Spy Chief: Russian hackers targeted UK infrastructure
The chief of the UK’s National Cyber Security Centre (NCSC) has confirmed attacks on infrastructure from Russian hackers.
Ciaran Martin, the founding chief executive of the NCSC, claims the Russians have been attempting ‘to undermine the international system’ and sow discord.
Speaking at the Times Tech Summit in London, Martin said: "I can't get into precise details of intelligence matter, but I can confirm that Russian interference, seen by the National Cyber Security Centre over the past year, has included attacks on the UK media, telecommunications and energy sectors."
The NCSC is a branch of the GCHQ (Government Communications Headquarters) who are respected for their intelligence expertise and make up part of the ‘Five Eyes’ alliance comprising of Australia, Canada, New Zealand, the United Kingdom, and the United States.
The agency warned it had spotted connections “from multiple UK IP addresses to infrastructure associated with advanced state-sponsored hostile threat actors, who are known to target the energy and manufacturing sectors.
“NCSC believes that due to the use of widespread targeting by the attacker, a number of industrial control system engineering and services organisations are likely to have been compromised.”
As we reported in September, a group with alleged Russian government links was also suspected to have compromised the US energy grid.
Influencing public opinion
Meanwhile, Prime Minister Theresa May accused Russia of meddling in elections and influencing public opinion with fake stories.
“I have a very simple message for Russia,” May said. “We know what you are doing. And you will not succeed. Because you underestimate the resilience of our democracies, the enduring attraction of free and open societies, and the commitment of western nations to the alliances that bind us.”
The allegations have been made amid ongoing investigations into Russia’s involvement in the US presidential elections. Facebook and Twitter have been suspending fake accounts on their services used for ads and posts aimed at causing division.
One such Twitter account, SouthLoneStar, was found to be part of the Internet Research Agency — a so-called ‘troll army’ based in St Petersburg. The account pretended to be a “proud TEXAN and AMERICAN patriot” who often tweeted support for Donald Trump. The account famously spread a picture of a Muslim woman following a terror attack in Westminster and accused her of ignoring the injured when in fact that was not the case.
The picture was spread by several media outlets leading the tweeter to share clippings of the coverage in the media of the successful disinformation campaign. Twitter discovered and closed the @SouthLoneStar account in the summer of 2017 but its Russian affiliation was only made public this month when Twitter handed Congress a list of accounts suspected to be run by the Internet Research Agency — a list around 2,700 strong.
It’s increasingly clear how much the threat has evolved from conventional warfare and that cybersecurity needs to be taken as serious as territorial defense.
Update 16/11: Just a day after posting this story, mythbusting website Bellingcat uncovered further evidence of Russia's use of Twitter to spread disinformation – this time originating from the official account of the Ministry of Defense.
The account posted a picture claiming to provide "irrefutable" evidence of US collusion with ISIS. Amusingly, it was a screenshot from an iPhone game.
"It's worth noting the Russians have literally and falsely accused the US of using fakes from video games, and now they've actually gone and done it themselves," says Eliot Higgins, founder of Bellingcat.
The image has since been deleted but not before it was shared and initially reported as fact by other Russian news sites, such as Sputnik.
What are your thoughts on the Russian hacking allegations? Let us know in the comments.