Joint Sigint Cyber ​​Unit

The headquarters of the JSCU with its 350 employees is located in the AIVD building in Zoetermeer . Other employees are at the MIVD in The Hague. For the 100 and 150 people of MIVD, the AIVD building work for the JSCU in, again requested the AIVD a safety investigation (comparable security clearance in Germany). The MIVD accepted this, but the soldiers in question, who often already had access to the highest level of secrecy , felt so offended by the AIVD's suspicions that they demanded legal action.

The JSCU has capacities for Computer Network Operations (CNO). These consist of three areas:

• Computer and Network Defense (CND)
• Computer and Network Investigation (CNI)
• Computer and Network Exploitation (CNE)

All JSCU cyber operations are carried out by a working group consisting of approximately 80 to 100 people. This unit includes teams for interception activities, computer network defense (CND) and computer network attack (CNA). The CNA team consists of hackers who are allowed to attack hostile computer networks offensively. The number of hackers rose from five in 2014 to fifty in 2019, while the total number of JSCU employees rose to 700 that year. In terms of hacking skills, they are said to be in the top 5 in the world.

Legal framework

As a common component of AIVD and MIVD, the activities of the JSCU fall under the Law on Intelligence and Security Services 2017 (Wiv 2017). In the contractual agreements on the Joint Sigint Cyber ​​Unit dated July 3, 2014, both services stipulated which tasks and powers can be performed by the JSCU.

tasks

Based on these agreements, the JSCU has the following tasks:

• Collection of electronic data, including interception of communications by technical means
• Make this data accessible and searchable and link it together
• (Support in) analysis of the data and investigation for cyber threats and "linguistic skills" ("taalcapaciteit")
• Provision of eavesdropping and cyber techniques, if necessary, on site in or near operational areas
• Innovation and knowledge development in these areas in order to be able to react to technological developments in good time

Powers

On the basis of the contract, the JSCU can exercise the following special powers to fulfill its tasks:

• Observing and tracking people (Art. 20 Wiv 2002)
• Collecting information under a guise (Art. 21 Wiv 2002)
• Intrusion into computers by means of hacker attacks (Art. 24 Wiv 2002)
• targeted skimming of communication content by tapping on telephones and internet lines (Art. 25 Wiv 2002)
• untargeted skimming of satellite and radio traffic from or to other countries (Art. 26 & 27 Wiv 2002)
• Requesting user data from telecommunications companies (Art. 28 & 29 Wiv 2002)

In order to be able to exercise these powers, employees have access to all locations that are required, for example, for the provision (installation) of "observation and registration means" (Art. 30 Wiv 2002).

Special powers, such as searching inaccessible places or hidden objects, examining objects to identify people (Art. 22 Wiv) and opening mail (Art. 23 Wiv) are not part of the JSCU's tasks.

job

The development of radio and satellite traffic was previously carried out by the National Signals Intelligence Organization (NSO), which had also been active on behalf of and under the responsibility of the AIVD and the MIVD since 2002 and was merged into the JSCU in 2014.

In January 2018 it was announced that the CNA team of JSCU since the summer of 2014, the network of Russian hacker group Cozy Bear , also known as APT29 called, infiltrated and thus observed was how this group tried in the computer systems of the Democratic Party of the USA , of the U.S. Department of State and the White House . This information was then passed on to the US intelligence services CIA and NSA , which provided evidence of Russian influence over the 2016 presidential election in the United States .

Listening stations

To intercept wireless communication, the JSCU has three monitoring stations: Burum in West Friesland to intercept satellite traffic and Eibergen in the province of Gelderland to intercept high-frequency radio traffic. A third, now closed, radio monitoring station had been in Eemnes ( province of Utrecht ) since 1968 . The NSO also had staff and equipment at locations abroad.

JSCU ground station within It Grutte Ear near Burum (2012)

Burum ground station

The listening station for satellite communication is (currently) in Burum in Friesland and was put into operation on September 6, 2005. This station was the successor to the former ground station in nearby Zoutkamp , where two satellite dishes had been standing since the late 1970s to listen to Intelsat's commercial satellites . Following objections from local residents, the Ministry of Defense decided not to expand this satellite ground station and took it out of service on January 1, 2008.

Eibergen ground station

Eemnes triangulation system

Evaluation systems

The following information is known about the systems with which the JSCU then processes the data intercepted by radio and satellite traffic:

In 2009, the MIVD launched the first version of a new information processing system, with which, among other things, information from millions of documents could be found within 30 milliseconds. Later, “expert meetings, forms of cooperation, chain approaches and the linking of structured and unstructured information” should also be possible. According to the annual reports, in 2010 and 2011 the service bought a new "SIGINT production support system", the first version of which would be available in 2013 and further versions in 2014.

In principle, the surveillance only allowed the interception of non-wired communications, since at the time this law was drafted, all international traffic was carried out simultaneously via wireless connections. Today most connections are underground and submarine cables, but these are much more difficult to access. In 2011, the Dutch Government's Control Committee for the Intelligence and Security Services (CTIVD) issued a recommendation in which it advised, among other things, that the services should be given broader powers to intercept telecommunications over cables. The corresponding law from 2002 is "a bit out of date". The Second Chamber of the States General , the lower house of Parliament, then requested an evaluation. With this mandate, the independent Dessens Commission was founded in February 2013, named after a senior director of the Dutch Ministry of Justice, Dr. CWM Dessens, which presented its report on December 2nd of the same year. The commission recommended that untargeted tapping and recording of wired telecommunications be allowed in future.

Even before the investigation by the Dessens Commission was published, it was announced in November 2013 that the Ministry of Defense had already ordered devices worth 17 million euros from the Israeli company NICE Systems in order to receive large amounts of wired telephone and Internet traffic and to process. Under the name of Project Argo II , these devices should be used from 2014 to "exploit information from communication channels for secret services," said Interior Minister Plasterk. There was speculation in the media that by purchasing Argo II, the Dutch services wanted to provide access to cable communications, which was not yet allowed under current law. The Department of Defense then wrote on its website that the Argo II itself cannot intercept or collect data and that the system is currently only used to process Internet traffic received over the airwaves.

In the 2012 annual report, the AIVD stated that it had evidently developed a system parallel to the MIVD project with which large amounts of data from SIGINT and other sources can be saved and searched very quickly. The AIVD has also developed applications to analyze this “bulk data” (raw amounts of data) and to allow specific developments to flow into statistics and reports.

Frequency conflicts with 5G

The standard for private mobile data transmission (mobile Internet) 5G is the successor to the still current 4G standard (as of 2020) . The new technology in existing and additional cell phone masts enables faster data exchange with the latest generation of mobile devices. Videos can be streamed faster and photos downloaded faster on smartphones. The planned 5G network will have a much larger capacity and bandwidth. This should ensure that more devices can be connected to the same antenna at the same time. B. the connection to highly frequented locations such as airports or at events remains more stable.

One of the frequency bands required for 5G in the Netherlands is the 3400-3800 GHz band. However, it is in the 3400-4200 GHz C-band , which is assigned to international satellite communications. This microwave frequency range has been used by various intelligence agencies for years, including the JSCU facility in Burum. However, various studies have shown that the use of the 5G networks severely affects the listening devices used.

Trivia

The novel In het hol van de Cozy Bear , which has only been published in English in 2018 as In the Lair of the Cozy Bear , is about the infiltration of the Russian hacker group by the Cozy Bear network from the computer network attack team (CNA) of the JSCU. It was written by FWA van Nispen tot Pannerden with an American liaison officer at JSCU (author name: THE Hill ) from a first-person perspective .

Web links

• AIVD and MIVD slaan are held in tegen cyberdreigingen , ministerie van Defensie
• Samenwerking inlichting services , ministerie van Defensie

Individual evidence

1. ↑ NSA malware infected over 50,000 computer networks worldwide , ZDnet of November 23, 2013
2. ↑ ^{a b c d e} AIVD: Agreement for the establishment of the Joint Sigint Cyber ​​Unit (JSCU) of July 3, 2014, PDF 80 kB
3. ↑ ^{a b} Project Symbolon completed: the Dutch Joint SIGINT Cyber ​​Unit (JSCU) is born , September 24, 2013
4. ↑ Telegraaf.nl: Spionnen onder één dak: ruzie , February 28, 2014
5. ↑ detailed job advertisement by AVID ( Memento from December 14, 2019 in the Internet Archive )
6. ↑ ^{a b} Volkskrant.nl: Hackers AIVD leverden cruciaal bewijs over Russische inmenging in Amerikaanse verkiezingen , from January 25, 2018
7. ↑ Huib Modderkolk: The digital world war that nobody notices , Amsterdam 2019, p. 242, ISBN 978-3-7110-0262-4 publisher's description
8. ↑ Convenant MIVD-AIVD inzake de interceptie van niet-kabelgebonden telecommunicatie , Art. 7
9. ↑ Kabinet: verplaatsing grondstation Burum noodzaak voor optimal 5G networks , notification from the Dutch government (Rijksoverheid) of December 24, 2018
10. ↑ It Greate Ear in Burum , Noorderbreedte, No. 6, of November 30, 2006
11. ↑ verbingsbataljon en hair voorgangers (liaison battalion and its predecessors) ( Memento of May 21, 2010 in the Internet Archive )
12. ↑ Kamp Holterhoek: meer dan een militair complex (I) , PDF 5.22 MB, pp. 25–26.
13. ↑ 'Eibergen' lists mee met de Taliban , De Stentor on June 28, 2007
14. ↑ MIVD: Annual Report 2009
15. ↑ Annual report Militaire Inlichtingen- en Veiligheidsdienst 2012 , PDF 2.84 MB, p. 16
16. ↑ Regering onderzoekt internettap voor veiligheidsdiensten , December 29, 2011
17. ↑ Ontstaan ​​van de Wet op de inlichtingen- en veiligheidsdiensten 2017. In: Referendumcommissie. Retrieved June 25, 2020 (Dutch). 
18. ↑ Commissie-Dessens biedt evaluatierapport Wiv 2002 aan. In: AIVD . December 2, 2013, accessed November 4, 2017 (Dutch). 
19. ↑ DeMorgen.be: Nederland ordered een nog verboden spionagesysteem from November 9, 2013.
20. ↑ Nederland ordered een nog verboden spionagesysteem , article in de Volkskrant from November 9, 2013.
21. ↑ Defensie.nl (Ministry of Defense): Gegevens verwerken met ARGO II ( Memento from August 21, 2016 in the Internet Archive )
22. ↑ AIVD: Annual Report 2012 , p. 62
23. ↑ Tweede Kamer: Co-existence of 5G mobile networks with C-Band Satellite Interception in Burum , PDF 8.4 MB