Monday, February 13, 2017
Russian hackers pose increasing threat to UK's national security
A code associated with the
Russian hacking operation dubbed Grizzly Steppe by the Obama administration has
been detected within the system of a Vermont utility, according to U.S.
officials.
While the Russians did not actively use the code to
disrupt operations, according to officials who spoke on the condition of
anonymity to discuss a security matter, the discovery underscores the
vulnerabilities of the nation’s electrical grid. And it raises fears in the
U.S. government that Russian government hackers are actively trying to
penetrate the grid to carry out potential attacks.
The Cold War may be over, but cyber war
between Russia and the West is hotting up, per the Government’s new cyber-security chief.
Britain is increasingly being targeted by
Russian state-sponsored cyber-attacks, including attempts to steal top-secret
national security details and to intervene in the democratic process, claims
Ciaran Martin, who heads up GCHQ’s new National Cyber Security Centre (NCSC).
Mr Martin made his comments in an interview with The Sunday Times, warning
that Britain is being hit by 60 “significant” cyber-attacks each month, some of
which attempt to undermine the democratic process as well as national security.
Concern has been growing about the amount of so-called fake news coming from Russian
media outlets which is being a concerted disinformation campaign by the Kremlin to disrupt world
politics, including in the UK.
An attempt to disrupt the 2015 general election was thwarted by GCHQ in a cyber-attack
the security service said was the first of its kind.
“However, the level of sophistication is such that we keep very
vigilant and I expect that there will be a category 1 incident at some point in
the future.”
And he claimed that as well as trying to
uncover sensitive Government information, Russian and Chinese-sponsored hackers
were going for “soft targets” including charities and local councils for
personal data and universities for potentially lucrative research.
“We shouldn’t be defeatist about this — there’s plenty we
can do to strengthen defences at all levels.
“I want them to see the UK as the hardest
target (and they do) . . . and I want anyone who is hacking the UK to see us as
the hardest target.”
His comments come in the same week as it
was announced British schoolchildren are to be offered modules in cyber security
as part of the war against hacking.
Officials in government and the utility industry
regularly monitor the grid because it is highly computerized and any
disruptions can have disastrous implications for the country’s medical and
emergency services.
Burlington Electric said in
a statement that the company detected a malware code used in the Grizzly Steppe
operation in a laptop that was not connected to the organization’s grid
systems. The firm said it took immediate action to isolate the laptop and alert
federal authorities.
Friday night, Vermont Gov. Peter Shumlin (D) called on
federal officials “to conduct a full and complete investigation of this
incident and undertake remedies to ensure that this never happens again.”
“Vermonters and all
Americans should be both alarmed and outraged that one of the world’s leading
thugs, Vladimir Putin, has been attempting to hack our electric grid, which we
rely upon to support our quality-of-life, economy, health, and safety,” Shumlin
said in a statement. “This episode should highlight the urgent need for our
federal government to vigorously pursue and put an end to this sort of Russian
meddling.”
Sen. Patrick J. Leahy
(D-Vt.) said he was briefed on the attempts to penetrate the electric grid by
Vermont State Police on Friday evening. “This is beyond hackers having
electronic joy rides — this is now about trying to access utilities to
potentially manipulate the grid and shut it down in the middle of winter,”
Leahy said in a statement. “That is a direct threat to Vermont and we do not
take it lightly.”
Rep. Peter Welch (D-Vt.)
said the attack shows how rampant Russian hacking is. “It’s systemic,
relentless, predatory,” Welch said . “They will hack everywhere, even Vermont,
in pursuit of opportunities to disrupt our country. We must remain vigilant,
which is why I support President Obama’s sanctions against Russia and its
attacks on our country and what it stands for.”
American officials, including one senior administration
official, said they are not yet sure what the intentions of the Russians might
have been. The incursion may have been designed to disrupt the utility’s
operations or as a test to see whether they could penetrate a portion of the
grid.
Officials said that it is unclear when the code entered
the Vermont utility’s computer, and that an investigation will attempt to
determine the timing and nature of the intrusion, as well as whether other
utilities were similarly targeted.
Assuming that the
country was, indeed, responsible for the attack on our nation's democracy, the
answer to the above question should be simple to most Americans. Very, very
wrong indeed. Undermining the democratic rights of a sovereign nation in an
attempt to conduct cyber espionage is a very serious offense, not to mention
far below the standards of moral politics. But in accusing Russia for its
interference in the 2016 Presidential Election, we forget one key point,
Russia didn't hack the election, it hacked the voters. While that may sound
like a minor distinction to some, to others it makes a great deal of difference.
The
DHS and FBI also publicly posted information about the malware Thursday as part
of a joint analysis report,
saying that the Russian military and civilian services’ activity “is part of an
ongoing campaign of cyber-
enabled operations directed at the U.S. government and its citizens.”
enabled operations directed at the U.S. government and its citizens.”
Another senior administration official, who also spoke on
the condition of anonymity to discuss security matters, said in an email that
“by exposing Russian malware” in the joint analysis report, “the administration
sought to alert all network defenders in the United States and abroad to this
malicious activity to better secure their networks and defend against Russian
malicious cyber activity.”
According to the report by the FBI and DHS, the hackers
involved in the Russian operation used fraudulent emails that tricked their
recipients into revealing passwords.
Russian hackers, U.S. intelligence agencies say, earlier
obtained a raft of internal emails from the Democratic National Committee,
which were later released by WikiLeaks during this year’s presidential
campaign.
President-elect Donald Trump has repeatedly questioned
the veracity of U.S. intelligence pointing to Russia’s responsibility for hacks
in the run-up to the Nov. 8 election. He also has spoken highly of Russian
President Vladimir Putin, despite President Obama’s suggestion that the
approval for hacking came from the highest levels of the Kremlin.
Trump spokesman Sean Spicer said it would be “highly
inappropriate to comment” on the incident given the fact that Spicer has not
been briefed by federal authorities at this point.
Obama has been criticized by lawmakers from both parties
for not retaliating against Russia before the election. But officials said the
president was concerned that U.S. countermeasures could prompt a wider effort
by Moscow to disrupt the counting of votes on Election Day, potentially leading
to a wider conflict.
Officials said Obama also was concerned that taking
retaliatory action before the election would be perceived as an effort to help
the campaign of Democratic presidential nominee Hillary Clinton.
On Thursday, when Obama announced new economic measures
against Russia and the expulsion of 35 Russian officials from the United States
in retaliation for what he said was a deliberate attempt to interfere with the
election, Trump told reporters, “It’s time for our country to move on to bigger
and better things.”
Trump has agreed to meet with U.S. intelligence officials
next week to discuss allegations surrounding Russia’s online activity.
Russia has been accused in the past of launching a
cyberattack on Ukraine’s electrical grid, something it has denied.
Cybersecurity experts say a hack in December 2015 destabilized Kiev’s power
grid, causing a blackout in part of the Ukrainian capital. On Thursday,
Ukrainian President Petro Poroshenko accused Russia of waging a hacking war on
his country that has entailed 6,500 attacks against Ukrainian state
institutions over the past two months.
Since at least 2009, U.S. authorities have tracked
efforts by China, Russia and other countries to implant malicious software
inside computers used by U.S. utilities. It is unclear if the code used in
those earlier attacks was similar to what was found in the Vermont case. In
November 2014, for example, federal authorities reported that a Russian malware
known as BlackEnergy had been detected in the software controlling electric
turbines in the United States.
The Russian Embassy did not immediately respond to a
request for comment. Representatives for the Energy Department and DHS declined
to comment Friday.
"The DHS statement is a restatement of already
known public information, a series of technical indicators that are intended
for use by cybersecurity professionals in finding and remediating APT28 malware
on private sector networks, and some generic advice for companies as to how to
improve their network security," said Matt Tait, founder of the U.K.-based
security consultancy Capital Alpha Security.
APT28 refers to one of the hacking groups
affiliated with Russian intelligence believed to have infiltrated the DNC.
The U.S. report, known as a “Joint Analysis Report”
or JAR, refers to the Russian hacking campaign as “Grizzly Steppe.”
It comes as part of a slate of retaliatory measures against Russia
issued Thursday by the Obama administration in response to the hacks, and
expands on a joint statement issued by the two agencies in October, formally
attributing the attacks to Russia.
In the October statement, officials described the
the hacks and subsequent publication of stolen emails on WikiLeaks as an
attempt to “interfere” with the U.S. election that is “consistent with the
Russian-directed efforts,” but provided no evidence to support their
assessment.
President-elect Donald
Trump has denied that Russia was involved in the hacks, and
Obama has been under pressure to provide proof.
It's unclear whether Thursday's report will satisfy
critics. The administration is in the process of preparing a more detailed
classified review of Russian interference, to be delivered to Congress before
Trump takes office on Jan. 20.
"That this document doesn't engage with the
question of attribution seems, to me, to be quite deliberate," Tait noted.
"It's purpose is to act as a measure against Russia (by adding a U.S.
stamp of approval to private sector information, and making life harder for
APT28 by exposing some of their malware), not to persuade the public that the
DNC hack was by Russia."
Subscribe to:
Post Comments
(
Atom
)
No comments :
Post a Comment