How mega Russian cyber attack was thwarted
Publish date: 10 October 2018
Issue Number: 1753
Diary: Legalbrief eLaw
A Russian cyber-attack on the headquarters of the international chemical weapons watchdog was disrupted by Dutch military intelligence just weeks after the Salisbury novichok attack, Legalbrief reports. The revelation follows a surge in spying cases that have escalated the diplomatic war between the west and Russia. The Sandworm cybercrime unit of the Russian military intelligence agency (GRU) attempted to hack the UK Foreign Office in March and the Porton Down chemical weapons facility in April. The Guardian reports that Foreign Secretary Jeremy Hunt said Moscow could face further sanctions as a result of an astonishingly detailed evidence trail laid out in the Netherlands, the UK and the US. Four Russian intelligence officers, believed to have been part of a GRU ‘cleanup’ unit for earlier failed operations, travelled to The Hague on diplomatic passports in April after unsuccessfully launching a remote attack. At the time, the Organisation for the Prohibition of Chemical Weapons was investigating the attempted assassination of Sergei Skripal and his daughter Yulia in the UK, as well as a chemical weapons attack in Douma, Syria.
The Independent reports that the secret cyberwar has included the targeting of the US presidential elections which brought Donald Trump to power. The National Cyber Security Centre (NCSC) report follows a statement by Prime Minister Theresa May that Britain and allied countries will work together to expose the work of the GRU and the methods it uses. This new document has been put together by the NCSC, working with other UK and European intelligence agencies, and the NSA and FBI in the US. Although there were allegations of Russian culpability over many episodes of the organised hacking, investigations have shown that the GRU are the main perpetrators. Security officials say the trail shows that the organisation has become the Kremlin’s chosen clandestine weapon in pursuing its geopolitical goals. And the UK and Australian governments have accused Russian military intelligence of carrying out a worldwide campaign of ‘indiscriminate and reckless’ cyber attacks, including the hacking of the US Democratic National Committee in 2016. CNN reports that British Foreign Secretary Jeremy Hunt last week said said the GRU's actions are 'reckless and indiscriminate'. 'They try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens,’ Hunt said.
Separately, it has been revealed that a tiny hardware chip was inserted into servers used in top US companies – and even the CIA – giving China access to sensitive commercial and intelligence secrets. CNN reports that Russia and China, in different ways, are exploiting the Internet to distort the USA’s information economy, steal secrets and even disrupt operations and investigations. The report notes that Russia and China – although the latter tends to be far quieter and subtler – might be among the most prolific hackers. North Korea and numerous other nations have similar operations. The Telegraph reports that one of the world’s largest cybersecurity firms, Crowdstrike, said China was now ahead of Russia as the most prolific nation-state mounting attacks on firms, universities, government departments, think tanks and NGOs. Its analysis of thousands of cyberattacks in the first six months of this year revealed more than a third were targeted at technology firms, with a particular increase in attacks on biotechnology companies aimed at stealing their research secrets and intellectual property. Pharmaceutical, defence, mining and transport companies were also hit. It said cyber-hackers were using increasingly sophisticated techniques to breach Western defences by replicating established software to hack firms, hijacking a firm’s clients’ computers as a potential ‘Trojan Horse’ route into their target and using personalised ‘phishing’ e-mails to senior executives. However, this narrative leaves out the biggest and most aggressive plays in cyber warfare: the US and its close allies, including the UK, Canada, Australia and New Zealand (known as the Five Eyes alliance), plus Israel. After all, the most notorious cyberattack in history was the worm known as Stuxnet – an aggressive, self-spreading piece of code that, when installed on a system connected to Iranian nuclear centrifuges, would cause them to spin rapidly and erratically, until they exploded. That attack was allegedly made by the US and Israel.