Russia steps up hacking, spurring U.S.-U.K. warning on risk
(Bloomberg) -- Russia is using compromised computer-network equipment to attack U.S. and British companies and government agencies, the two countries warned in an unprecedented joint alert.
The warning on Monday came from the U.S. Department of Homeland Security and Federal Bureau of Investigation and Britain’s National Cyber Security Center. It included advice to companies about how to protect themselves and warned specifically of attacks on routers, the devices that channel data around a network.
“Russian state-sponsored actors are using compromised routers to conduct spoofing ‘man-in-the-middle’ attacks to support espionage, extract intellectual property, maintain persistent access to victim networks and potentially lay a foundation for future offensive operations,” according to a joint statement. “Multiple sources including private and public-sector cybersecurity research organizations and allies have reported this activity to the U.S. and U.K. governments.”
The main advice offered Monday for individuals and companies: Make sure that your router software is up-to-date and its password is secure.
“Once you own the router, you own the traffic,” Jeanette Manfra, assistant secretary at the Department of Homeland Security, told reporters on a joint conference call.
U.S. and U.K. relations with Vladimir Putin’s administration are at a low point, following the alleged use of nerve agent to poison a former double agent in Britain in March and the U.S.-led bombing of Syria over the weekend after the Russian ally’s alleged use of chemical weapons on civilians. Britain’s GCHQ intelligence agency had already warned that Russia was using its cyber capabilities to target democracies.
The Kremlin has repeatedly denied using cyber weapons, but Putin last year did suggest that “patriotically minded hackers” could have been behind attacks against Russia’s rivals. Alexander Lyamin, head of Qrator Labs, a Moscow cybersecurity firm, said the vulnerability the U.S. and U.K. identified was first discovered last year and used against Russia and Iran earlier this month. “It’s not clear why this is being attributed to Russian hackers,” he said, noting that the U.S. was especially vulnerable because of the popularity of the vulnerable routers there.
The Pentagon has said Russian “trolling” activity increased 2,000 percent after the Syria strike. Still, all the agencies in Monday’s advisory said their new warning wasn’t related to such recent events. Nor have they found that the attacks on network equipment were being used to target U.S. election systems ahead of congressional elections in November.
“Russia is our most capable hostile adversary in cyberspace,” Ciaran Martin, chief executive officer of Britain’s NCSC, told reporters on a joint conference call. “Many of the techniques used by Russia exploit basic weaknesses in network systems. The Russian cyberattack capability is a global problem.”
While the officials were reluctant to give precise details of the threat, they said once a router had been hacked, it could be used not simply to capture data traveling through it, but also to carry out attacks on other computers, potentially overwhelming the Internet’s communications infrastructure.
“It’s a tremendous weapon in the hands of an adversary,” Howard Marshall, a deputy assistant director of the FBI, said.
Such attacks, where computers are bombarded with requests from other computers that have already been hacked until they crash, are a well-known weapon in cyberwarfare. It is possible that Britain, at least, has even used them: Last week it revealed that it had carried out cyberattacks to disrupt Islamic State’s communications and propaganda effort.
--With assistance from Stepan Kravchenko