LONDON – A global Russian hacking offensive has targeted millions of computers to spy on governments and lay the foundation for an attack on infrastructure, Britain and the United States warned last night.
Tens of thousands of devices in British homes including wifi boxes are in the sights of Kremlin-backed cyber-experts who are searching for weaknesses such as easy-to-guess passwords and expired anti-virus software.
Security officials said yesterday that Russian hackers were seeking to find ways to sit invisibly within networks enabling them to launch a cyberattack should the order be given. Businesses have also been targeted as hackers have sought to steal intellectual property.
In an unprecedented warning, the UK’s National Cyber Security Centre, the US Department of Homeland Security, the FBI and the White House signalled that the extent of the penetration was so deep and widespread that it had given President Putin a “tremendous weapon”.
The public attack on Moscow’s “malicious cyberactivity” by the two allies was an attempt to deter President Putin from unleashing his full cyber-potential. It comes at a time of rising tensions between Moscow and the West after Britain, the US and France launched airstrikes on Syria, a close ally of Russia, following the suspected use of chemical weapons by President Assad’s regime. The US accused the Kremlin yesterday of blocking efforts by international chemical weapons inspectors to visit the site of the chemical attack in Douma.
Theresa May has addressed MPs to defend her decision to strike. Britain has drawn a link between the action it took in Syria and a nerve agent attack in Salisbury attributed to Russia.
Ciaran Martin, head of the NCSC, part of GCHQ, said that the warning over Russia’s activities was “a significant moment in the transatlantic fightback against Russian aggression in cyberspace”. Russia-backed cyber-attacks have directly targeted the UK government and elements of the country’s critical national infrastructure, he said in the briefing with US officials.
Rob Joyce, the White House’s out-going cybersecurity co-ordinator, signalled that the United States was ready to hit back against Russia with offensive cyber-operations. “All elements of US power are available to push back on these types of intrusions,” he said.
An intelligence expert from the University of Buckingham said today that Russia “raised the stakes considerably”. Professor Anthony Glees said: “An attack is an attack and an attack can be the first skirmish in a battle that could lead to war. The cyber cold war is underway, and we will await the Russian reaction over the next few days. We should hold on to our hats.”
It can also be revealed that Labour MPs were warned of an attempt to hack parliamentary emails. It was not immediately clear whether the hack had been successful or whether it was linked to Russia. The emailed warning went out on Sunday night. The first UK-US “technical alert” was released to the public, governments and private firms, including internet service providers and other communications companies.
The alert revealed that:
• Tens of thousands of British devices have been scanned by Kremlin-backed hackers looking for soft targets.
• Routers, including some made by Cisco, one of the largest internet infrastructure companies, have been penetrated by Russia.
• Hackers are sitting invisibly in networks and routers, spying on private communications and positioning themselves if needed for a wider assault.
• Spoofing “man-in-the-middle” attacks are being conducted whereby a hacker is able to intercept messages passing between two people and delete or distort the content.
“Once you own the router, you own all the traffic [that flows through the router], to include the ability to harvest credentials, passwords, essentially monitor all traffic,” Mr Joyce said. “It is a tremendous weapon in the hands of an adversary.”
Russia has been targeting Britain’s networks and those of other countries for the past 20 years but this is the first time that the UK has publicised its actions so aggressively.
Mr Putin is also using disinformation and other forms of fake news as a weapon on social media and via state-sponsored media outlets to sow dissent among countries, including Britain, as part of a goal to undermine European unity and the Nato alliance.
Britain led a multinational move in February to blame President Putin’s military for the crippling global Not-Petya cyberattack a year ago. “Russia is our most capable hostile adversary in cyberspace,” Mr Martin said.
The ability to control networks and household devices that connect to the internet means Russia can launch denial-of-service attacks, potentially knocking out services such as healthcare, energy supplies and water supplies.
A British government spokesman said: “The attribution of this malicious activity sends a clear message to Russia — we know what you are doing and you will not succeed.”
By Deborah Haynes – Sunday Times
Mark Bridge, Technology Correspondent | Patrick Maguire