UK and US fight back against Russian ‘aggression’ in cyberspace

Unprecedented joint statement warns ‘malicious’ Kremlin activity threatens ‘our safety, security and economic well-being’.

Press Association
Last updated: 16 April 2018 - 7.40pm

Britain and the US have issued a formal alert about “malicious cyber activity” by Russia amid warnings that relations with Moscow have hit an all-time low.

The UK National Cyber Security Centre (NCSC) combined with the FBI and the US Department of Homeland Security to issue an unprecedented joint “technical alert” setting out the threat across the public and private sectors.

Officials said the move had been planned for “some time” and was not directly related to the US-led missiles strikes over the weekend on Russia’s ally Syria.

However NCSC chief executive Ciaran Martin said it was a “significant moment” in the fightback against Russian aggression in cyberspace while the White House vowed to use “all elements of national power” to combat the threat.

Ciaran Martin of the National Cyber Security Centre  (Dominic Lipinski/PA)
Ciaran Martin of the National Cyber Security Centre (Dominic Lipinski/PA)

It came as Russian foreign minister Sergey Lavrov warned East-West relations are now worse than during the Cold War following the Syria strikes and the bitter diplomatic row over the Salisbury nerve agent attack.

A joint UK-US statement said the state of US and UK network devices, coupled with a Russian government campaign to exploit these devices, “threatens our respective safety, security and economic well-being”.

In a joint briefing with US officials, Mr Martin said they had seen the “sustained targeting of multiple entities” over a series of months with millions of machines around the word being targeted.

Russian state-sponsored actors were said to be using “compromised routers” to conduct spoofing “man-in-the-middle” attacks to “support espionage… and potentially lay a foundation for future offensive operations”.

Mr Martin said: “They are around trying to seize control over connectivity so, in the case of targeting providers of internet services, it is about gaining access to their customers to try to gain control over the devices to allow them not just to spy on the primary organisation but the organisations they connect to.”

White House cyber security co-ordinator Rob Joyce said: “Once you own the router, you own all the traffic to include the ability to harvest credentials and passwords and essentially monitor all the traffic.

“It is a tremendous weapon in the hands of an adversary.”

While Mr Martin said most targeting of the UK had been aimed at government bodies and critical national infrastructure, US officials said everything “from large enterprises to small home offices” could be affected.

Mr Joyce said: “When we see malicious cyber activity, whether it be from the Kremlin or other nation state actors, we are going to push back.”

The joint statement said “multiple sources” – including private and public sector cyber security research organisations and allies – had reported such activity to the US and UK governments.

Mr Martin said: “This is the first time that in attributing a cyber attack to Russia the US and the UK have, at the same time, issued joint advice to industry about how to manage the risks from attacks.

“It marks an important step in our fightback against state-sponsored aggression in cyberspace.

“The UK Government will continue to work with the US, other international allies and industry partners to expose Russia’s unacceptable cyber behaviour, so they are held accountable for their actions.”