Russia accused of hacking Dutch police during MH17 investigation

Russia accused of hacking Dutch police during MH17 investigation

Journalists at the Dutch newspaper “De Volkskrant” have reported that the country’s intelligence service, AIVD, discovered in 2017 that Russian hackers had broken into Dutch police systems. The De Volkskrant report is based on knowledge from anonymous sources. The reason behind this act of espionage is thought to be the ongoing MH17 investigation.

MH17

A little background: on July 17, 2014, Malaysia Airlines Flight 17 (MH17) was shot from the sky on its way from Amsterdam to Kuala Lumpur above the Ukraine. The plane was hit by a surface-to-air missile, and as a result, all 298 people on board were killed, the majority of them Dutch.

At that time, there was a revolt of pro-Russian militants against the Ukrainian government which is thought to have been backed by Russia. Russian denied any direct involvement at the time but later admitted to having military intelligence officers in the country. Both the Ukrainian military and the separatists denied responsibility for the MH17 incident.

A large disinformation campaign was launched to obscure who was responsible.

The discovery

The Dutch police only became aware it had been breached after a tip off from AIVD, and the discovery caused a major panic, according to the newspaper. Whether and which data was stolen, is not clear, insiders told the Volkskrant. Understandably, the police network is a huge one and spread out across the country. Apparently the point of first entry was a server of the Police Academy. After discovery, the decision was made that putting a stop to the intrusion as quickly as possible was more important than figuring out what the intruders were after.

So, at this point it is unsure what the exact information was the intruders were after and even whether they were successful in finding that information. According to the Volkskrant, due to a lack of monitoring and logging, the AIVD and Dutch Police have very little knowledge of what the hackers did inside the police network. “There were a lot of question marks,” the newspaper’s source said. “How long had they been inside? Was this the first time? Had they already siphoned off data? That wasn’t clear.”

Dutch police

The Dutch police took the lead in the investigation of the MH17 incident. The Joint Investigation Team (JIT), a special team set up to investigate the MH17 incident, comprises officials from the Dutch Public Prosecution Service and the Dutch police, along with police and criminal justice authorities from Australia, Belgium, Malaysia and Ukraine. On July 5, 2017 the JIT countries decided that the prosecution of those responsible for downing flight MH17 would be conducted in the Netherlands.

The timing of the attack against the police could be coincidental, but it is notable that the attack took place in that same month.

Information feeds disinformation

One possible motive for the attack is disinformation. The best lies are based on truth after all. Reportedly, the Dutch justice department and the Dutch police were targeted with phishing emails and cars filled with listening equipment were found in the vicinity of the “Landelijk Parket”, which is the part of the justice department that deals with both national and international organized crimes. Knowing which facts were already known could be instrumental in building believable lies without revealing new facts.

Disinformation

We have reported before about the Russian disinformation campaigns regarding this incident. More recently, in November of 2020, Bellingcat, which has been instrumental in retrieving information about the attack on flight MH17, published evidence that Bonanza Media, a self-styled independent investigative platform, is in fact a special disinformation project working in coordination with Russia’s military intelligence. The open-source intelligence outfit asserts that:

While we have not yet established conclusively whether the Russia’s military intelligence agency, best known as the GRU, was behind the initial launch and funding of the Bonanza Media project, we have established that shortly after it was launched, senior members of the GRU entered into direct and regular communication with the project leader

It is no coincidence that one of the main forces behind Bonanza is Dutch as well. Together with former Russia Today journalist Yana Yerlashova, Bonanza was set up by blogger and journalist Max van der Werff.

Eliot Higgins, the founder and executive director of Bellingcat has called out what he says are Russian lies, and the interplay between the official Russian position and the disinformation propagated by so-called MH17 “Truthers”, in his recent tweets about the on-going MH17 court hearings.

Cozy Bear

Top suspect of the attack on the Dutch police is APT29 (Cozy Bear), a well-known hacking group that the White House linked earlier this year to the Russian Foreign Intelligence Service, also known as the SVR. They are also suspected to be behind the SolarWinds attack and other international espionage cases.

Aftermath

Both the Dutch police and the AIVD did not provide comments on the publication by the Volkskrant, but we do know that the AIVD is closely monitoring a reorganization to improve the security of the Dutch police’s networks.

The international court in The Hague is in the middle of the MH17 trials and Russia’s interference is unlikely to do their case any good, but of course they will deny every involvement.

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.