April 17, 2018 at
This Monday the US has issued an alert that warned about a series of hacking attempts that targeted firewalls and routers. The affected devices ranged from home routers to network systems of large businesses. Experts fear more attacks might be planned.
Following the attack, the White House, the Department of Homeland Security, the FBI, as well as the UK National Cyber Security Centre have issued a joint warning, stating that they believe the attack to have originated from a group linked to the government of Russia, and that the mined data could result in the theft of intellectual property and espionage.
The majority of the devices were accessed by using default, factory-provided passwords.
Jeanette Manfra, an official of DHS, strongly condemned the attack, while Rob Joyce, cybersecurity coordinator, states that following such an activity, the US cybersecurity team feels compelled to ‘push back.’
Two sides of the coin
However, there’s an underlying ambiguity in the situation. The US government itself, especially the NSA and CIA, also perform similar actions with the purpose of espionage. The pieces of proof supporting this have been provided by the findings of cybersecurity researchers, as well as by classified leaks. Condemning Russia for actions that the US itself executes only serves to blur the lines that the United States intends to draw regarding the interference with elections and targeting civilian infrastructures.
Another instance of US espionage was disclosed by Kaspersky. The Russian security company revealed the Slingshot hacking campaign that targeted over a hundred routers (a large majority of them being MicroTik) with the purpose of espionage. It was later found out that the campaign was executed by the US Special Operations Command in order to monitor ISIS members through the routers of cafes in the Middle East and Africa.
A former member and hacker of the NSA, Jake Williams considers this type of attack (using the default router passwords) rather simplistic, saying that everybody could ‘hack’ this way. Williams further states that he considers the White House’s warning to be more of a political issue. This is also in line with the fact that the US–Russian relationship is strained due to the different instances regarding the Syrian war.
The cyberwarfare rages on
The latest attack is merely on more in Russia’s cyberwarfare spanning the past couple of years. In Ukraine, the repeated attacks eventually led to a blackout. Infamously, they also released classified documents of the Clinton campaign during the 2016 US presidential elections. They were also responsible for the large-scale NotPetya campaign that crippled company and civilian networks alike.
The Department of Homeland Security warns that, although the latest attack is not complex in nature, it could provide a gateway for future campaigns. Robert Lee, formerly an NSA analyst, also fears that there might be another attack, and states that the Monday alert alludes to this. Lee also draws attention to the fact that there have been similar attacks in the past months, including an offensive action targeting the Olympic Games at Pyeongchang.
The Monday alert issued by UK and US bodies seems to aim to strengthen the red lines. They acknowledge that the attack took place, and simultaneously warn Russia that they are keeping a close eye on the situation.