Security officials issue alert directly blaming Kremlin for assault as US warns Moscow it is pushing back hard
The cyberwar between the west and Russia has intensified after the UK and the US issued a joint alert accusing Moscow of mounting a “malicious” internet offensive that appeared to be aimed at espionage, stealing intellectual property and laying the foundation for an attack on infrastructure.
Senior security officials in the US and UK held a rare joint conference call to directly blame the Kremlin for targeting government institutions, private sector organisations and infrastructure, and internet providers supporting these sectors.
Rob Joyce, the White House cybersecurity coordinator, set about a range of actions the US could take such as fresh sanctions and indictments as well as retaliating with its own cyber-offensive abilities.” We are pushing back and we are pushing back hard ,” he said.
Joyce emphasizing the offensive could not be linked to Friday's raid on Syria. It was not reprisal for the US, UK and French attack as the US and UK had been investigating the cyber-offensive for months. Nor, he said, should the decision to make public the cyber-attack be seen as a response to events in Syria.
Joyce was were present at the bellow by representatives from the FBI, the US Department of Homeland Security and the UK's National Cyber Security Centre( NCSC ), which is part of the surveillance agency GCHQ.
The US and UK, in a joint statement, said the cyber-attack was aimed not just at the UK and US but globally.” Specifically, these cyber-exploits were directed at network infrastructure devices worldwide such as routers, switches, firewalls, network intrusion detection system ,” it said.
” Russian state-sponsored performers are utilizing compromised routers to conduct spoofing' man-in-the-middle' attacks to support espionage, extract intellectual property, preserve persistent access to victim networks and potentially lay a foundation for future offensive operations.
” The current state of US and UK network devices, coupled with a Russian government campaign to exploit these devices, threatens our respective safety, security, and economic wellbeing .”
The US has given the cyber activity alleged to be from Russia the name GRiZZLY STEP.
The US and UK had already been blamed Russia for cyber-attacks such as crippling attacks last year that generated interruption worldwide, including to the National Health Service, and for a cyber-intrusion into the US energy grid.
But they portrayed this as far more serious because of the potential to undermine infrastructure. Millions of machines had been targeted in a “sustained” campaign and the US and UK admitted they are continuing did not know the full extent to which the system had been compromised.
Previously the two nations have spoken only of attacks” originating from Russia”, with lines between Russian offenders and country activity being blurred, but they pinned blame on the Kremlin on this occasion.
The US and UK said they had” high confidence” that the Kremlin was behind the attack.
It is the first time they have issued joint advice to all sectors that might have been compromised, offering steps to to identify and neutralise potential problems relating to the attacks.
Ciaran Martin, the chief executive of the NCSC, which works closely with the surveillance agency GCHQ, said:” This is a very significant moment as we hold Russia to account .”
Howard Marshall, who works in the FBI's cyber-division and who was on the conference call, told:” We will bring every tool to bear against them in every corner of cyberspace .”
The decision of the US and UK governments to go public reflects a loss of patience with Moscow after a series of cyber-attacks and hackers allegedly originating from within Russia. It could also be born out of frustration over Russia's supposed interference in democratic elections in the US and Europe, its support for Syria's Bashar al-Assad and incidents such as the use of a nerve agent in Salisbury .
Both the US and UK, like Russia, have cyber-offensive abilities. The head of GCHQ, Jeremy Fleming, in his first public speech last week, described how such a capability was used to degraded Islamic State's ability to disseminate propaganda from its Syrian headquarters in Raqqa. It was the first time that UK has admitted to having employed its cyber-offensive capability.
Read more: www.theguardian.com