'We're at cyber war with Russia' says Britain's former chief spook

The West is in a state of cyber war with Russia – or at least that’s what it feels like for its intelligence agencies, says the former head of Britain’s cyber-spy headquarters GCHQ.

Russia, Iran, North Korea and others are increasing their cyber capability and testing new cyber weapons on physical and IT infrastructure around the world, said Robert Hannigan who was director-general of GCHQ from 2014 to 2017.

Cyberwar: the new challenge for the West.

Cyberwar: the new challenge for the West.

It is only a matter of time before they accidentally kill someone – and that’s going to put pressure on the West to respond, he warned.

There is also a new model of “franchising crime”, Hannigan told the InfoSecurity Europe conference in London on Thursday.

Over the last five to ten years intelligence agencies have seen the link between cybercrime and nation states grow significantly, he said.

“(We see) criminal groups being proxies of nation states and actively tasked and controlled by them,” he said. “That is a fairly new development. In some cases you can see nation state people sitting in the same room (as known cyber criminals). In some cases … people have been conducting state activity during the day and then doing crime at night.

Robert Hannigan, former director-general of GCHQ, gives a keynote speech at the Infosecurity Europe 2018 conference

Robert Hannigan, former director-general of GCHQ, gives a keynote speech at the Infosecurity Europe 2018 conference

“It’s a funny mixture of profit and increasingly of political intent.”

Russia’s investment in cyber espionage in the last 10 years is “paying off”, Hannigan said.

But the biggest change is in Russia’s intent.

“If you want to start taking risks and don’t mind being found out and feel like being destructive, that suddenly becomes very dangerous. I think that’s what’s changed … not just online but in other areas.

Russians hackers targeted Democrats during the 2016 election.

Russians hackers targeted Democrats during the 2016 election.

“It’s the decision to weaponise everything, from switching off domestic power in Ukraine to annoy the people of Ukraine for a few hours in the winter, through to hacks against elections in the US, Germany and France.

“The level of sophistication points to a real escalation.”

Intelligence agencies had found Russia “pre-positioning” in vulnerable networks but did not know why they were there.

One example was their widespread hacking of domestic internet routers.

“It may be a mistake, it may be an experiment,” Hannigan said. “Russia has been particularly keen on live-testing weapons in Syria, through to cyber-attacks.”

Russian hackers pretended to be Islamic State in a hacking attack on French media.

Russian hackers pretended to be Islamic State in a hacking attack on French media.

In May 2015 Russians disrupted the broadcasts of French television network TV5 Monde for three hours, and took over their social media accounts.

Then they deliberately withdrew and left a false trail to make people think it had been Islamic State hackers.

“It’s not clear why Russian actors wanted to do that,” said Hannigan. “It’s consistent with their doctrine of testing, but we still don’t fully understand.”

Hannigan said other countries were also on the radar of intelligence agencies in the UK and US.

North Korea has been behind several cyber attacks aimed at stealing foreign currency, which it desperately needs.

And Iran – though it has been quieter in recent years – has a sophisticated cyber capability that is connected to criminal actors.

“One of the concerns of the (Iran) nuclear deal falling apart, if it does, is that we would normally expect that (cyber espionage) activity to rise as a result,” Hannigan said.

He said the “risk of miscalculation is huge” in using cyber weapons.

“We haven’t seen anyone killed or seriously injured as a result of cyber attacks but if you start to tamper with industrial controls or health networks it feels it’s only a matter of time until somebody gets hurt and somebody is ultimately killed.”

Nations were getting more sophisticated and brazen, though at the moment the activity is “below the threshold of what we would see as a military attack”.

Asked if the UK was at cyber war with Russia, Hannigan replied “I think we probably are”.

“We’ve certainly been locked in a kind of cyber conflict with lots of people including Russia for quite a while. Certainly in agencies and the NCSC (a branch of GCHQ) that’s what it feels like.

“Whether you actually defined it as war is really a legal point… but it certainly feels like we’re already engaged in a conflict.”

In better news, Hannigan said terrorists were still “thousands of miles” from having the capability to perform a catastrophic, destructive cyber attack.

Though that could change because there is the “possibility that a sophisticated nation state will at some point sponsor terrorists and cyber-terrorism”, he said.

But the highest volume, by a long way, of malicious cyber activity was crime, Hannigan said.

The FBI and GCHQ have “done quite a lot of work” on cybercrime groups, who are “moving with a really impressive agility”.

They are using the latest tools, and even artificial intelligence, to find vulnerable companies, infiltrate their networks then “identify what’s monetisable”, with options including blackmail, credit card details or even interesting material about a celebrity.

They are also increasingly targeting high net worth individuals and family offices, which combine IT vulnerability with huge wealth.

But big corporations were targets too.

Hannigan said he had seen “a bank hacked through its own CCTV cameras”.

Source: Read Full Article