Bloomberg
Russia is using compromised computer-network equipment to attack US and British companies and government agencies, the two countries warned in an unprecedented joint alert.
The warning came from the US Department of Homeland Security and Federal Bureau of Investigation and Britain’s National Cyber Security Center. It included advice to companies about how to protect themselves and warned specifically of attacks on routers, the devices that channel data around a network.
“Russian state-sponsored actors are using compromised routers to conduct spoofing ‘man-in-the-middle’ attacks to support espionage, extract intellectual property, maintain persistent access to victim networks and potentially lay a foundation for future offensive operations,†according to a joint statement. “Multiple sources including private and public-sector cybersecurity research organisations and allies have reported this activity to the US and UK governments.â€
The main advice offered for individuals and companies: Make sure that your router software is up-to-date and its password is secure.
“Once you own the router, you own the traffic,†Jeanette Manfra, assistant secretary at the Department of Homeland Security, told reporters on a joint conference call.
US and UK relations with Vladimir Putin’s administration are at a low point, following the alleged use of nerve agent to poison a former double agent in Britain in March and the US-led bombing of Syria over the weekend after the Russian ally’s alleged use of chemical weapons on civilians. Britain’s GCHQ intelligence agency had already warned that Russia was using its cyber capabilities to target democracies.
The Kremlin has repeatedly denied using cyber weapons, but Putin did suggest that “patriotically minded hackers†could have been behind attacks against Russia’s rivals. Alexander Lyamin, head of Qrator Labs, a Moscow cybersecurity firm, said the vulnerability the US and UK identified was first discovered last year and used against Russia and Iran earlier this month. “It’s not clear why this is being attributed to Russian hackers,†he said, noting that the US was especially vulnerable because of the popularity of the vulnerable routers there.
The Pentagon has said Russian “trolling†activity increased 2,000 percent after the Syria strike. Still, all the agencies in Monday’s advisory said their new warning wasn’t related to such recent events. Nor have they found that the attacks on network equipment were being used to target US election systems ahead of congressional elections in November.
“Russia is our most capable hostile adversary in cyberspace,†Ciaran Martin, chief executive officer of Britain’s NCSC, told.
“Many of the techniques used by Russia exploit basic weaknesses in network systems. The Russian cyberattack capability is a global problem.â€
While the officials were reluctant to give precise details of the threat, they said once a router had been hacked, it could be used not simply to capture data traveling through it, but also to carry out attacks on other computers.