Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Russian hackers targeting millions of devices around the world, US and UK warn

Intelligence agencies say spying could be preparation for future attacks 

Lizzie Dearden
Home Affairs Correspondent
Monday 16 April 2018 17:23 EDT
Comments
Vladimir Putin has denied sponsoring cyber attacks around the world
Vladimir Putin has denied sponsoring cyber attacks around the world (EPA)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Russian hackers are targeting millions of devices around the world to spy, steal information and build networks for potentially devastating future cyberattacks, the US and UK have revealed.

The first ever joint “technical alert” from the two countries urged members of the public and businesses to help combat vulnerabilities with basic security precautions.

Ciaran Martin, chief executive of the National Cyber Security Centre (NCSC) – an arm of British intelligence agency GCHQ – said Russia was its “most capable hostile adversary in cyberspace”.

In a call with The Independent and other outlets, he said all attacks uncovered by American security services had directly affected the UK, including intrusion into the energy sector.

“This is sustained targeting of multiple entities over months that we believe the Russian state to be behind,” Mr Martin added.

“The purpose of these attacks could be espionage, the theft of intellectual property and they could be positioned for use in times of tension.

“There are millions of machines being globally targeted, trying to seize control over connectivity.”

The total is believed to include tens of thousands of home devices in the UK alone, which could be used “at scale” for wider operations.

US to impose new sanctions on Russia in wake of Syria chemical attack, says UN ambassador Nikki Haley

Security services admitted they do not know the full scale of attacks by state-sponsored Russian hackers, who are using routers connecting people’s homes and offices to the internet to spy on the information going through them, harvesting passwords, data and other information that could later be used in an attack.

Mr Martin said some efforts are directly targeting the British government and critical national services, such as the NHS, where the crippling impact of North Korea’s WannaCry attack showed the devastating potential of cyber warfare last year.

Other targets include internet service providers and the private sector, providing a “basic infrastructure” to launch future operations.

​GCHQ has been tracking Russian actors for more than 20 years but the threat has come to renewed global attention following global ransomware incidents, power outages in Ukraine and alleged interference in foreign elections.

American officials denied that Monday’s “pre-planned” warning was linked to any increase in malicious activity following air strikes against the Kremlin’s Syrian allies on Saturday.

Bombing targeting chemical weapons stores by the US, UK and France worsened tensions with Vladimir Putin’s government further following the Salisbury nerve agent attack, diplomatic expulsions and ongoing sanctions over the Ukrainian war.

Rob Joyce, special assistant to Donald Trump and the US National Security Council’s cyber security coordinator, said Russia was amassing a “tremendous weapon” but there was no specific intelligence on the targeting of elections.

“When we see malicious cyber activity, whether it be from the Kremlin or other malicious nation-state actors, we are going to push back and push back hard,” he added, detailing cyber defence, sanctions and prosecutions.

Mr Joyce said “all elements of national power” were being mounted against the threat, including counter-attacks and asymmetric warfare.

Security services warned that global connectivity provided by the “internet of things” relied upon in modern life was being exploited and issued advice on how civilians and businesses can protect their devices, as well as national defences.

They stressed that threats came from countries other than Russia, as well as criminals seeking to profit.

Switches, firewalls and Network Intrusion Detection System (NIDS) are also being exploited in what are known as “man-in-the-middle” attacks.

Security weaknesses combined with a “Russian government campaign to exploit these devices” threatens the UK and US’s safety, security, and economic well-being, the NCSC said.

The Kremlin has denied persistent accusations of malicious cyber activity but last year Mr Putin conceded that “patriotic” Russian hackers may be acting “in the fight against those who speak badly about Russia”.

Keir Giles, an expert in Russian information warfare at Chatham House, said the line between government, business and the criminal world was blurred.

“The bottom line is these attacks would not be coming from Russia without Russian state collusion – if they wanted to stop it they could,” he told The Independent.

Mr Giles said Russia’s attacks had become more blatant due to a lack of deterrents during Barack Obama’s administration.

“They have not cared for some time about being identified as the source of hostile activity,” he added.

“Russia is far less concerned about being a rogue state because they have no reputation to maintain, they are behaving more like North Korea than the European nation they once pretended or aspired to be.

“This is just another symptom of Russia believing it is in an advanced state of conflict in the West in every domain apart from overt military clashes.”

Ewan Lawson, a senior research fellow at the Royal United Services Institute for Defence and Security Studies (RUSI), said actors could be viewing browsing history, emails, messages or sending information elsewhere.

“The concern with the presence of someone on your network is are they simply there looking or as a preparatory measure for something more nefarious?” the former RAF officer added.

“Either is bad. We haven’t seen a lot of damaging attacks yet but I believe we’re going to. If they were on a transport network, for example, the potential is there to disrupt train services. You could get into the signalling network.”

Read the full alert and advice here.

A previous version of this article stated that “billions” of machines had been targeted, but the figure was changed to “millions” following clarification from the NCSC.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in