Russia, China or….no one?
A report has outlined fears about the possible interference by nation-state hackers in the run-up to the Brexit vote. The concerns relate to register to vote outage, which took the voter registration website offline just hours before the deadline to register for the EU referendum closed.
The Commons Public Administration and Constitutional Affairs Committee (PACAC) said that MPs were concerned that the outage was no mere IT glitch and instead the work of foreign malicious actors, naming the cyber methods of Russia and China as a case in point.
The report comes at a time of great political tensions, in particular between the US and Russia. Developments in Syria have many thinking that we are on the cusp of war, while allegations of election interference has plagued new US President Trump and his government.
Russian hacking up to this point has been focused on its cold war rival, with attacks against The New York Times, the World Anti-Doping Agency, Hilary Clinton and the Democratic National Convention just a few of the organisations supposedly hacked by actors originating from Russia. Then of course, there are the allegations of Russian interference in the US Presidential Election, with Trump saying in a statement before the election:
“While Russia, China, other countries, outside groups and people are consistently trying to break through the cyber infrastructure of our governmental institutions, businesses and organizations including the Democrat National Committee, there was absolutely no effect on the outcome of the election including the fact that there was no tampering whatsoever with voting machines. There were attempts to hack the Republican National Committee, but the RNC had strong hacking defenses and the hackers were unsuccessful.”
It is worth noting at this point that hackers are adept at covering their tracks, with intelligence analyst Stephen Gates recently telling CBR that often when an attack appears to come from Russia, those hacks are often not being performed by Russians.
“Instead, hackers understand how to compromise computers in homes, schools, and businesses all over the world. Once they compromised a computer and are running it remotely, they use that computer instead of their own computer to launch an attack,” Gates said.
That being said, cybercrime is booming in Russia and many in the cyber security industry are confident of asserting that some high-profile attacks have been backed by Russian intelligence agencies. US Intelligence agencies said with ‘high confidence’ that Guccifer 2.0, the name of an individual or group who hacked the Democratic National Committee, was backed by the Russian government – despite statements from the Kremlin denying any involvement.
Security firms such as CrowdStrike, SecureWorks, and FireEye are among those who believe some of the attacks to be perpetrated by a group called APT28. It is speculated that this group, also reported under the names of Fancy Bear, Cosy Bear, Sofacy, and Pawn Storm, is Russian due to cyber activity and information operations that have been observed over a number of years.
“They compile malware samples with Russian language settings during working hours consistent with the time zone of Russia’s major cities. While we don’t have pictures of a building, personas to reveal, or a government agency to name, what we do have is evidence of longstanding, focused operations that indicate a government sponsor – specifically, a government based in Moscow,” said Jens Monrad, Principle Systems Engineer at FireEye.
With the UK such a strong ally of the US and a sizeable world power, it seems logical that the Russian government would have an interest in something as historic as Brexit. The UK government has been vocal in articulating the Russian cyber threat, with Defence Secretary Sir Michael Fallow recently warning of Russian hacking and its threat to British Democracy. Fallon warned of Russia ‘weaponising information’ in a bid to destabilise Western democracy and critical infrastructure, saying:
“There is the use of cyber weaponry to disrupt critical infrastructure and disable democratic machinery.”
Fallon may have also forewarned the possible foreign interference in key UK events like Brexit, pointing to European neighbour Germany and saying that the Head of the German BfV intelligence agency had warned that the Kremlin is “seeking to influence public opinion and decision-making processes” ahead of this year’s German elections.”
Fallon’s Russian fears were echoed by GCHQ in March, with Ciaran Martin, chief executive of GCHQ’s National Cyber Security Centre (NCSC) sending a letter to politicians offering advice on preventing breaches.
“This is not just about the network security of political parties’ own systems. Attacks against our democratic processes go beyond this and can include attacks on parliament, constituency offices, think tanks and pressure groups and individuals’ email accounts,” said the computer security chief.