Pages

28 October 2021

Digital warriors fight in the net’s netherworld

Nevil Gibson

When the grandly titled International Consortium of Investigative Journalists (ICIJ) released the Pandora Papers on October 5, it claimed the biggest leak in media history. More than 600 journalists from 140 news organisations in 117 countries had worked for months on 12 million documents from 14 sources.

The files were mainly culled from various law firms and revealed the financial dealings of the rich and famous. More to the point, these people were stashing their assets in ways that escaped taxes, which seemed to be the motivating factor for journalistic endeavour, as it was for the Panama Papers in 2016 and the Paradise Papers in 2017.

Despite the hype, and the involvement of such global media giants as the BBC, New York Times and Washington Post, the latest tranche was a fizzer. Unlike the Panama Papers – which claimed one scalp, Iceland’s prime minister Sigmunder David Gunnlaugsson – Pandora’s box contained nothing new of substance.

The use by dictators and monarchs to hide their ill-gotten gains in the West is no secret, while exposing the legal affairs of private citizens does little more than fuel demands for envy taxes and potentially hinder economic growth. The stories soon passed out of the news cycle and local angles, such as those published in New Zealand, were so dated as to be irrelevant.

Great powers

Not so the work of investigative journalist Huib Modderkolk, who writes for a Dutch national newspaper, De Volkskrant. He has spent the past six years on a far more serious assignment: that of the cyberwar being fought among the great powers and which has far more serious repercussions to world economies than tax dodging.

Huib Modderkolk writes for Dutch national newspaper De Volkskrant.

Rather than work from leaked documents, Modderkolk hunts down sources in person, does not record the conversations for fear they could surface somewhere else, and keeps his notes in encrypted form. He walks the fine line between exposing the work of official intelligence and security agencies that monitor the world’s communications and how, with the constraints of privacy and surveillance laws, they combat state-backed hackers in an unequal war. Their opponents – mainly the authoritarian states of Russia, China, Venezuela, and Iran – have no such rules.

Huib sums up his dilemma: “To shield society from spies and foreign hackers, agencies need surveillance powers that put a strain on a free society.” He would be first to ask the purpose of leaked Pandora documents and who made them available.

The likelihood, based on his knowledge of global hacking operations, is that they are intended to de-stabilise and reduce trust in the institutions of democratic Western and other societies.

In the world of espionage, this is the same as disinformation, as outlined in Thomas Rid’s history, Active Measures.

Hacking events

Modderkolk’s There’s a War Going On But No One Can See It covers the major hacking events since 2015, and some of the successful attempts by Western agencies to foil them. The book is based on 110 face-to-face interviews and is viewed from the perspective of operations in the Netherlands.

After the US, UK, Russia, and China, the Netherlands is considered the fifth-ranked cyber power. It has two government agencies, the AIVD and MIVD, operating in the domestic and military intelligence sectors respectively. The Netherlands also has the largest concentration of digital businesses in Europe and is a key centre for global internet traffic.
This Dutch ministry houses the AIVD, the domestic security intelligence agency.

Modderkolk first took an interest in the cyber wars through Glenn Greenwald, the journalist who brought Edward Snowden to world attention with his trove of stolen US military files that later ended up on WikiLeaks. But it was the hacking of a Dutch payment certifying company, DigiNotar, that took Modderkolk down a different path.

DigiNotar issued certificates that guaranteed the veracity of websites, and was relied on by major web browsers such as Google, Microsoft, and Firefox. The breach was quickly identified and remedied but it took years before the full story emerged about a lone hacker with Iranian connections.

Digging deep

By then, Modderkolk had dug deep into this netherworld of competing agencies and several other incidents, including the hack of the largest Dutch telecom company, KPN. A success story enabled the identification of the Brussels airport bombers who killed 35 people in March 2016 and their connection to the terrorist attacks in Paris a few months earlier.

However, counter-terrorism wins are a side product of most cyber surveillance. Most of the mundane work is dealing with the daily attacks on government and private organisations. The routines differ according to country.

China broke into at least 141 companies from 2006-13, stealing passwords and then data. Such penetrations can lodge malware for years before they are detected. According to Modderkolk, the Chinese employ tens of thousands of hackers to launch mass attacks, while the Russians are more sophisticated. “They’re savvier, more disciplined, and better at covering their tracks. They’re incredibly skilled at raiding infected systems.”
The AIVD spied on hackers operating from buildings like these on Moscow’s Red Square.

The Russians are also more tactical, often launching attacks as a distraction to events such as the seizure of Crimea from Ukraine in 2014. Ukraine was the main target of the NotPetya virus in June 2017 that swept through that country’s business computers and immobilised much of its industry. It spilled over into a global shutdown of shipping, striking initially through Maersk’s container operations and the port of Rotterdam. Eventually it affected hundreds of companies in dozens of countries, with total damage to the world economy, including New Zealand, estimated at US$10.6 billion.

Not by coincidence, it occurred just after British authorities released details of those responsible for the poisoning of former KGB agent Sergei Skripal and his daughter in Salisbury, England.

The Dutch also noticed heightened Russian activity in the use of Twitter and other social media after a rocket downed Malaysian Airlines flight MH17. The Russians had gained access to a Spanish software program, SNAP, that gave political parties and others the ability to manipulate Twitter’s algorithms in their favour. In the case of MH17, it was to spread the false news of Ukrainian involvement in the missile attack.

Colourful characters

Modderkolk interviews the developers of SNAP about how their software found its way into Russia, Iran, and Venezuela. In 2019, researchers at Oxford University reported the use of “computational propaganda to shape public attitudes via social media” in 70 countries, an increase of 150% in two years. He also tracks other colourful characters, such as Dutch anti-hacker Ronald Prins and his nemesis, Evgeniy Bogachev, the Russian virus creator described as the “Pablo Escobar of the digital era”.

In a rare breakthrough, the AIVD successfully broke into security camera footage that observed a top hacking team at work in a Moscow university building on Red Square. They were part of operations nicknamed Cosy Bear, run by the SVR security service, and Fancy Bear, run by the GRU, Russia’s military intelligence arm. A mistake by US authorities accidentally revealed this spy post, shutting out the AIVD.
The hacking of SolarWinds was the ‘most significant cyber incident in American history’.

Still at work

But the Bears are still at work. Cozy Bear was identified as the hacker of SolarWinds, a US network management company. Republican politician and former House Intelligence Committee chair Mike Rogers described it “as the most significant cyber incident in American history”. SVR had been gathering data on SolarWinds’s 300,000-odd customers for 10 months.

Cozy Bear also hacked into Europe’s medical agency seeking information on Covid-19 vaccines. This was later used to spread doubts in the West about the efficacy of the two most used vaccines.

Sadly, Modderkolk sees no end to this unequal war, as cynicism among democratic populations mounts against the levels of government surveillance, and politicians are reluctant to move ahead of public opinion. A Dutch referendum in 2018 narrowly opposed giving more powers to security and intelligence agencies.

‘To shield society from spies and foreign hackers, agencies need surveillance powers that put a strain on a free society.’

‘Snowden fatigue’ is a term that describes public indifference to whistleblower stories, just as people are more than willing to put personal data on Facebook, Twitter, Instagram, and TikTok. If the public easily becomes blasé at cyberattacks – even when they hit hospitals such as in Waikato earlier this year – then it’s no wonder Pandora failed to live up to its name.


There’s a War Going on But No One Can See It, by Huib Modderkolk. Translated from Dutch by Elizabeth Manton (Bloomsbury).

No comments:

Post a Comment