British Ex-Intelligence Officer on Russia’s Alleged Global Hacking Attacks
In a joint technical alert, the UK and US accuse the Kremlin of laying the foundation for offensive cyber operations.
The UK and the Netherlands claim that they had foiled cyber attacks by Russian government hackers while the US indicted seven agents of Russian military intelligence for a series of alleged hacking attacks.
In a joint technical alert issued by the UK’s National Cyber Security Centre (NCSC), the FBI and the US Department for Homeland Security (DHS), the Kremlin is accused of being behind an on-going hacking campaign.
The primary targets of the campaign are government and private-sector organisations, as well as critical infrastructure businesses and the internet service providers supporting those sectors.
According to the alert the attackers are attempting to secure access to computer networks for espionage purposes and to “potentially lay a foundation for future offensive operations”.
In a media briefing at the time of the statement, Ciaran Martin, the head of NCSC, confirmed that Russian hackers had successfully penetrated the computer networks of the UK’s energy grids, but did not manage to disrupt them.
Millions of machines have been targeted globally, but security agencies in the US and UK do not have “full insight into the levels of compromise” that occurred.
In a statement, Mr Martin described Russia as the UK’s “most capable hostile adversary in cyberspace” and said “dealing with their attacks is a major priority” for the UK and its US allies
“This is the first time that in attributing a cyberattack to Russia, the US and the UK have, at the same time, issued joint advice to industry about how to manage the risks from attacks.
American and Dutch officials on Thursday accused the Russian government of a widespread series of computer attacks. In the Netherlands, four Russian agents tried to hack into computers at the Organization for the Prohibition of Chemical Weapons. Meanwhile, the U.S. Department of Justice indicted seven men who tried to disrupt the investigation into alleged Russian doping. William Brangham reports.
It’s no surprise that these Russian trolls spent most of their time on Facebook and Instagram: Two-thirds of Americans get at least some news on social media. The trolls spread out across both platforms, seeking to encourage conflict on any topic that was getting a lot of attention: immigration, religion, the Black Lives Matter movement and other hot-button issues.
Around the same time, the Russian hackers allegedly began searching for technical vulnerabilities in the Democratic organizations’ computer networks. They used techniques and specialized malicious software that Russians had used in other hacking efforts, including against the German Parliament and the French television network TV5 Monde. By April 2016, the hackers had gained access to the Democratic Congressional Campaign Committee systems, exploring servers and secretly extracting sensitive data. They located a Democratic Congressional Campaign Committee staffer who also had privileges in the Democratic National Committee systems, and thereby got into the Democratic National Committee networks too, extracting more information.
When the Democratic National Committee realized there was unusual data traffic in its systems, the group hired a private cybersecurity firm, which in June 2016 publicly announced that its investigation had concluded that Russia was behind the hacking. At that point, the Russians allegedly tried to delete traces of their presence on the networks. But they kept all the data they had stolen.
Some have seen this problem coming for a long time and changed their entire way of life by going off-grid. They have found alternative sources such as solar, wind and diesel to power their homes and machinery. A majority of us, who have not gone off-grid, are making a concerted effort to avoid dependence on this ailing infrastructure and preparing for life without it.
The alert follows an advisory notice released by the NCSC earlier this month which warned that companies connected to British critical national infrastructure were being targeted by attackers, citing cybersecurity reports which suggested the hackers were based in eastern Europe.
Speaking at the CyberUK event in Manchester last week, Jeremy Fleming, the head of GCHQ, warned that the nerve agent attack in Salisbury “demonstrates how reckless Russia is prepared to be”.
“Reckless” was also the word chosen in February, when Western nations publicly and collectively attributed the NotPetya cyberattack against Ukraine to hackers working for the Russian military.
It was the first time that government agencies had stated that the Kremlin was responsible for a cyberattack, and a NATO-affiliated cybersecurity researcher compared the landmark attribution to the #MeToo movement to Sky News, noting that speaking up and naming the perpetrator is the first step towards responding to their crimes.
The UK’s Foreign Office – under which sit both GCHQ and the NCSC – responded to the NotPetya attack by threatening that it would be “imposing costs on those who would seek to do us harm”.
As tensions rose following the Salisbury attack, Robert Hannigan, the former head of GCHQ, told Sky News that the UK’s offensive cyber capabilities were “the best in the world, I think” – but launching a cyber-conflict is not a trivial thing.