’s Main Intelligence Directorate of the General Staff, known commonly as GRU. In one conversation, recorded 20 minutes after the Malaysia Airlines plane was shot down, Igor Bezler, a leading commander of the self-proclaimed Donetsk People’s Republic, tells GRU Colonel Vasily Geranin: “We have just shot down a plane […]. It fell down beyond Yenakievo”. Read more of this post

Filed under A specialized intelligence website written by experts, since 2008 Tagged with , , , , , , ,

Russia says it traced Ukraine fighter jet near downed Malaysia plane

July 22, 2014 by Leave a comment

General Kartopolov (left) speaking in MoscowBy IAN ALLEN | intelNews.org
Russian government officials have made a presentation in Moscow showing alleged evidence of a Ukrainian fighter jet, which they claim was trailing a civilian airliner that crashed on Thursday in eastern Ukraine. All 295 people onboard the Malaysia Airlines Boeing 777-200, which came down in a field east of the city of Donetsk, were killed. Last week, Ukrainian intelligence sources released telephone intercepts said to contain direct admissions by pro-Russian rebels that they shot down the civilian airliner. But Russian defense officials fought back on Monday with a hi-tech news conference in Moscow, which included several slides, charts and images relating to the airline disaster over Donetsk. The media briefing, which was specifically called to showcase Moscow’s take on the incident, featured two senior-ranking officials from the Russian general staff. One of the presenters, Lieutenant-General Andrei Kartopolov, told the gathered reporters that the government of Ukraine was most likely behind the plane’s downing. He said Russian radars showed the Malaysian Airlines plane had been forced to “deviate from its route to the north” for up to “14 kilometers” (10 miles). He added that the plane was all the while being trailed by an SU-25 fighter jet belonging to the Ukrainian government, which Russian radars indicated was flying at a distance of “three to five kilometers” (3 miles) from the civilian airplane. Kartopolov stressed that the SU-25 fighter jets are typically armed with air-to-air missiles. Pointing to a series of graphs showing radar activity around Donetsk, the Russian general stated that Ukrainian radar stations had also displayed “unusual activity” in the hours preceding the attack on the civilian airliner. He told reporters that the Russian Ministry of Defense had evidence that “the intensity of the operation of Ukrainian radar stations increased to the maximum” during the time period surrounding the fateful attack on the plane. Read more of this post

Filed under A specialized intelligence website written by experts, since 2008 Tagged with , , , , , , ,

Ukraine rebels ‘admit downing Malaysia plane’ in phone intercepts

July 18, 2014 by 15 Comments

Malaysia Airlines crash site near DonetskBy JOSEPH FITSANAKIS | intelNews.org
Ukrainian intelligence has released telephone intercepts said to contain direct admissions by pro- Russian rebels that they shot down a civilian airliner that crashed on Thursday in eastern Ukraine. All 295 people onboard the Malaysia Airlines Boeing 777-200, which came down in a field east of the city of Donetsk, are presumed dead. An American intelligence official told the Associated Press, on condition of anonymity, that Washington is certain the airliner was brought down by a surface-to-air missile. Late on Thursday, Valentyn Nalivaichenko, director of the Security Service of Ukraine (SSU), said in a press conference that his agency had conclusive evidence showing that pro-Russian rebels had shot down the plane. Nalivaichenko said the evidence included recordings of telephone conversations between rebel commanders and Russian intelligence officers, which were intercepted just minutes after the plane was brought down. During Nalivaichenko’s press conference, the SSU published the intercepted conversations on YouTube with subtitles in English, French, German and Polish. The videos identify some of the participants in the conversations, including Igor Bezler, a leading commander of the self-proclaimed Donetsk People’s Republic, and Vasily Geranin, who is said to be a Colonel in Russia’s Main Intelligence Directorate of the General Staff, known commonly as GRU. In one phone call, allegedly made at 4:40 Kiev time, 20 minutes after the Malaysia Airlines plane was shot down, Bezler appears to tell Geranin: “We have just shot down a plane […]. It fell down beyond Yenakievo”. In a subsequent intercept, another rebel commander calls a Russian intelligence officer from the site of the crash to report that the downed plane appeared to be civilian, not military, as originally thought, and that the crash site was filled with casualties. “It’s 100 percent a passenger aircraft”, he reports, adding that there are no weapons visible on site: “absolutely nothing. Civilian items, medicinal stuff, towels, toilet paper”, he says. Read more of this post

Filed under A specialized intelligence website written by experts, since 2008 Tagged with , , , , , , , , , , , ,