Russia targeting Internet hardware for espionage, U.S., U.K. say
Washington and London on Monday jointly accused the Russian government of maliciously targeting global Internet equipment for political and economic espionage.
The two governments said the Russian operations, which allegedly involve planting malware on Internet routers and other equipment, could also lay the foundation for future offensive cyberattacks.
A joint statement by the U.S. Department of Homeland Security, the FBI and the U.K.’s National Cyber Security Centre said the main targets include “government and private-sector organizations,” as well as providers of “critical infrastructure” and Internet service providers.
“Victims were identified through a coordinated series of actions between U.S. and international partners,” according to a companion technical alert issued by the U.S. Computer Emergency Response Team. Both nations have “high confidence” in the finding of Russian-sponsored cybermeddling, which the alert said has been reported by multiple sources since 2015.
On Tuesday, Russia denied the accusation from the U.S. and Britain, calling the claim unfounded and “feeble.”
“We don’t know what these accusations are based on,” Kremlin spokesman Dmitry Peskov told reporters. “Such accusations are typically thrown into the air and no one even bothers to offer any [proof] anymore.”
“We think such feeble accusations have lost all meaning,” Peskov added.
U.S. cybersecurity researcher Jake Williams said it was difficult for him to understand the motivation for Monday’s alert given that “the activity has been ongoing for some time.”
“Calling the Russians out on this hardly makes much sense unless there’s some other agenda (most likely political),” Williams, the president of Rendition Infosec, added via text message.
Routers direct data traffic across the Internet. The Computer Emergency Response Team said the compromised routers can be exploited for “man-in-the-middle” spoofing attacks, in which communications are intercepted by a seemingly trusted device that has actually been infiltrated by an attacker.
“The current state of U.S. network devices — coupled with a Russian government campaign to exploit these devices — threatens the safety, security, and economic well-being of the United States,” the alert stated.
The Computer Emergency Response Team urged affected companies, public sector organizations and people who use routers in home offices to take action to harden poorly secured devices. But its alert cited only one specific product: Cisco’s Smart Install software.
Separately, Alexander Nix, the former chief executive for data firm Cambridge Analytica, refused to testify before the U.K. Parliament’s media committee, citing an ongoing investigation by the information commissioner’s office into the company’s alleged misuse of data from millions of Facebook accounts in political campaigns.
Committee Chairman Damian Collins announced Nix’s decision.
Cambridge Analytica has said that none of the Facebook data it acquired from an academic researcher was used in Donald Trump’s presidential campaign. The company also says it did no paid or unpaid work on the campaign for the United Kingdom’s exit from the European Union. The company did not respond to requests for comment Tuesday.
Information for this article was contributed by Rod McGuirk of The Associated Press.