A little warning from the British and American governments today: Kremlin-funded spies might have found a way into your home office.
The U.K. and U.S. blamed Russian hackers for a campaign aimed at taking control of routers inside government, critical infrastructure and internet service providers, but also within small and home offices. The warning came in a joint announcement from British intelligence, the National Security Council (NSC), the DHS and the FBI on Monday. In a media briefing ahead of the announcement, Rob Joyce, special assistant to the president and cybersecurity coordinator at the National Security Council, said there was “high confidence” Russia was behind the attacks. The hacks were being tracked by British intelligence from a year ago, said Ciaran Martin, director of U.K.’s National Cyber Security Center, run out of intelligence agency GCHQ.
The joint technical alert said Russian state-sponsored hackers had attempted to breach network routers, switches, firewalls and network intrusion detection systems across the world. Those routers were compromised to carry out so-called “man-in-the-middle” attacks where data going between computers and internet servers is intercepted, the NCSC said. That was being done “to support espionage, extract intellectual property, maintain persistent access to victim networks and potentially lay a foundation for future offensive operations,” according to a statement from the NCSC.
Martin said the sustained targeting had continued for months and could have been used for espionage, the theft of intellectual property, or for “use in times of tension.” He said millions of machines were being targeted and many had been seized by hackers to get access to ISP customers, to spy on organizations and their connections. That included the U.K. government, he added.
Joyce said “we can’t rule out Russia may attempt to use this [hacked] infrastructure for further attacks.” Advice will be handed out to potentially affected entities today, marking the first time the U.K. and the U.S. has pushed out such recommendations together. “The actions you’re seeing today is one in a series of steps against this unacceptable activity,” Joyce added.
Jeanette Manfra, chief cybersecurity official for the DHS, said that amongst its techniques, the Russians had scanned for devices running vulnerable Cisco Smart Install software designed to make it easy to set up network equipment from the massive networking manufacturer. Cisco itself recently warned about attacks aimed at the product, warning they could put critical infrastructure at risk.
Whilst the agencies weren’t forthcoming with names of victims, they were open in pointing fingers at the Kremlin. Both the U.K. and U.S. governments have blamed Russia for other recent cyberattacks, including the NotPetya ransomware, which first spread in Ukraine before taking down global businesses, including shipping giants Maersk and FedEx. Just last week, in his first public speech as GCHQ director, Jeremy Fleming warned of “reckless” Russian activities in the real world after the poisoning of a former spy living in the U.K. and the nation’s “unacceptable” online behavior.
The U.S. had previously claimed Russia was responsible for the cyberattack on the Democratic National Committee (DNC) and for attempting to influence the 2016 election via digital means. The Kremlin has denied all the above allegations levelled at its government.
Increasing cyber tensions
As for what Russia could do with all those hacked routers, Professor Alan Woodward, a cybersecurity expert from the University of Surrey, raised concerns about the potential for “a significant attack infrastructure from which onward attacks could be mounted.”
“Imagine, for example, a massive distributed denial of service (DDoS) attack where the source of the attack was home routers – who would you blame? Now imagine a situation where you have already said we know certain routers have been compromised and could be at the behest of the Russians and then there was such an attack… plausible deniability become less plausible,” Woodward said.
Joyce said he hoped the efforts of all the governments involved in today’s announcement would be able to prevent such a future attack happening. In response to a question from Forbes, Joyce said that when a hacker controls a router and has access to parts of the internet backbone, “we worry about what they can be used for,” whether that’s a DDoS or other offensive cyberattacks.