Zerophoto - Fotolia

Russia Report reveals long-running cyber warfare campaign against UK

Russia has been hacking the UK for years and the British government has also known about it for years, according to the Intelligence and Security Committee’s report

Russia is a malicious and “highly capable” threat actor that employs organised cyber criminal gangs to supplement its own skills and carries out malicious cyber activity on a global scale to assert itself aggressively, and interfere in the affairs of other countries.

It poses an immediate threat to the national security of the UK, and the intelligence community is failing to properly coordinate its response.

This is the judgment of the Intelligence and Security Committee (ISC), which under new leadership published the long-awaited Russia report on 21 July 2020, which despite having been ready for publication for months, has been repeatedly suppressed by Boris Johnson’s Conservative government.

The report reveals how Russia has conducted malicious cyber activity to influence democratic elections and undertake pre-positioning activity on critical national infrastructure (CNI) – in the course of giving evidence, the National Cyber Security Centre (NCSC) revealed there was Russian cyber intrusion into the UK’s CNI, although which sectors have been targeted is redacted.

It shows how Russian GRU intelligence agents conducted orchestrated phishing attacks on the UK government, in particular against the Foreign and Commonwealth Office (FCO) and the Defence Science and Technology Laboratory (DTSL) during the investigation into the Salisbury biological terror attacks.

The report also sheds light on how Russia has employed organised cyber criminal gangs, which MI6 has assessed “comes to the very muddy nexus between business and corruption and state power in Russia”. In the course of giving evidence, GCHQ told the committee there was a “considerable balance” of intelligence that shows links between serious and organised crime and Russian state activity, and described this as something of a symbiotic relationship.

Moreover, the report confirms that the UK government has known about the extent of Russian cyber activity in the UK for years, but has been too reluctant to point the finger at Moscow.

“Russia’s promotion of disinformation and attempts at political influence overseas – whether through the use of social media, hack and leak operations, or its state-owned traditional media – have been widely reported… The UK is clearly a target and must equip itself to counter such efforts,” said the committee in a lengthy press statement.

However, said the committee, the inquiry found it hard to establish who was responsible for defending the UK’s democratic processes against cyber attacks, branding it “something of a hot potato”. While it conceded there was naturally nervousness around any suggestion that the intelligence services might be inclined to get involved in the nitty-gritty of the democratic process, this did not apply when it came to protecting such processes. It questioned in particular whether DCMS and the Electoral Commission were really up to the job of tackling a major hostile state threat.

“Democracy is intrinsic to our country’s success and well-being. Protecting it must be a ministerial priority, with the Office for Security and Counter-Terrorism taking the policy lead and the operational role sitting with MI5,” said the committee.

The committee also blasted digital and social media platforms for failing to step up and take some responsibility. “The government must establish a protocol with these companies to ensure that they take covert hostile state use of their platforms seriously, with agreed deadlines within which such material will be removed, and government should ‘name and shame’ those which fail to act,” it said.

“We do however welcome the government’s increasingly assertive approach when it comes to identifying, and laying blame on, the perpetrators of cyber attacks, and the UK should encourage other countries to adopt a similar approach to ‘naming and shaming’.

“The same is true in relation to an international doctrine on the use of offensive cyber: this is now essential and the UK – as a leading proponent of the rules-based international order – should be promoting and shaping rules of engagement, working with our allies,” it added.

Ray Walsh, digital privacy advocate at ProPrivacy, said: “The Russia report finally published today by the UK government confirms what cyber security experts have been calling attention to for many years – that the Russian government and its state-employed hackers are engaging in active cyber warfare against the West, which includes phishing attempts against government agencies, the deployment of covert exploits designed to steal top-secret information, and activities designed to influence the democratic elections of other nations.

“Perhaps most damningly for the UK government is that the report reveals that the UK has been aware of Russia's ongoing cyber warfare for around four whole years. Back in 2016, the committee recommended that the UK government should leverage its diplomatic relationships to openly begin assigning blame to Russian cyber attacks and to gain support from the international community in finding ways to retaliate against or prevent those malicious practices.”

Walsh said the acknowledgement that Russia had been attempting to influence elections and the action of the UK government in suppressing the report for nine months may well cause people to question the legitimacy of the results of UK elections held in the past few years, including the Brexit referendum of June 2016.

“Cyber security firms have been detailing the nefarious activities and attack vectors of Russian state-sponsored hackers such as Fancy Bear, APT28, Pawn Storm, Sofacy, Sednit, Tsar Team, and Strontium for many years, but this is the first time that the UK government has formally acknowledged that those malicious state-sponsored actors have been directing their efforts directly at UK elections and government agencies,” said Walsh.

“Now that the UK has attributed blame, it will be interesting to see how exactly the government proceeds and what it can do to prevent those activities and produce actual changes in light of the findings,” he said.

Read more about cyber warfare

  • The future of cyber warfare places enterprise security and survivability in the crosshairs. Learn more about cyber warfare threats and capabilities and how infosec can prepare.
  • A retired US Navy cryptologist implores enterprises to build key cyber warfare laws into their infosec strategy to improve survivability on the digital battleground in his new book.
  • On a cold afternoon in Finland, F-Secure’s Mikko Hypponen discusses cyber weapons and nation state threats, and explains why arms limitations treaties might one day expand to include malware and other threats.

Read more on Hackers and cybercrime prevention

Data Center
Data Management