Spy vs Spy - Cozy Bear Hackers Hacked

Uploaded on 2018-02-01 in NEWS-Cybersecurity News, INTELLIGENCE--Europe, FREE TO VIEW

In the Summer of 2015, Dutch intelligence services were the first to alert their American counterparts about the cyber-intrusion of the Democratic National Committee by Cozy Bear, a hacking group believed to be tied to the Russian government.

Intelligence hackers from Dutch AIVD (General Intelligence and Security Service) had penetrated the Cozy Bear computer servers as well as a security camera at the entrance of their working space, located in a university building adjacent to the Red Square in Moscow.

Over the course of a few months, they saw how the Russians penetrated several US institutions, including the State Department, the White House, and the DNC. On all these occasions, the Dutch alerted the US intelligence services, Dutch TV programme Nieuwsuur and de Volkskrant, a prominent newspaper in The Netherlands, jointly report recently.

This account is based on interviews with a dozen political, diplomatic and intelligence sources in The Netherlands and the US with direct knowledge of the matter. None of them wanted to speak on the record, given the classified details of the matter.

Not only had Dutch intelligence penetrated the computer network of the hackers, they also managed to hack a security camera in the corridor. This allowed them to see exactly who entered the hacking room.

Information about these individuals was shared with the US intelligence services. Dutch intelligence services consider Cozy Bear an extension of the SVR, the Russian foreign intelligence service, which is firmly controlled by President Putin.

The information shared by The Netherlands about the hacks at the DNC ended up on the desk of Robert Mueller, the Special Prosecutor leading the FBI investigation into possible Russian interference in the American elections. As early as December, the New York Times reported that information from, among others, Australia, the United Kingdom and The Netherlands had propelled the FBI investigation.

One of the claims made is that the Dutch counter-hackers were able to infiltrate a Russian cyber-gang known as Cozy Bear and keep an eye on them. And when we say “keep an eye on”, we mean it quite literally.

Apparently, the Dutch penetrated a security camera in the corridor leading to the hackers’ office, giving the counter-spies a view of everyone who came and went, information that was shared with US intelligence.

The Cozy Bear crew, it seems, didn’t realise that they’d been counter-hacked and betrayed by their own network.

NOS continues by saying that there were “about 10 people” in the Cozy Bear group, an imprecision that suggests either that the hacked camera didn’t have very good image quality, or that some of the group worked off-site.

Nevertheless, it’s an almost delightful irony that the hackers’ own security precautions were turned against them.

Two-faced CCTV cameras are, sadly, not a new topic on Naked Security.

The current trend to ‘Internetify’ as many devices as possible, what’s known as the IoT, or Internet of Things, is happening at such a dramatic (and competitive) rate that security often takes back seat, or even no seat at all.

We’ve written about security blunders in IoT products from dolls to sex toys; from light bulbs to kettles; from routers to printers – and many other IoT devices, too.

What to do?

We don’t know exactly how the Dutch hacking team took over the camera in this story, it could have been via a security flaw in the camera itself, via the software that controlled the camera, or via some other related compromise on the hackers’ network.

But if you are planning on plugging in anything such as an internet enabled camera, thermostat or light switch at home, here are some tips to help you get started as safely as you can:

  • Make sure your device has been updated to the latest firmware. Firmware refers to the combined operating system plus software bundle that controls the device itself, usually stored on flash memory inside the unit.

    Vendors are supposed to ship security patches from time to time; these are usually applied by downloading them to your desktop or laptop computer and using a special app to “burn” them to the device. Find out your model number and check the vendor’s download pages regularly.  
     
  • Make sure any remote access features are turned off before you go live. Many IoT devices come with a management app you can run on your desktop or laptop computer, so hunt around through the configuration options looking for any features to do with “remote administration”.

    Ideally, your IoT devices should be set up so they can be configured only from inside your network. That way, crooks have to break into your network and then into the device, instead of being able to hack away at the device itself remotely.  
     
  • Make sure you’ve changed default passwords and chosen decent replacements. Many IoT devices come with default login credentials such as root/root, admin/admin, and other combinations that are widely circulated on the internet. Don’t make it easy for the crooks: learn how to pick a proper password.

NOS News:     Naked Security

You Might Also Read: 

Russian Hackers Trying To Infiltrate US Senate:

Meet The Fancy Bears:

Guide to Russian Infrastructure Hacking:
 

« AI Can Turn Hollywood Stars Into Pornographic Actors
Russia's New Generation Of Military Robots »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Bayshore Networks

Bayshore Networks

Bayshore Networks was founded to safely and securely protect Industrial IoT (IIoT) networks, applications, machines and workers from cyber threats.

Cybersecurity Association of Maryland (CAMI)

Cybersecurity Association of Maryland (CAMI)

CAMI’s mission is to create a global cybersecurity marketplace in Maryland and generate thousands of high-pay jobs through the cybersecurity industry.

Cyber Security Austria (CSA)

Cyber Security Austria (CSA)

Cyber Security Austria (CSA) is an independent non-profit association with the aim to address security issues in the area of IT/cyber security of critical/strategic infrastructures in Austria.

Very Good Security (VGS)

Very Good Security (VGS)

VGS is the modern approach to data security. Our SaaS solution gives you all the benefits of interacting with sensitive and regulated data without the liability of securing it.

SevenShift

SevenShift

SevenShift is a security consulting firm with a wealth of experience in the worlds of Cybersecurity and Internet of Things (IoT).

ENAC

ENAC

ENAC is the national accreditation body for Spain. The directory of members provides details of organisations offering certification services for ISO 27001.

Bugraptors

Bugraptors

BugRaptors is a certified software testing company with extensive experience as a third-party testing vendor, effectively proven as a leader in software testing & QA Services.

BAI Security

BAI Security

BAI Security is a Nationally Recognized Leader in IT Security. Keeping your data safe and your business compliant is our singular focus.

Hudson Cybertec

Hudson Cybertec

Hudson Cybertec are an internationally recognized Subject Matter Expert for cyber security in the Industrial Automation & Control Systems (IACS) domain.

Conquest Cyber

Conquest Cyber

Conquest Cyber builds adaptive risk management programs where innovation is most needed – within defense, intelligence, federal civilian agencies and the industrial base that supports them.

Digital Pathways

Digital Pathways

Digital Pathways is an award-winning data security provider that helps businesses protect their digital assets.

Pristine InfoSolutions

Pristine InfoSolutions

Pristine InfoSolutions is a global IT services and Information Security Company focused on delivering smart, next-generation business solutions.

Avocado Consulting

Avocado Consulting

Avocado helps clients deliver with certainty on their complex IT change, with technology services that automate, monitor and optimise.

Aegis Cyber Defense Systems

Aegis Cyber Defense Systems

AEGIS is a powerful cybersecurity tool that can help protect your devices and networks from cyber threats, and increase performance.

Emircom

Emircom

Emircom is one of the Middle East's leading independent providers of IT infrastructure services, helping clients to drive growth and deliver measurable outcomes.

Guardian Angel Cyber

Guardian Angel Cyber

Guardian Angel Cyber, is your trusted ally in safeguarding your digital assets and online presence.