The UK and US intelligence services say Russia is hacking home routers in a global cyberattack

[ pour cet article en français cliquez ici ]

Jeremy Fleming, the director of GCHQ, at the Cyber UK conference
hosted by the National Cyber Security Centre last week

 

Ah, the future of war: “We can’t rule out Russia may attempt to use this infrastructure for further attacks”.
It will be used for espionage, theft of intellectual property, or for “use in times of tension.”
You know. Like payback for bombing Syria and stuff.
 

17 April 2018 (Perugia, Italy) – As I enjoy a few days of R & R after the International Journalism Festival (IJF) and begin writing a series of posts on IJF, I spent the morning scanning my cyberwar/cybersecurity news briefing folder. Top item? The British and American governments say that Kremlin-funded spies might have found a way into your home office.

The U.K. and U.S. blamed Russian hackers for a campaign aimed at taking control of routers inside government, critical infrastructure and internet service providers, but also within small and home offices. The warning came in a joint announcement from British intelligence, the National Security Council (NSC), the DHS and the FBI yesterday. In a media briefing ahead of the announcement, Rob Joyce, special assistant to the president and cybersecurity coordinator at the National Security Council, said there was “high confidence” Russia was behind the attacks. The hacks were being tracked by British intelligence from a year ago, said Ciaran Martin, director of U.K.’s National Cyber Security Centre, run out of intelligence agency GCHQ.

The joint technical alert said Russian state-sponsored hackers had attempted to breach network routers, switches, firewalls and network intrusion detection systems across the world. Those routers were compromised to carry out so-called “man-in-the-middle” attacks where data going between computers and internet servers is intercepted, the NCSC said. That was being done “to support espionage, extract intellectual property, maintain persistent access to victim networks and potentially lay a foundation for future offensive operations,” according to a statement from the NCSC.

Martin said the sustained targeting had continued for months and could have been used for espionage, the theft of intellectual property, or for “use in times of tension.” He said millions of machines were being targeted and many had been seized by hackers to get access to ISP customers, to spy on organizations and their connections. That included the U.K. government, he added.

Joyce said “we can’t rule out Russia may attempt to use this [hacked] infrastructure for further attacks.” Advice will be handed out to potentially affected entities today, marking the first time the U.K. and the U.S. have pushed out such recommendations together. “The actions you’re seeing today is one in a series of steps against this unacceptable activity,” Joyce added.

Jeanette Manfra, chief cybersecurity official for the DHS, said that amongst its techniques, the Russians had scanned for devices running vulnerable Cisco Smart Install software designed to make it easy to set up network equipment from the massive networking manufacturer. Cisco itself recently warned about attacks aimed at the product, warning they could put critical infrastructure at risk.

While the agencies weren’t forthcoming with names of victims, they were open in pointing fingers at the Kremlin. Both the U.K. and U.S. governments have blamed Russia for other recent cyberattacks, including the NotPetya ransomware, which first spread in Ukraine before taking down global businesses, including shipping giants Maersk and FedEx. Just last week, in his first public speech as GCHQ director, Jeremy Fleming warned of “reckless” Russian activities in the real world after the poisoning of a former spy living in the U.K. and the nation’s “unacceptable” online behavior.

The U.S. had previously claimed Russia was responsible for the cyberattack on the Democratic National Committee (DNC) and for attempting to influence the 2016 election via digital means. The Kremlin has denied all the above allegations levelled at its government.

Increasing cyber tensions 

As for what Russia could do with all those hacked routers, Professor Alan Woodward, a cybersecurity expert from the University of Surrey, raised concerns about the potential for “a significant attack infrastructure from which onward attacks could be mounted”: 

Imagine, for example, a massive distributed denial of service (DDoS) attack where the source of the attack was home routers – who would you blame? Now imagine a situation where you have already said we know certain routers have been compromised and could be at the behest of the Russians and then there was such an attack… plausible deniability become less plausible.

And that is the issue. As explained to me earlier this year at FIC2018 by David Grout of FireEye:

When a hacker controls a router and has access to parts of the internet backbone the worry always is about what they can be used for, whether that’s a DDoS or other offensive cyberattacks. And it points to the massive scale of the problem.

Russia responds 

In response to all of these allegations, in an emailed comment from the Russian Embassy in London (they really have a cutting edge social media team, by the way), a spokesperson said: 

We consider these accusations and speculations as striking examples of a reckless, provocative and unfounded policy against Russia. We are disappointed by the fact that such serious claims have been made publicly, without any proof being presented and without any attempt by the United Kingdom to clarify the situation with the Russian side in the first place.

Given that in recent days the British media, instigated by official statements, has again started to exploit the issue of ‘cyberthreats from Russia,’ impression grows that the British public is being prepared for a massive cyber attack by the UK against Russia, that will purport to be of a retaliatory nature, but would in fact constitute unprovoked use of force. 

Russia is not planning to conduct any cyber attacks against the United Kingdom. We expect the British government to declare the same.

The security services have admitted they do not know the full scale of attacks by state-sponsored Russian hackers. but they are very clear about one thing: the global connectivity provided by the “internet of things” relied upon in modern life by almost all Western countries, especially the UK and the US, will be easily exploited by the Russians and other malicious actors.

Who? Me?

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

scroll to top