Hunt: Kremlin is waging cyber war on world
BRITAIN has publicly accused Russia’s military intelligence service of carrying out a campaign of reckless and destabilising cyber-attacks across the world.
Foreign Secretary Jeremy Hunt said last night the Kremlin had been working in secret to wage indiscriminate and illegal cyber-attacks on democratic institutions and businesses.
In a damning charge sheet, the Government has firmly pinned the blame for a string of cyber-attacks on the GRU, the organisation also accused of poisoning double agent Sergei Skripal.
The Foreign Office said the National Cyber Security Centre had assessed with ‘high confidence’ that the GRU was ‘almost certainly’ responsible for multiple attacks which have cost economies millions of pounds.
It added: ‘Given the high confidence assessment and the broader context, the UK Government has made the judgment that the Russian government – the Kremlin – was responsible.’
Hacks included those on the governing body of the Democratic Party in the US, the World Anti-Doping Agency, metro systems and airports in Ukraine, Russia’s central bank and two Russian media outlets.
GRU agents are also accused of hacking a small UK-based TV station, accessing and stealing content from email accounts between July and August 2015.
State- sponsored Russian hackers have worked under codenames including Fancy Bear, Pawnstorm, Cyber-Caliphate, Tsar Team, Sandworm and Voodoo Bear to carry out the attacks.
Mr Hunt said: ‘These cyber-attacks serve no legitimate national security interest, instead impacting the ability of people around the world to go about their daily lives free from interference, and even their ability to enjoy sport.
‘The GRU’s actions are reckless and indiscriminate – they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens.
‘This pattern of behaviour demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences.
‘Our message is clear: together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.’
The Foreign Office added: ‘The National Cyber Security Centre has identified that a number of cyber actors widely known to have been conducting cyber-attacks around the world are, in fact, the GRU.
‘These attacks have been conducted in flagrant violation of international law, have affected citizens in a large number of countries, including Russia, and have cost national economies millions of pounds.
‘This campaign by the GRU shows that it is working in secret to undermine international law and international institutions.’ The latest attack used so-called ‘BadRabbit’ ransomware, which encrypts the contents of a computer and demands payment – in that case 0.05 bitcoins, or £213.
The attack caused disruption to Ukraine’s Kyiv metro and Odessa airport, as well as Russia’s central bank.
The ransomware also hit two privately owned Russian media outlets – St Petersburg-based Fontanka.ru and news agency Interfax, whose website was still down 24 hours after the attack in October last year.
Fontanka.ru has subsequently broken several stories on the Skripal case, including reporting that the two suspects had almost identical passport numbers.
The second attack by hackers, using the codename Fancy Bear, obtained confidential medical records for international athletes from the World Anti-Doping Agency (WADA) in August last year.
British cyclists Bradley Wiggins and Chris Froome were among those who had records released on their use of banned substances for legitimate medical reasons.
A third attack was made on the Democrat Party, which was targeted by Fancy Bear in 2016 when documents from its national committee were published online. A closeddoor briefing to senators reportedly saw the CIA declare it was ‘quite clear’ that electing Donald Trump was Russia’s goal.
The fourth attack was on an unnamed UK-based TV station between July and August 2015, when multiple email accounts were accessed and content stolen.