FBI Warns of Russian Hacking Campaign
By Jon Sands, AGS Core Technologies
On Monday, the U.S. and U.K. issued a series of joint statements warning about an ongoing Russian cyber campaign. The attacks aim to support Russian intelligence amassing and even future offensive operations within the two nations. The hacking effort has been targeting network infrastructure devices like routers, as well as “critical infrastructure” providers and even internet service providers themselves. Russian hackers appear to be probing and attacking outdated routers and devices with impunity.
“Once you own the router, you own the traffic traversing the router,”
“Once you own the router, you own the traffic traversing the router,” chief Homeland Security cyber official Jeanette Manfra said. Manfra also categorized the cyber offensive as a “fairly broad campaign” that dates back to at least 2015.
Both nations cite Russia explicitly in the headline of their bulletins. It is important to note that Defense Officials have used the phrase “high confidence” to label their level of certainty. They believe the Russian government itself has been funding the effort.
FBI Deputy Assistant Director Howard Marshall also offered his assessment of the effort. Unlike other officials who treaded carefully. Marshall left no room for confusion in describing who he considers to be responsible for the hacking campaign.
“The activity highlighted today is part of a repeated pattern of disruptive and harmful malicious cyber action carried out by the Russian government,” he said.
“As long as this type of activity continues, the FBI will be there to investigate, identify and unmask the perpetrators, in this case, the Russian government. The joint Technical Alert released today underscores our commitment to working with our partners, both at home and abroad, to combat malicious cyber activity and hold those responsible accountable. We do not make this attribution lightly and will hold steadfast with our partners.”
Soon after the joint U.K./U.S. release, Australia issued its own statement supporting the claims of its allies and citing evidence of the same campaign within Australian borders.
“This attempt by Russia is a sharp reminder that Australian businesses and individuals are constantly targeted by malicious state and non-state actors, and we must maintain rigorous cyber security practices,” Minister for Law Enforcement and Cyber Security Angus Taylor said.
The FBI has “high confidence” that Russian state-sponsored agents are behind the scheme
The FBI has “high confidence” that Russian state-sponsored agents are behind the scheme, but declined to offer explicit evidence. Nevertheless, the hackers have been stealing intellectual property from victims and laying the foundation for potential future attacks.
British officials also told Reuters that “millions of machines” have so far been targeted. Routers used by businesses big and small, as well as consumer routers, were caught in the global spying operation.
“The current state of US network devices—coupled with a Russian government campaign to exploit these devices—threatens the safety, security, and economic well-being of the United States,” the alert warns.
Monday’s technical alert refrained from naming any specific router brands. The larger problem is how many of these devices are installed and forgotten. This leaves them unpatched and unprotected and vulnerable to attack.
By exploiting a vulnerable router, a hacker can monitor, change, or control the internet traffic that passes through. That makes them ideal targets for manipulation. The hackers have been using the attacks to collect login credentials and send victims to websites secretly under their control.
Both the US and UK issued the warning a month after the White House blamed Russia for attempting to hack the US’s critical infrastructure.
“The current state of US network devices—coupled with a Russian government campaign to exploit these devices—threatens the safety, security, and economic well-being of the United States,”
“We do not make this attribution lightly and will hold steadfast with our partners,” FBI deputy assistant director Howard Marshall said in a statement.
So far, Russia hasn’t responded, but the country has routinely denied sponsoring hacking attempts against the US.
Monday’s technical alert seeks to warn the entire industry, including manufacturers, to take steps to ward off the threat. US authorities are urging vendors and ISPs to move away from unencrypted technologies and to also better roll out security patches for their devices.
To protect yourself from this attack, there are simple steps you can take. First, change your Wi-Fi passwords (includes characters such as: @#$%. Second, consider the age of the equipment. If equipment is old or outdated, the original developer may not support the device. Third, if you are unsure of any of this, call your local technology provider. They can diagnose any weaknesses your system may present and recommend changes.
Jon Sands is the Business Development Executive for AGS CORE Technologies in Stuart, FL. AGS CORE Technologies is your trusted IT partner and cyber security experts on the Treasure Coast.
