The UK and USA intelligence agenies say that state-sponsored Russian hackers are actively trying to hijack essential internet hardware.
In a joint statement, the UK’s National Cyber Security Centre (NCSC) and the FBI and US Department of Homeland Security warned of a global campaign. The statement outlines methods that are being used in attempts to take over essential network hardware. They say that the attacks could be an attempt by Russia to gain a foothold that they can use in a future offensive.
Speaking at a press conference called to release the alert, White House cyber-security co-ordinator Rob Joyce said the US and its allies had “high confidence” that Russia was behind the “broad campaign”. Intelligence gathered by the US and UK suggested that millions of machines directing data around the net were being targeted, he said.
Compromising devices allowed hackers to look at data passing through them, added Mr Joyce. Attackers have also tried undermine firewalls and intrusion detection systems which organisations use to identify and block malicious traffic before it reached users. In addition, Mr Joyce said that many organisations had come under attack over the course of months at a time in an attempt to steal valuable intellectual property, business information or to get at their customers. “When we see malicious cyber-activity, whether Kremlin or other nation state actors, we are going to push back,” said Mr Joyce.
Ciaran Martin, the head of the UK’s NCSC, said the joint alert marked a significant moment, as the two countries had never before given joint advice on how to deal with attacks. “Many of the techniques used by Russia exploit basic weaknesses in network systems,” said Mr Martin.
The principal targets of the global campaign were internet service providers, firms running critical infrastructure, government departments and large companies, the alert stated. The statement also contained information about attack methods, the signs left when hardware has been compromised, and how networks can change when they have been breached. Advice has included ways to configure systems correctly and how to apply patches to address hardware vulnerabilities.
Mr Martin said GCHQ, NCSC’s parent organisation, had tracked the threat posed by Russian cyber-gangs for more than 20 years. Further intelligence about the attacks had been added by “multiple” cyber-security organisations and companies, he added. The UK was working with America, its other allies and the technology industry to “expose Russia’s unacceptable cyber-behaviour, so they are held accountable for their actions”, said Mr Martin.
If you have your own website and have security software that allows you to see attempted intrusion attempts you’re probably aware that a huge majority of attacks even against non-important sites like this, originate from Russia. In order of volume, most website owners we know report Russian hackers as the main irritant, followed by Ukraine and China. We rather doubt these attempts can be laid at the door of a state, but it’s certain that these countries are home to massice armies of hackers.