Dutch Spies Monitored Russian ‘Cozy Bear’ Hackers in Real Time For Years

Intelligence services from the Netherlands reportedly had access to the computer network used by a Russian cyberespionage group known as Cozy Bear for years, watching the group break into the U.S. National Democratic Committee and other targets.

Not only that, but the Dutch spies gained access to a surveillance camera outside the office used by the hackers, located in a university building next to Moscow’s Red Square, Dutch newspaper de Volkskrant reported. This allowed them to see who came into and left the office and match their faces to known spies, establishing a link between Cozy Bear and the Russian Foreign Intelligence Service, the SVR.

Members of the Dutch Joint Sigint Cyber Unit (JSCU), a team of cyberspies allowed to engage in offensive cyberattacks, gained access to the Cozy Bear computer network somewhere in the summer of 2014 and held that access for a number of years, according to reports.

During that time, they had direct visibility into the group’s cyberespionage operations and alerted the FBI and the NSA about attacks against the U.S. State Department, the White House and the U.S. National Democratic Committee. U.S. government officials have credited foreign intelligence partners when attributing those attacks to Russia over the years.

Cozy Bear, also known as APT29, has been operating since at least 2010 and has hacked into commercial entities as well as diplomatic and government organizations from many countries, including the Netherlands. Security researchers believe it is tied to another Russian cyberespionage group tracked as Fancy Bear, or APT28.

Two-Thirds of Companies Experience Privacy-Related Sales Delays

Increasing data privacy concerns among customers and tougher data protection regulations around the world are causing significant sales delays for companies that are trying to meet customer expectations and regulatory requirements.

Sixty-five percent of organizations reported delays in their sales cycles due to data privacy issues, according to a study by Cisco Systems based on a survey of more than 3,000 professionals from 25 countries. Those delays averaged 7.8 weeks, and were twice as long for privacy-immature companies, as defined in the report.

Organizations that operate in the government, healthcare and financial services sectors had the longest delays, most likely due to stricter data privacy standards in those sectors and the sensitive nature of the information held by such organizations.

Respondents were asked to self-assess the privacy processes in their companies using a model developed by the American Institute of Certified Public Accountants (AICPA), which has five maturity levels: ad hoc, repeatable, defined, managed and optimized.

The study showed that companies could significantly decrease their sales delays by making simple changes and moving just one level higher in this privacy maturity index. Companies with “optimized” privacy maturity level had average sales delays of only 3.4 weeks compared to those in the ad hoc category, which had sales delays of 16.8 weeks on average.

“Sales delays, at a minimum, cause revenue to be deferred for some period of time,” Cisco said in the report. “However, sales delays can often lead to lost revenue as well. As a product or service approaches the end of its life cycle, a delayed sale may become a lost sale. Delays may also cause customers to select a competitor’s product or even to move on to other priorities and not buy the product or service at all.”

The study also showed that 74 percent of privacy-immature companies experienced losses of more than $500,000 due to data breaches over the past year, compared to only 39 of privacy-mature organizations.

Lucian Constantin

Lucian has been covering computer security and the hacker culture for almost a decade, his work appearing in many technology publications including PCWorld, Computerworld, Network World, CIO, CSO, Forbes and The Inquirer. He has a bachelor's degree in political science, but has been passionate about computers and cybersecurity from an early age. Before he chose a career in journalism, Lucian worked as a system and network administrator. He enjoys attending security conferences and delving into interesting research papers. You can reach him at lucian@constantinsecurity.com or @lconstantin on Twitter. For encrypted email, his PGP key's fingerprint is: 7A66 4901 5CDA 844E 8C6D 04D5 2BB4 6332 FC52 6D42

lucian-constantin has 102 posts and counting.See all posts by lucian-constantin

One thought on “Dutch Spies Monitored Russian ‘Cozy Bear’ Hackers in Real Time For Years

Comments are closed.