Rus­sian hack­ers tar­geted UK me­dia and tele­coms firms, con­firms spy chief

The Guardian Australia - - Technology - Alex Hern

Rus­sian hack­ers at­tacked Bri­tish me­dia, tele­coms and en­ergy com­pa­nies over the last year, the head of the UK’s Na­tional Cy­ber Se­cu­rity Cen­tre has con­firmed for the first time.

Ciaran Martin, the found­ing chief ex­ec­u­tive of the NCSC, de­clined to pro­vide any fur­ther de­tails of the at­tacks.

“I can con­firm that Rus­sian in­ter­fer­ence, seen by the Na­tional Cy­ber Se­cu­rity Cen­tre over the past year, has in­cluded at­tacks on the UK me­dia, telecom­mu­ni­ca­tion and en­ergy sec­tors,” Martin said.

The NCSC, which is a branch of GCHQ charged with over­sight of Bri­tain’s cy­ber­se­cu­rity, was “ac­tively en­gag­ing with in­ter­na­tional part­ners, in­dus­try and civil so­ci­ety” to counter the threat, he said.

“Rus­sia is seek­ing to un­der­mine the in­ter­na­tional sys­tem. That much is clear. The PM made the point on Mon­day night – in­ter­na­tional or­der as we know it is in dan­ger of be­ing eroded.”

On Mon­day, Theresa May ac­cused Rus­sia of med­dling in elec­tions and plant­ing fake sto­ries in the me­dia in an at­tempt to sow dis­cord in the west.

“I have a very sim­ple mes­sage for Rus­sia,” May said. “We know what you are do­ing. And you will not suc­ceed. Be­cause you un­der­es­ti­mate the re­silience of our democ­ra­cies, the en­dur­ing at­trac­tion of free and open so­ci­eties, and the com­mit­ment of west­ern na­tions to the al­liances that bind us.”

An in­ves­ti­ga­tion by the Guardian re­vealed that more than 400 ac­counts from a list of 2,700, all named by Twit­ter as be­ing run by a no­to­ri­ous Rus­sian “troll agency”, had tweeted about Brexit in the run-up to and af­ter­math of the ref­er­en­dum.

One par­tic­u­lar ac­count man­aged to se­cure sub­stan­tial main­stream cov­er­age, stir­ring anger af­ter the ter­ror­ist at­tack on West­min­ster in March this year.

In July, a leaked NCSC memo sug­gested that the UK en­ergy sec­tor had been tar­geted and prob­a­bly com­pro­mised by “state-spon­sored ac­tors”, but de­clined to name a sus­pect na­tion.

The agency warned it had spot­ted con­nec­tions “from mul­ti­ple UK IP ad­dresses to in­fra­struc­ture as­so­ci­ated with ad­vanced state-spon­sored hos­tile threat ac­tors, who are known to tar­get the en­ergy and man­u­fac­tur­ing sec­tors.

“NCSC be­lieves that due to the use of wide­spread tar­get­ing by the at­tacker, a num­ber of in­dus­trial con­trol sys­tem en­gi­neer­ing and ser­vices or­gan­i­sa­tions are likely to have been com­pro­mised.”

A month ear­lier, in June, a cy­ber-at­tack on par­lia­ment breached dozens of email ac­counts be­long­ing to MPs and peers.

Moscow was thought to be a “likely” cul­prit be­hind the at­tack, which sim­ply at­tempted to guess the pass­words to par­lia­men­tary email ac­counts. But a se­cu­rity source told the Guardian at the time that “the na­ture of cy­ber-at­tacks means it is no­to­ri­ously dif­fi­cult to at­tribute an in­ci­dent to a spe­cific ac­tor”.

Ciaran Martin, chief ex­ec­u­tive of the NCSC: ‘In­ter­na­tional or­der as we know it is in dan­ger of be­ing eroded.’ Pho­to­graph: Ul­rich Baum­garten/Getty Images

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.