Dutch spy services have restricted intelligence-sharing with the United States: report

October 20, 2025 by 15 Comments

Mark Rutte NATO TrumpINTELLIGENCE SERVICES IN THE Netherlands have restricted intelligence-sharing with their United States counterparts due to political developments in Washington, according to two leading Dutch intelligence officials. This development—which may typify Europe’s current approach to transatlantic intelligence-sharing—was confirmed last week by the heads of the Netherlands’ two largest intelligence agencies in a joint interview with De Volkskrant newspaper.

The joint interview was given to De Volkskrant by Erik Akerboom, director of the General Intelligence and Security Service (AIVD), and Peter Reesink , director of the General Intelligence and Security Service (MIVD)—AIVD’s civilian military counterpart.

Both men stressed that inter-agency relations between Dutch and American intelligence organizations remain “excellent”. However, they added that the Netherlands has grown more selective about what it chooses to share with American intelligence agencies—particularly the Central Intelligence Agency and the National Security Agency. “That we sometimes don’t share things anymore, that’s true,” Reesink said, referring to sharing information with American intelligence agencies. Akerboom added: “sometimes you have to think case by case.” He went on to say: “We can’t say what we will or won’t share. But we can say that we are more critical.”

According to the two senior officials, Dutch spies have been intensifying intelligence cooperation and sharing with their European counterparts. This is particularly applicable to a collection of central and northern European intelligence services from countries like Scandinavia, France, Germany, the United Kingdom, and Poland, according to De Volkskrant.

Author: Ian Allen | Date: 20 October 2025 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , ,

Dutch prime minister bans wireless devices from meetings to ward off espionage

September 2, 2024 by 2 Comments

Dick SchoofTHE NETHERLANDS’ NEW PRIME minister has officially banned the use of all wireless devices from cabinet meetings, reportedly to defend against espionage operations from foreign actors. The move comes following warnings by Dutch intelligence services that the country is being targeted by Russian and Chinese spies with more intensity than at any time since the Cold War.

The current Dutch government, led by the far-right Freedom Party (PVV), was formed following the general election of November 2023. Although the PVV, headed by populist Geert Wilders, emerged as the leading political force in the Netherlands with 23% of the vote, it found it difficult to form a governing coalition. In June of this year, following lengthy negotiations, a rightwing coalition was formed between the PVV, the People’s Party for Freedom and Democracy (VVD), the Farmer-Citizen Movement (BBB), and the New Social Contract (NSC).

A key feature of the agreement was that none of the individual parties’ leaders, including Wilders, could serve as prime minister. Instead, the three parties settled on Dick Schoof as a form of compromise. The 67-year-old Schoof led the Netherlands’ Immigration and Naturalization Service from 1999 until he was appointed to head the Ministry of Security and Justice in 2010. From 2013 to 2018, he became the National Coordinator for Security and Counterterrorism —the Netherlands’ main counter-terrorism unit, which operates as part of the Ministry of Security and Justice.

In 2018, Schoof was appointed director-general of the General Intelligence and Security Service (AIVD), the nation’s primary intelligence agency. The AIVD is tasked with foreign and domestic duties, as well as signals intelligence. Prior to his prime ministerial post, the culmination in Schoof’s career as a public servant came with his appointment as secretary-general of the Ministry of Justice and Security, in 2020. In 2021, after 30 years of being a member, Schoof officially left the Labor Party (PvdA), the Netherlands’ mainstream social-democratic, left-of-center political party. In subsequent public comments he appeared to endorse the PVV, but never officially joined it.

Speaking to reporters last week, Schoof said he was “taking a different approach” to security at cabinet meetings, which was “based on his former job in the intelligence community”. He added, “maybe I have a bit more experience with that sort of thing” and stressed that banning wireless devices from cabinet meetings was “a completely natural measure” for him. Members of the Dutch cabinet “agreed immediately” with the new measure, said the new prime minister.

Author: Joseph Fitsanakis | Date: 02 September 2024 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , ,

Former director of Dutch intelligence service sworn in as prime minister

July 4, 2024 by 2 Comments

AIVD HollandTHE FORMER DIRECTOR OF the Netherlands’ intelligence service has been sworn in as prime minister at the head of a rightwing coalition government that has pledged to radically reform the nation’s immigration system. The appointment of Dick Schoof brings an end to a seven-month deadlock that resulted from the general election of November 2023. The far-right Freedom Party (PVV), headed by populist Geert Wilders, emerged as the leading political force with 23% of the vote. However, it subsequently found it difficult to form a governing coalition.

Last month, following prolonged negotiations, a rightwing coalition was formed between the PVV, the People’s Party for Freedom and Democracy (VVD), the Farmer–Citizen Movement (BBB), and the New Social Contract (NSC). A key feature of the agreement is that none of the individual parties’ leaders, including Wilders, can serve as prime minister. Instead, the three parties settled on Schoof as a form of compromise.

The 67-year-old Schoof led the Netherlands’ Immigration and Naturalization Service from 1999 until he was appointed to head the Ministry of Security and Justice in 2010. From 2013 to 2018, he became the National Coordinator for Security and Counterterrorism –the Netherlands’ main counter-terrorism unit, which operates as part of the Ministry of Security and Justice. In 2018, Schoof was appointed director-general of the General Intelligence and Security Service (AIVD), the nation’s primary intelligence agency that is tasked with foreign and domestic duties, as well as signals intelligence. Prior to his prime ministerial post, the culmination in Schoof’s career as a public servant came with his appointment as secretary-general of the Ministry of Justice and Security, in 2020.

In 2021, after 30 years of being a member, Schoof officially left the Labor Party (PvdA), the Netherlands’ mainstream social-democratic, left-of-center political party. In subsequent public comments he appeared to endorse the PVV, but never officially joined it. In his first comments since swearing in as prime minister, Schoof said he intends to govern “on behalf of all citizens of the Netherlands”, adding that his work will not be influenced by Wilders and the PVV. Schoof went on to say that his government intends to implement the most stringent immigration and asylum policy in Dutch history. There are also reports that Schoof’s government is considering a plan to move the Dutch embassy in Israel from its current location in Tel Aviv to Jerusalem.

Author: Joseph Fitsanakis | Date: 04 July 2024 | Research credit: C.E. | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , ,

Russia covertly mapping key energy infrastructure for sabotage, Dutch report warns

February 21, 2023 by 2 Comments

AIVD HollandTHE RUSSIAN INTELLIGENCE SERVICES are “covertly mapping” the energy infrastructure of the North Sea, in preparation for acts of disruption and sabotage, according to a new report form the Dutch government. The 32-page report was published this week, ahead of the one-year anniversary of the 2022 Russian invasion of Ukraine. It was authored collaboratively by the two main intelligence agencies of the Netherlands, the General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD).

The report notes that Russian spy ships, drones, satellites and human agents are engaged in an unprecedented effort to chart the energy and other “vital marine infrastructure” of the North Sea. The purpose of this effort is to understand how the energy and other key infrastructure works in the North Sea. The term North Sea refers to the maritime region that lies between France, Belgium, the Netherlands, Germany, Denmark, Norway and the United Kingdom. It hosts key energy infrastructure, including oil, natural gas, wind and wave power installations, which supply energy to much of northern Europe.

According to the report, Russian intelligence and espionage activities in the North Sea “indicate preparatory acts of disruption and sabotage. These appear to be aimed at energy systems, but also other vital infrastructure, such as undersea power and communication cables, and even drinking water facilities. Consequently, physical threats toward any and all of these facilities should be viewed as conceivable, the report warns.

On Saturday, the Dutch government said it would expel an undisclosed number (believed to be at least ten) of Russian diplomats. It also accused Moscow of engaging in constant efforts to staff its diplomat facilities in the Netherlands with undercover intelligence officers. On the same day, the Dutch government said it would shut down its consulate in Russia’s second-largest city, St. Petersburg, and ordered Russia to shut down its trade mission in the port city of Amsterdam.

Author: Joseph Fitsanakis | Date: 21 February 2023 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , ,

More on Russian alleged spies expelled from the Netherlands and Belgium

October 20, 2022 by 2 Comments

Kremlin KootAs intelNews reported earlier this week, a joint investigative effort by Dutch and Belgian media exposed details about a group of alleged Russian intelligence officers, who were expelled by Belgium and The Netherlands in March 2022. Dutch state broadcaster NOS and its flagship current affairs program, Nieuwsuur, aired the names, photos and backgrounds of 17 Russian intelligence officers, who were expelled from the Netherlands in March of this year. According to the Dutch government, the expelled diplomats were involved in counterintelligence and in espionage targeting the country’s high-tech sector.

According to the reports, at least 20 Russian official-cover officers were active in the Netherlands in early 2022. The reporters said they spoke with intelligence sources and the Dossier Center. That organization is financed by banned Russian oligarch and Putin critic Mikhail Khodorkovsky, and claims to have access to leaked databases that contain information about the education and background of Russian intelligence officers.

Eight of the expelled officers work for the Russian Foreign Intelligence Service (SVR), while the other nine work for the Main Directorate of the Russian Armed Forces’ General Staff (GRU). Some of them presented themselves as trade representatives in Amsterdam, as military attachés, or as diplomats at the Organisation for the Prohibition of Chemical Weapons. Read more of this post

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , ,

Journalists reveal names of Russian diplomats expelled by Netherlands for espionage

October 17, 2022 by 1 Comment

SVR hq

AN INVESTIGATION BY A consortium of journalists from the Netherlands and Belgium has revealed the identities of 17 Russian diplomats, who were expelled in April by Dutch authorities for allegedly engaging in espionage. The expelled diplomats were among hundreds of members of the Russian diplomatic corps, who were expelled from all over Europe in March and April of this year, in response to Russia’s invasion of Ukraine.

As intelNews reported on April 4, the diplomats who were expelled from the Netherlands were serving at the Russian embassy in The Hague. Some of them also represented Russia at the Organization for the Prohibition of Chemical Weapons (OPCW) headquarters in The Hague. Russia responded on April 19, by announcing the expulsion of 15 Dutch diplomats from the embassy of the Netherlands in Moscow. As is customary in such cases, neither the Netherlands nor Russia revealed the names of the expelled diplomats.

Now, however, the identities of the expelled Russian diplomats have been revealed, thanks to an investigation by of a group of Dutch and Belgian journalists. The investigation was conducted under the auspices of the Dossier Center, a London-based Russian-language organization that specializes in investigative reporting. The conclusions of the invesgitation were first reported by Belgian newspaper De Tijd and by Netherlands public television, NOS.

According to the investigation, eight of the 17 expelled Russian diplomats were employees of the Russian Foreign Intelligence Service, known as SVR. The remaining nine were employed by the Main Directorate of the Russian Armed Forces’ General Staff, which is commonly known as GRU. At least six of the expelled diplomats worked as encryption specialists. They handled the communications systems that the Russian intelligence personnel who were stationed in the Netherlands used in order to exchange secret information with Moscow. A smaller number worked in counterintelligence, and were tasked with preventing efforts by adversary intelligence services to recruit Russian diplomatic personnel stationed in the Netherlands.

The report by the Dossier Center includes information about the identities of the Russian diplomats, as well as photographs and detailed biographical data about their background. According to the authors of the report, all information included in the report was collected from open sources, including from social media accounts that were maintained by the expelled Russian diplomats.

Author: Joseph Fitsanakis | Date: 17 October 2022 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , ,

Dutch intelligence disrupts Russian effort to infiltrate International Criminal Court

June 16, 2022 by 1 Comment

International Criminal CourtON JUNE 16, THE Dutch General Intelligence and Security Service (AIVD) announced that it prevented a Russian military intelligence officer from gaining access as an intern to the International Criminal Court (ICC) in The Hague. The ICC is of interest to the GRU because it investigates possible war crimes committed by Russia in the Russo-Georgian War of 2008 and more recently in Ukraine.

The GRU officer reportedly traveled from Brazil to Schiphol Airport in Amsterdam in April 2022, using a Brazilian cover identity, making him a so-called “illegal”. This means the intelligence operative was not formally associated with a Russian diplomatic facility. He allegedly planned to start an internship with the ICC, which would have given him access to the ICC’s building and systems. This could have enabled the GRU to collect intelligence, spot and recruit sources, and possibly influence criminal proceedings inside the ICC.

On his arrival at Schiphol, the AIVD informed the Dutch Immigration and Naturalization Service (IND), after which the officer was refused entry to the Netherlands and put on the first plane back to Brazil as persona non grata. The AIVD assessed the officer as a “potentially very serious” threat to both national security and the security of the ICC and Holland’s international allies, due to his access to the organization.

In a first-ever for the AIVD, the agency also released the contents of a partially redacted 4-page document that describes the “extensive and complex” cover identity of the officer. It was originally written in Portuguese, “probably created around mid-2010” and “likely written” by the officer himself. According to the AIVD, the information provides valuable insight into his modus operandi. The cover identity hid any and all links between him and Russia. According to the AIVD, the construction of this kind of cover identity “generally takes years to complete”.

In the note accompanying the document, the AIVD says that Russian intelligence services “spend years” on the construction of cover identities for illegals, using “information on how other countries register and store personal data”. Alternatively, they illegally procure or forge identity documents. Information in the cover identity “can therefore be traceable to one or more actual persons, living or dead” as well as to forged identities of individuals “who only exist on paper or in registries of local authorities”.

AuthorMatthijs Koot | Date: 17 June 2022 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , ,

Several EU member states expel dozens of Russian diplomats for suspected espionage

April 4, 2022 by 1 Comment

Russian Embassy PragueA WEEK AFTER POLAND announced the expulsion of 45 Russian diplomats, the foreign ministries of Belgium, the Czech Republic, Ireland and the Netherlands announced on March 29, 2022 that they would expel Russian diplomats. A day later, Slovakia followed up by announcing it will expel 35 Russian diplomats. On Monday, April 4, France, Germany and Lithuania followed suit with dozens of expulsions.

The German federal government announced it will expel 40 Russian diplomats who, according to minister of foreign affairs Annalena Baerbock, “worked every day against our freedom and against the cohesion of our society”, and are “a threat to those who seek our protection”. The persons involved have five days to leave Germany. Later that day, France announced it will expel “many” Russian diplomats “whose activities are contrary to our security interests”, adding that “this action is part of a European approach”. No further details are known at this time.
Furthermore, Lithuania ordered the Russian ambassador to Vilnius to leave the country, and announced their ambassador to Ukraine will return to Kyiv. In an official statement, foreign minister Gabrielius Landsbergis said Lithuania was “lowering the level of diplomatic representation with Russia, this way expressing its full solidarity with Ukraine and the Ukrainian people, who are suffering from Russia’s unprecedented aggression”. Meanwhile, Latvian minister of foreign affairs Edgars Rinkēvičs announced in a tweet that Latvia will “limit diplomatic relations” with the Russian Federation “taking into account the crimes committed by the Russian armed forces in Ukraine”, and that “specific decisions will be announced once internal procedures have been complete”.

The Czech Republic, which in 2021 called on the European Union (EU) and the North Atlantic Treaty Organization (NATO) to expel Russian diplomats in solidarity against Moscow, announced the expulsion of one diplomat from the Russian embassy in Prague, on a 72-hour notice. In a tweet, the Czech ministry of foreign affairs stated that “Together with our Allies, we are reducing the Russian intelligence presence in the EU”.

Belgium has order the expulsion of 21 diplomats from the Russian embassy in Brussels and consulate in Antwerp. Minister Sophie Wilmès said the measure was taken to protect national security and was unrelated to the war in Ukraine. “Diplomatic channels with Russia remain open, the Russian embassy can continue to operate and we continue to advocate dialogue”, Wilmès said.

The Netherlands will be expelling 17 diplomats from the Russian embassy in The Hague. According to minister Wopke Hoekstra, the diplomats were secretly active as intelligence officers. Hoekstra based this on information from the Dutch secret services AIVD and MIVD. The Russian embassy in The Hague has 75 registered diplomats, of which 58 will remain. Hoekstra says the decision was taken with “a number of like-minded countries”, based on grounds of national security. Like his Belgian colleague, Woekstra adds he wants diplomatic channels with Russia to remain open.

Ireland will be expelling four “senior officials” from the Russian embassy in Dublin, for engaging in activities “not […] in accordance with international standards of diplomatic behaviour”. They were suspected of being undercover military officers of the GRU and were already on the radar of Garda Síochána, the Irish national police and security service, for some time.

Read more of this post

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , , ,

Dutch intelligence disrupt large-scale botnet belonging to Russian spy agency

March 7, 2022 by Leave a comment

GRU KtON MARCH 3, 2022, Dutch newspaper Volkskrant reported that the Dutch Military Intelligence and Security Service (MIVD) took action in response to abuse of SOHO-grade network devices in the Netherlands. The attacks are believed to have been perpetrated by the Main Intelligence Directorate of the General Staff of the Russian Armed Forces (GRU) Unit 74455. The unit, which is also known as Sandworm or BlackEnergy, is linked to numerous instances of influence operations and sabotage around the world.

The devices had reportedly been compromised and made part of a large-scale botnet consisting of thousands of devices around the globe, which the GRU has been using to carry out digital attacks. The MIVD traced affected devices in the Netherlands and informed their owners, MIVD chief Jan Swillens told Volkskrant. The MIVD’s discovery came after American and British [pdf] services warned in late February that Russian operatives were using a formerly undisclosed kind of malware, dubbed Cyclops Blink. According to authorities, the botnet in which the compromised devices were incorporated has been active since at least June 2019.

Cyclops Blink leverages a vulnerability in WatchGuard Firebox appliances that can be exploited if the device is configured to allow unrestricted remote management. This feature is disabled by default. The malware has persistence, in that it can survive device reboots and firmware updates. The United Kingdom’s National Cyber Security Centre describes Cyclops Blink as a “highly sophisticated piece of malware”.

Some owners of affected devices in the Netherlands were asked by the MIVD to (voluntarily) hand over infected devices. They were advised to replace the router, and in a few cases given a “coupon” for an alternative router, according to the Volkskrant. The precise number of devices compromised in the Netherlands is unclear, but is reportedly in the order of dozens. Swillens said the public disclosure is aimed at raising public awareness. “The threat is sometimes closer than you think. We want to make citizens aware of this. Consumer and SOHO devices, used by the grocery around the corner, so to speak, are leveraged by foreign state actors”, he added.

The disclosure can also be said to fit in the strategy of public attribution that was first mentioned in the Netherlands’ Defense Cyber Strategy of 2018. Published shortly after the disclosure of the disruption by MIVD of an attempted GRU attack against the computer network of the OPCW, the new strategy included the development of attribution capabilities, as well as the development of offensive capabilities in support of attribution. It advocates the view that state actors “that are [publicly] held accountable for their actions will make a different assessment than attackers who can operate in complete anonymity”.

Author: Matthijs Koot | Date: 07 March 2022 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , , , ,

Dutch intelligence service warns public about online recruitment by foreign spies

February 15, 2022 by Leave a comment

AIVD HollandLAST WEEK, THE DUTCH General Intelligence and Security Service (AIVD) launched an awareness campaign dubbed ‘Check before connecting’. The purpose of the campaign is to inform the Dutch public about risks of foreign actors using fake accounts on social media, in efforts to acquire sensitive business information. According to the AIVD, such online campaigns frequently target and recruit employees of Dutch private sector companies. The awareness campaign is carried out via Twitter, Instagram and LinkedIn. It is aimed at raising awareness in society at-large. The AIVD will publish a number of fictitious practical examples over time, in order to educate the public.

AIVD director-general Erik Akerboom told Dutch newspaper Het Financieele Dagblad that Dutch and other Western secret services have been surprised by the sheer number of cases in which private sector employees disclosed sensitive information, after being blackmailed or enticed with money to share information. After foreign intelligence operatives make initial contact with their target via LinkedIn, the relationship quickly turns more “personal”, according to Akerboom. The new contact acts flatteringly about the unsuspecting target’s knowledge and competence. “You are asked to translate something. This can be followed by a physical meeting”, he says.

Potential targets are “ranked” by their position in an organization, position in a business network, and level of access to sensitive information. “The rankings determine which persons are prioritized for recruitment attempts”, according to Akerboom. This sometimes involves the creation of fake human resource recruitment agencies, as British, Australian and American intelligence agencies have warned about in the past.

While not a new phenomenon, the scope and effectiveness of foreign infiltration attempts have now reached a scale that has prompted the AIVD to warn the public. China and Russia have made attempts to acquire advanced technology in Western countries, including the Netherlands, via corporate takeovers, digital espionage, and human intelligence operations. Last year, the Netherlands expelled two Russian spies who successfully recruited employees at a number of Dutch high-tech companies. One of the Russians created fake profiles posing as a scientist, consultant and recruiter. The AIVD did not disclose the names of these companies. Read more of this post

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , ,

Hacker behind attack on popular booking site has ties to US intelligence, paper claims

November 12, 2021 by 1 Comment

Booking.comA HACKER WHO TARGETED a major Dutch-based reservations website has ties to intelligence agencies in the United States, according to a new report. The claim was made on Wednesday by three Dutch investigative journalists, Merry Rengers, Stijn Bronzwaer and Joris Kooiman. In a lengthy report published in NRC Handelsblad, Holland’s newspaper of record, the three journalists allege that the attack occurred in 2016. Its target was Booking.com, a popular flight and hotel reservations website, which is jointly owned by Dutch and American venture firms.

The authors argue that the interest Booking.com poses for security services is “no surprise”. The website’s data includes valuable information about “who is  staying where and when, where diplomats are, who is traveling to suspicious countries or regions, where top executives book an outing with their secretary —all valuable information for [the world’s intelligence] services”.

According to the report, the hacker was able to penetrate an insufficiently secured server belonging to Booking.com, and gain access to the accounts of customers, by stealing their personal identification numbers, or PINs. Accordingly, the hacker stole “details of hotel [and flight] reservations” of thousands of Booking.com customers in the Middle East. The report claims that targeted customers included Middle East-based foreign diplomats, government officials and other “persons of interest” to American intelligence.’’

After detecting the breach, Booking.com allegedly conducted an internal probe, which verified that the hacker —nicknamed “Andrew”— had “connections to United States spy agencies”, according to the report. The company then sought the assistance of the Dutch General Intelligence and Security Service (AIVD). At the same time, however, Booking.com consulted with a British-based law firm, which advised it that it was not obligated to make news of the hacker attack public. It therefore chose not to publicize the incident, according to the NRC article.

Author: Joseph Fitsanakis | Date: 12 November 2021 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , ,

Russian actors had access to Dutch police computer network during MH17 probe

June 17, 2021 by Leave a comment

Flight MH17

Russian hackers compromised the computer systems of the Dutch national police while the latter were conducting a criminal probe into the downing of Malaysia Airlines Flight 17 (MH17), according to a new report. MH17 was a scheduled passenger flight from Amsterdam to Kuala Lumpur, which was shot down over eastern Ukraine on July 17, 2014. All 283 passengers and 15 crew on board, 196 of them Dutch citizens, were killed.

Dutch newspaper De Volkskrant, which revealed this new information last week, said the compromise of the Dutch national police’s computer systems was not detected by Dutch police themselves, but by the Dutch General Intelligence and Security Service (AIVD). The paper said that neither the police nor the AIVD were willing to confirm the breach, but added that it had confirmed the breach took place through multiple anonymous sources.

On July 5, 2017, the Netherlands, Ukraine, Belgium, Australia and Malaysia announced the establishment of the Joint Investigation Team (JIT) into the downing of flight MH-17. The multinational group stipulated that possible suspects of the downing of flight MH17 would be tried in the Netherlands. In September 2017, the AIVD said it possessed information about Russian targets in the Netherlands, which included an IP address of a police academy system. That system turned out to have been compromised, which allowed the attackers to access police systems. According to four anonymous sources, evidence of the attack was detected in several different places.

The police academy is part of the Dutch national police, and non-academy police personnel can access the network using their log-in credentials. Some sources suggest that the Russian Foreign Intelligence Service (SVR) carried out the attack through a Russian hacker group known as APT29, or Cozy Bear. However, a growing number of sources claim the attack was perpetrated by the Main Directorate of the Russian Armed Forces’ General Staff, known commonly as GRU, through a hacker group known as APT28, or Fancy Bear. SVR attackers are often involved in prolonged espionage operations and are careful to stay below the radar, whereas the GRU is believed to be more heavy-handed and faster. The SVR is believed to be partly responsible for the compromise of United States government agencies and companies through the supply chain attack known as the SolarWinds cyber attack, which came to light in late 2020.

Russia has tried to sabotage and undermine investigation activities into the MH17 disaster through various means: influence campaigns on social media, hacking of the Dutch Safety Board, theft of data from Dutch investigators, manipulation of other countries involved in the investigation, and the use of military spies. The Dutch police and public prosecution service were repeatedly targeted by phishing emails, police computer systems were subjected to direct attacks, and a Russian hacker drove a car with hacking equipment near the public prosecution office in Rotterdam.

The above efforts are not believed to have been successful. But the attack that came to light in September 2017 may have been. The infected police academy system ran “exotic” (meaning uncommon) software, according to a well-informed source. The Russians reportedly exploited a zero day vulnerability in that software. After the incident, the national police made improvements in their logging and monitoring capabilities, and in their Security Operations Center (SOC). It is not currently known how long the attackers had access to the national police system, nor what information they were able to obtain.

Author: Matthijs Koot | Date: 17 June 2021 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , , , , , ,

Chinese technology firm denies it had access to Dutch government’s phone calls

April 21, 2021 by Leave a comment

Huawei PolandA LEADING CHINESE TELECOMMUNICATIONS firm has strongly denied a claim by a newspaper that its service personnel could listen in on calls made by Dutch telephone users, including senior government officials. The report dates from 2010 and was authored by consultancy firm Capgemini on behalf of KPN, one of Holland’s largest telecommunications service providers. The Rotterdam-based firm had hired Capgemini to conduct a risk analysis on whether more equipment should be purchased from Chinese telecommunications giant Huawei. By that time the Chinese company, one of the world’s largest in its field, was already supplying KPN with hardware and software equipment.

According to the newspaper De Volkskrant, which accessed the 2010 Capgemini report, the consultants cautioned KPN against purchasing more equipment from Huawei. They told KPN bosses that the Chinese firm had “unlimited access” to the content of phone conversations by subscribers through Huawei-built hardware and software that was already present in the Dutch company’s telephone system. These included Holland’s then-Prime Minister, Jan Peter Balkenende, and virtually every government minister. The report claimed that privacy standards existed in theory, but there was no mechanism in place to ensure that they were being followed.

On Tuesday, Huawei issued strong denials of the De Volkskrant report. The firm’s chief operating officer in the Netherlands, Gert-Jan van Eck, said that the Capgemini report allegations, as reported by the newspaper, were “just not [technically] possible”. Van Eck added that such claims were “patently untrue” and represented “an underestimation of the security of the interception environment” that Huawei was operating under in Europe. The Dutch government has made no comment on the De Volkskrant report.

Author: Joseph Fitsanakis | Date: 21 April 2021 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , ,

Iran spies on dissidents via web server based in Holland, registered in Cyprus

February 19, 2021 by Leave a comment

Computer hackingA WEB SERVER BASED in Holland and owned by a company registered in Cyprus is being used by the Iranian government to spy on its critics abroad, according to Dutch public radio. The information about Iranian espionage was revealed on Thursday by NPO Radio 1, one of Holland’s public radio stations, with the help of Romanian cybersecurity firm BitDefender.

The discovery was reportedly made after an Iranian dissident based in Holland was sent an infected file by a user of the popular instant messaging application Telegram. Instead of opening the file, the recipient contacted cybersecurity experts, who identified it as a type of infected software that is known to have been used in the past by the Iranian state. Once it infects a computer, the software takes screenshots and uses the machine’s built-in microphone to make surreptitious recordings.

According to BitDefender’s cybersecurity experts, the server is being used for “command and control” functions in order to facilitate remote control of infected computers and phones. These functions include stealing data, as well as collecting screen shots and audio recordings. The server had been previously used to penetrate computers in Holland, Sweden, Germany, and several other countries, including India.

Cybersecurity experts from BitDefender found that the infected file was delivered to its target via a web server facility based in Haarlem, a city located 20 miles west of Amsterdam. The cybersecurity company said the server is registered to a company that belongs to a Romanian service provider. The company is registered in Cyprus and provides services to a number of companies, including in this case an American company. The latter reportedly stopped using the service provider once it was told of the Iranian connection, according to reports.

Author: Joseph Fitsanakis | Date: 19 February 2021 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , ,

Holland expels two Russian diplomats, summons Kremlin envoy to issue protest

December 14, 2020 by 1 Comment

AIVD HollandOn 10 December 2020, the Dutch Minister of the Interior and Kingdom Relations, Kajsa Ollongren, sent a letter to the House of Representatives to inform them about the disruption of a Russian espionage operation in the Netherlands by the Dutch General Intelligence and Security Service (AIVD).

In connection with Ollongren’s revelations, two Russians using a diplomatic cover to commit espionage on behalf of the Russian Foreign Intelligence Service (SVR) were expelled from the Netherlands. The Russian ambassador to the Netherlands was summoned by the Dutch ministry of Foreign Affairs, which informed him that the two Russians have been designated as persona non grata (unwanted persons). In an unusual move, the AIVD also issued a press statement about this incident in English. The AIVD also released surveillance footage (see 32nd minute of video) of one of the two Russian SVR officers meeting an asset at a park and exchanging material.

The two expelled persons were officially accredited as diplomats at the Russian embassy in The Hague. Minister Ollongren says one of the two SVR intelligence officers built a “substantial” network of sources working in the Dutch high-tech sector. He pursued unspecified information about artificial intelligence, semiconductors, and nano technology that has both civilian and military applications. The Netherlands has designated “High Tech Systems and Materials” (HTSM) as one of 10 “Top Sectors” for the Dutch economy.

In some cases the sources of the SVR officers received payments for their cooperation. According to Erik Akerboom, Director-General of the AIVD, said the agency had detected “relatively intensive” contact between sources and the SVR officers in ten cases. The case involves multiple companies and one educational institute, whose identities have not been revealed. The minister states in her letter that the espionage operation “has very likely caused damage to the organizations where the sources are or were active, and thereby to the Dutch economy and national security”.

The minister announced that the Immigration and Naturalization Service (IND) will take legal action against one source of the two Russians, on the basis of immigration law. The minister also announced that the government will look into possibilities to criminalize the act of cooperating with a foreign intelligence service. Currently, that act on and by itself is not a punishable offense. Under current Dutch and European law, legal possibilities do exist to prosecute persons for violation of confidentiality of official secrets or company secrets.

This newly revealed espionage operation follows other incidents in the Netherlands, including a GRU operation in 2018 that targeted the Organization for the Prohibition of Chemical Weapons in The Hague, and a case in 2015 involving a talented Russian physicist working on quantum optics at the Eindhoven University of Technology. In the latter case, no information was made public about what information the physicist sold to Russian intelligence services. And in 2012, a senior official of the Dutch Ministry of Foreign Affairs was arrested for intending to sell classified official information to a Russian couple in Germany who spied for Russia. He was eventually given an eight year prison sentence.

Author: Matthijs Koot | Date: 14 December 2020 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , , ,

Older posts