U.S. And U.K. Warn Of Russian Router-Hacking Campaign

U.S. And U.K. Warn Of Russian Router-Hacking Campaign

The world has been bracing for the repercussions of the West ’s coordinated strike on Syria last week.

Even when a retaliatory attack on Syria was still in the theoretical stage, it was adamantly clear that any strike by Western allies on Syria in response to Douma was going to be, for many intents and purposes, an attack on Russia. Donald Trump made this most explicit when he carelessly (surprise) made another major policy statement through Twitter, warning Russia that American missiles are coming “nice, and new, and smart.”

While none of the ordinances launched last week came close to any Russian installations in Syria, everyone understands that the attack was not taken lightly by the Kremlin. The offense at the bombing of its Syrian ally was further compounded by the fact that it took place as U.S. sanctions continue to wreak havoc on Russian firms and markets.

The rhetoric of Russian diplomats and leaders has been low-key, and a military response will almost certainly not happen. There are clear signs however that the Kremlin is planning more covert retaliatory options in the digital sphere.

The first reports of possible Russian targeting in the cybersphere came earlier this week when British Foreign Secretary Boris Johnson told media sources that the U.K. must "take every possible precaution" against potential Russian counter-measures. When asked about the possibility of Russia launching cyber-attacks on the National Health Service or electricity grid, Johnson responded: "when you look at what Russia has done, not just in this country, attacks on TV stations, on the democratic processes, on critical national infrastructure--of course we have to be very, very cautious indeed." Dovetailing Johnson’s statement, the U.K.'s National Cyber Security Center (NCSC) an arm of the signals intelligence agency GCHQ, also released a warning the same day that the threat of a cyber-attack against Britain is now "at its highest possible level."

The NCSC’s warning didn’t come by itself. In an unprecedented jointly issued statement, the U.S. Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), and the British GCHQ warned that Russian government-backed hackers have been carrying out a widespread campaign to uncover vulnerabilities of millions of public and private users in both the U.K. and the U.S. The method used by the cybercriminals has been to breach systems via internet routers with weak passwords. Hackers took advantage of the fact that routers often remain in their default settings after setup, which usually have extremely weak access codes. The alert urges network device vendors, ISPs, public sector organizations and private corporations of all sizes to read it and act on the recommended mitigation strategies, something that private users should probably consider doing as well.

Reports by the above agencies indicate that the purpose of this campaign has been two-fold. First, to simply access valuable intellectual property which can then either be utilized or leaked publically. The second goal seems to be to gain control of as many internet-connected devices as possible and to harness their computing collective computing power for future attacks. One way in which this compromised network of devices could be deployed is the breaking of more secure authentication methods like complex, lengthy passwords. Another could be assembling a “bot army” to execute a distributed denial of service attack, in which numerous requests are sent to a site simultaneously, overwhelming the system and rendering it disabled.

Whatever its plans are exactly, it seems that Russia may have achieved some important leverage for itself, especially when it comes to Syria. As the U.S. has made its intentions of maintaining a presence in the country for the foreseeable future, the threat presented by exposed digital infrastructure may be an important factor in any big strategic decisions.