Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
United Kingdom Government United States Politics

State-Sponsored Russian Hackers Actively Seeking To Hijack Essential Internet Hardware, US and UK Intelligence Agencies Say (bbc.com) 170

State-sponsored Russian hackers are actively seeking to hijack essential internet hardware, US and UK intelligence agencies say. BBC reports: The UK's National Cyber Security Centre (NCSC), the FBI and the US Department of Homeland Security issued a joint alert warning of a global campaign. The alert details methods used to take over essential network hardware. The attacks could be an attempt by Russia to gain a foothold for use in a future offensive, it said. "Russia is our most capable hostile adversary in cyber-space, so dealing with their attacks is a major priority for the National Cyber Security Centre and our US allies," said Ciaran Martin, head of the NCSC in a statement. The alert said attacks were aimed at routers and switches that directed traffic around the net. Compromised devices were used to look at data passing through them, so Russia could scoop up valuable intellectual property, business information and other intelligence.
This discussion has been archived. No new comments can be posted.

State-Sponsored Russian Hackers Actively Seeking To Hijack Essential Internet Hardware, US and UK Intelligence Agencies Say

Comments Filter:
  • by Anonymous Coward
    We need moose and squirrel to thwart them.
  • by Opportunist ( 166417 ) on Monday April 16, 2018 @12:03PM (#56446637)

    I mean, who enjoys competition in their core business?

    • by 0dugo0 ( 735093 )

      Yeah, don't you hate it when you root a box and it is already infested with a bunch of rootkits?

      • That one's easy, you just kick out the other rootkits and install your own.

        But what really makes me angry is when someone else is doing that with boxes I have already "set up".

  • What I say is... (Score:5, Insightful)

    by bagofbeans ( 567926 ) on Monday April 16, 2018 @12:09PM (#56446689)

    ...every country's spy agencies are trying to suborn every other country's switching gear.

    Are we back to the "exceptionalism" or "world police" nobnsense whereby it's ok ok if we do it to them, but not vice-versa, because we're the good guys? Every country's spy agencies think they're the good guys.

    • Dictionary: (Score:4, Funny)

      by bagofbeans ( 567926 ) on Monday April 16, 2018 @12:11PM (#56446701)

      'nobnsense" is rubbish stated by one of the elite :)

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      It's been going on since the days of the telegraph. It's only news right now because the media is trying to create some Trump - Russia connection.

      • Re:What I say is... (Score:4, Informative)

        by Holi ( 250190 ) on Monday April 16, 2018 @01:51PM (#56447335)
        No offense, but regardless if there were any unethical or illegal acts there has been a Trump/Russia connection for a lot longer then Trump has had political ambitions.
        • See people, this is why we can't have nice things. You clearly understood the meaning of the OP as meaning an illegal and illicit Trump - Russia connection but you chose to respond to the semantics instead of the core issue. How did you add anything to the conversation?
          • He took money from foreign citizens
            The illegal act is already proved.
            • by rtb61 ( 674572 )

              Trump owns a multinational commercial property development company, of course they took money from foreign citizens, what the fuck are you going on about. It even looks like the company he controls definitely did break laws, in Russia, by allowing Russians to launder money through Trumps developments to cheat on taxes from often illegal income. So how many Americans take money from foreigners, they should all be prosecuted, lined up against the wall and shot, every single airline, every single hotel (ohh ah

      • Given the sourcing for the Cohen payoffs, the media has proved the existence of the connection already
    • Even worse is that someone is *actually surprised* by this information.

    • by hey! ( 33014 )

      Yes, and if we only stopped talking about it they'd stop doing it.

    • by skids ( 119237 )

      I think the point here is that there is a recent surge. I know here we've seen a big uptick in Russia-sourced phishing attempts. Kinda weird actually. They'll phish a user's account then try to use it to phish more accounts (in a very clumsy manner that alerts everyone to the problem and helps us find out who else was phished) in what seems to be a self-perpetuating activity with no apparent end-goal. Not an efficient way to run things. I suspect performance metrics at work.

    • Comment removed based on user account deletion
      • This 'I'm a bad guy, but that's necessary to stop even worse people over there' is much the same rhetoric used by every side to justify behaviour that is otherwise unjustifiable.

        'Their' behaviour is never an excuse for one's own poor behaviour. There is no justification for being a 'bad guy'. The threat of something 'worse' is the excuse that tyrants use to oppress their people; that 'secret police' use to justify their excesses; for torturers to justify their barbarism.

        And yes, I realise that it makes thin

    • by pots ( 5047349 )
      Where are you going with this? You left off the bit where you give some kind of conclusion. Why did you bring this up?
      • We're not the good guys. Neither is Russia. At least they don't go around bullying other countries like we do. This World Police bullshit has got to stop. Our role as International Mob Enforcer means so much to the 25% of American children living in poverty even though their parents work full time for minimum wage. How about we cut back on bombing other countries, tell the Europeans to pay for their own defense, and spend our money on ourselves instead.
        • by pots ( 5047349 )

          At least they don't go around bullying other countries like we do.

          They most certainly do. I don't know if you've been living under a rock or something, but Russia annexed part of the Ukraine not too long ago and that conflict is still ongoing. Also, this very story is about "State-Sponsored Russian Hackers Actively Seeking To Hijack Essential Internet Hardware."

          I will grant your point that neither they nor we are "the good guys," but that seems like something of a non-sequitur. It isn't necessary for us to be good for their attack on us to be bad.

    • by Alwin Barni ( 5107629 ) on Monday April 16, 2018 @01:40PM (#56447295)
      Well, we do not assassinate our journalists for being critical of the government.
      • No, we just ban them from entering the country.
        • No, we just ban them from entering the country.

          Holy shit! 'Murricans are obviously the worst!

          • I was using the royal we. I mean Western Countries as a whole. In this specific example, I am talking about the UK.
        • by Anonymous Coward

          Every country reserves the right to ban people (foreigners) from entering. Even the Schengen countries can refuse visas to citizens of non-Schengen countries.

          Unless you're a citizen, or you have some valid travel document issued by Country A, that explicitly says you personally are allowed to enter Country A (and may, optionally, also specify a particular time and place at which this may happen), you should have no expectation of being allowed entry.

          What the Russian government does is different in several w

      • No, we just charge them under the espionage act.

        I'm not so sure Micheal Hasting's death was just an accident, either.

    • So we should ignore the threat because our government is likely doing the same thing?
    • "Back To"? It had never stopped. The Russian Spy system may had slowed down after the fall of Communism, but that was mostly because everything else in Russia was failing.

      It isn't because we are the good guys, it is because we are the toughest guys. The actions of a nation are the equivalent of 8 year old in a school yard. All the kids wants to play a different game, however the biggest kid makes the final choice what to play. Many will join the game. Some will go with the next biggest kid and play thei

      • "Back To"? It had never stopped. The Russian Spy system may had slowed down after the fall of Communism, but that was mostly because everything else in Russia was failing.

        It isn't because we are the good guys, it is because we are the toughest guys. The actions of a nation are the equivalent of 8 year old in a school yard. All the kids wants to play a different game, however the biggest kid makes the final choice what to play. Many will join the game. Some will go with the next biggest kid and play their game. Then you get few kids on the swing set pretending not to feel lonely. Now the two big kids, if they disagree or want to use their stuff, will find ways to get it. Be sneaky pretending to play the other game, then run off with the ball to play their game, then they would have a counter measure, or they will just outwardly fight each other.

        It isn't about right or wrong, it is just about asserting power over the others. And being part of the more powerful group.

        AKA "might is right". The opposing viewpoint is that it doesn't have to be. Humans have become more civilized over the millennia, and we could and probably will progress further. Some monkeys have done away with murder, it's not impossible. The key seems to be the entire group has to attack the aggressor.

      • Bullying only works when you can prevent the victim from leaving. Like the schoolyard. It also tends to fall apart quickly once someone breaks away and/or demonstrates that the bully isn't as unbeatable as people think.

        Syria might show that the US is no longer the superpower it once was, and with China starting to look like an alternative as a trading partner to the US, I expect that the ability for the US to compel countries to do as it bids is rapidly drawing to a close.

        It might be time for the US to star

    • nobnsense

      There's a Karl Pilkington joke in there somewhere.

  • by gmuslera ( 3436 ) on Monday April 16, 2018 @12:16PM (#56446743) Homepage Journal
    Somewhat we are missing half (or maybe far more than half) of the story, the part of "we do". Most people not even know that they don't know.
    • by skids ( 119237 )

      That's mentioned in TFA. What isn't... is an actual link to the technical warning. Go figure.

      • by skids ( 119237 )

        The Ars article [arstechnica.com] actually bothered to link the report.

        Funny all the "lock down this or that" advice didn't include the obvious "Don't let packets spoofed with your own source addresses come in you Internet pipe." Not that that's a watertight seal, given internal footholds, but... a glaring omission.

  • by account_deleted ( 4530225 ) on Monday April 16, 2018 @12:21PM (#56446771)
    Comment removed based on user account deletion
    • Re: (Score:2, Funny)

      by Anonymous Coward

      # iptables -I FORWARD -i nsatap001 -s ! fiveEyes -j alertMedia
      # iptables -I alertMedia -j LOG --log-prefix 'Evilhackers: '
      # iptables -I alertMedia -j DROP

    • by EvilSS ( 557649 )
      You can buy it cheap if you order it from China.
  • by Anonymous Coward

    Ok.

  • Comment removed (Score:5, Insightful)

    by account_deleted ( 4530225 ) on Monday April 16, 2018 @12:30PM (#56446827)
    Comment removed based on user account deletion
    • I know telling Putin that he would have "more flexibility" on lowering the USA defense, then giving Puttins friends a bunch of money. What was he thinking?
    • "Every country's spy agencies think they're the good guys."
    • If Putin had to hand to pick anyone to do a counterintelligence investigation on him (and I do mean anyone at all), he would pick someone whose last name is Mueller (and, no, I don't mean this Mueller... any Mueller). Putin built his entire political career on having an alter ego of a Russian spy embedded in Germany in 1945 [wikipedia.org]. The spy's arch-nemesis is an SS counter-intelligence general by the name of Heinrich Müller. No matter what Mueller's findings are in the end, the fact that he was the one handl

      • Comment removed based on user account deletion
        • Trump cares about upsetting Putin about as much as he cares about upsetting a doorman in one of his buildings. President Trump doesn't see any particular reason to raise hay with him except for those times when he is a problem.
        • Just so we are clear, Trump challenged Putin after Russia presented US with a military ultimatum. Russia declared Syria its protectorate and stated the policy that it would not only attempt to shoot any missiles fired at Syria, but also any launch sites. This was an ultimatum to back off from Syria. And Trump ordered a strike the next day. That's how much he cares about Putin.
    • Comey seemed keen to let the world know that Trump is concerned about the 'pee tape'. It could be that Trump is acting like Putin's his friend because he's being blackmailed. Putin certainly has the means, motive and form - likewise Trump. I expect if that is the case, then once it's been milked for all it's worth, it will be revealed, just for the chaos that will ensue.

      Strange times

  • by Lucas123 ( 935744 ) on Monday April 16, 2018 @12:34PM (#56446847) Homepage

    Amid all the snarky comments about how Russia's encroaching on the U.S. and U.K.'s state cyber hacking business, Russia does seem more dark and foreboding than anytime post Cold War- and Perestroika/Glasnost.

    It always seemed to me the U.S. and its NATO allies lost an enormous opportunity to reach out to Russia after the dissolution of the Soviet Union to help them economically and socially embrace the West's principals. It would have been to our mutual advantage. Instead, it felt like we wasted that opportunity gloating over the USSR's demise, and secretly cheering on the corruption that took hold.

    With Putin cemented in power, it feels like we've been transported back 30 years.

    • "economically and socially embrace the West's principals."

      What do you mean, they embraced oligarchy like we did...
      • Nah, Western elites prescribed shock therapy and neo-liberalism for Russia. Unsurprisigly, it resulted in a few mega-rich and mass poverty. Is it any wonder Russia turned away from our oh-so-great system? We didn't try to make friends with them, we tried to ruin them.
    • With Putin cemented in power, it feels like we've been transported back 30 years.

      I wonder how much of this is just Putin compensating for his own insecurities about being a little guy (seriously, what is he - like 5'2"?). I mean, they publicize photos of him riding horses without wearing a shirt; they like to talk about him shooting bears and whatnot, and now this overly aggressive state-sponsored hacking - it all seems like macho posturing.

      Shoot, dude, just buy some lifts and get over it!

    • by k6mfw ( 1182893 )

      It always seemed to me the U.S. and its NATO allies lost an enormous opportunity to reach out to Russia after the dissolution of the Soviet Union ...

      Unfortunately we expanded NATO (military alliance formed against USSR) all the way up to Russian borders. It is one thing to have former Warsaw Pact nations join the EU but NATO? This is how Putin stirred up nationalism and popularity by using examples of what happened to Russia/USSR when external forces expanded to their borders in 19th and 20th century. He continues this theme to keep himself in power (and also swallow up billions for his own personal gain). Lots of luck with current administration easing

    • But Russia is now more dark and foreboding than during the cold war. They think we're reckless warmongers and if there's war they'd better be prepared.So I wouldn't be surprised they're very active in cyberspace.
      The problem I have is that our secret services appear to be totally unconcerned about our interests and they'll deceive us all the time if it suits them.They're not working for us.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      The Russians are psychotically paranoid with good reason. Everything they try fails and costs them plenty as they grow increasingly desperate for any sort of validation. Hopefully they will implode before they resort to first use of nuclear weapons, but it anyone goes there, you can bet it will be them. And for some grandiosely stupid reason.

  • by Anonymous Coward

    You mean only Russia does that? US is not, China is not? Iran is not? Those morons in EU are not?

  • Between them, the Americans and Chinese design and manufacture pretty much most the world's digital network.

    Russians and all their hacking can't replace glaring disadvantage that they are, as a nation, basically a pilotfish getting dragged around by a shark they can only peripherally try to influence. Given such a disadvantage, their own IT security must be compromised eleventy billion interesting and critical ways I suspect.

  • Simple Solution (Score:5, Insightful)

    by darkain ( 749283 ) on Monday April 16, 2018 @12:47PM (#56446941) Homepage

    Write laws that prevent hardware manufacturers from putting security patches behind paid fees. In the enterprise space, this is far too common, under the guise of "service contracts" and is fucking ridiculous. Its just a way for large companies to milk more money from other large companies, and those smaller companies that cannot always afford to pay continual service contracts are the ones getting fucked over and exploited because of things like this. Seriously, it is sad that there is an actual community dedicated to pirating and distributing security patches from major enterprise hardware manufacturers.

    • by Pascoea ( 968200 )
      And how long would these companies legally be required to issue software patches for free?
      • And how long would these companies legally be required to issue software patches for free?

        It's possible you just don't understand the argument. Nobody is suggesting in the comment above that they be forced to issue software patches for free any longer than they normally would offer security patches. The argument is that they shouldn't be able to deny them just because someone isn't paying a service contract. These are security updates, their issuance is important to all of us. They need to roll the cost of the maintenance into the product, or they need to let someone more responsible have their

        • by Pascoea ( 968200 )

          It's possible you just don't understand the argument.

          No, I think I understand the argument, and I tend to agree with it. I'm just of the mind that this isn't something that should be solved legislatively.

          The argument is that they shouldn't be able to deny them just because someone isn't paying a service contract...They need to roll the cost of the maintenance into the product.

          So you and I are both understanding that there is a real cost associated with supporting security patches for these types of things. You think the government mandate it should be paid up front, I think it should be between the consumer and and company to decide.

          • by darkain ( 749283 )

            The other commenter is right. So long as a company is providing security patches, they should be free. Otherwise, this is no different than mafia practices, where people must pay in order to be protected. Instead of being physically threatened by a mafia, now it is handled legally by companies in order to ensure protection in the digital space. If a company produces a security related software patch for their product, ALL of their customers should be eligible for that patch regardless of service contract st

            • by Pascoea ( 968200 )

              they should be free

              You keep using that word, I do not think it means what you think it means. No company is going to sign on to do X years of free development.

              So you have one of 3 options:
              1) Nobody pays for it, companies stop patching their gear. (Not likely to happen)
              2) The consumers pay for the support, either up front (built in to the cost of the device) or as part of a service agreement. or
              3) The government (all of us) pay for it.

              The gov't can legislate all it wants to, but it boils down to the end question. Who

    • Write laws that prevent hardware manufacturers from putting security patches behind paid fees. In the enterprise space, this is far too common, under the guise of "service contracts" and is fucking ridiculous. Its just a way for large companies to milk more money from other large companies, and those smaller companies that cannot always afford to pay continual service contracts are the ones getting fucked over and exploited because of things like this.

      So, legislate that you get security updates forever, for free?

  • If only security had gotten more that a passing nod from the manufacturers of that equipment, we would not be having this problem.

  • Nearsighted (Score:3, Interesting)

    by thunderclees ( 4507405 ) on Monday April 16, 2018 @02:45PM (#56447765)

    "Russia is our most capable hostile adversary in cyber-space, so dealing with their attacks is a major priority for the National Cyber Security Centre and our US allies," said Ciaran Martin, head of the NCSC

    Ciaran seems to have forgotten the tens of thousands of US trained crackers in the PRC

  • ... that CERT never sends out TA's about United States state sponsored cyber actors?

    Hmmm...

  • If state "sponsored" efforts are getting detected during the "seeking" part they are not state sponsored.
    Governments have the skills to ensure they can get in, stay in and escape without detection.
    With the mission done.
    Some random code litter left for security researchers to ponder.
  • US and UK can tell us about compromising internet infrastructure routers. Thanks to Edward Snowden, we know they are experts in that field.

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...