State agencies, companies, critical infrastructure managers and Internet service providers were targeted.
The world | 16.04.2018 at 22:34 • Updated 17.04.2018 at 11:17 | By Martin Untersinger
Between the United States, the UK and Russia, the tone does not stop ascend in cyberspace. On Monday, April 16, British and Americans accused Moscow of causing a huge wave of hardware attacks connected to the Internet. According to the US Department of Homeland Security (DHS), the FBI and the UK National Cyber Security Center (NCSC), hackers piloted and funded by the Russia have attacked millions of routers, network switches, and firewalls, and in some cases have taken control of them.
These materials have in common to be crucial pieces of any administrative network or business whose takeover allows, at a minimum, access to the data that pass through it, and in some cases more critical interrupt , of the edit or to prepare more sophisticated attacks.
“No exhaustive vision of the attack”
According to the US and UK authorities, state agencies, companies, critical infrastructure managers and suppliers of Internet access . Washington and London remained very vague about the number and exact nature of the victims. “We do not have an exhaustive vision of the scale of the attack,” acknowledged Jeanette Manfra , responsible for internal security at the Department of Homeland Security.
Assign the origin of a computer attack, a puzzle with infinite ramifications
The term “critical infrastructure” includes companies and administrations responsible for energy production, water distribution or telecommunications networks. More original, among the materials targeted and possibly compromised appear, according to the experts American and British, routers used by individuals, the equivalent in more summary of “boxes” common in French homes.
“The pirates could preposition themselves for more tense periods,” said in a conference call with several journalists Ciaran Martin , the head of the NCSC, a unit of the GCHQ, the powerful electronic intelligence service. Once infected, these network devices can be used ” for to spy , for to steal of intellectual property, for maintain in the networks of victims and for to build the foundations of future attacks “, said the NCSC in a statement, cited by Forbes .
No connection with the strikes in Syria , according to the White House
The specialized services of London and Washington say hunt down this offensive for a year, and alarming signals have been multiplying for several months. Why to choose this date to point finger at Moscow, two days after the strikes in Syria by the United States, the United Kingdom and the la France , firmly denounced by Russia?
Geographers and mathematicians shed light on cyberwar
Rob Joyce, who is responsible for cybersecurity at the White House, denied any link between the two events and did not focus on any technical clues that convinced his services of the direct involvement of the Kremlin. “When we see a cybermalveillante activity, whether it comes from the Kremlin or elsewhere, we reply,” did he declare to the journalists who interrogated him. “We hold Russia to account, it’s a very important moment” added Ciaran Martin.
The UK and US authorities decided to publish simultaneously a technical alert about the wave of piracy attributed to Moscow, an unpublished fact for an ongoing attack. Sign of the unprecedented nature of the operation, senior executives from both sides of the Atlantic having given a joint press conference shortly before the publication of their alerts.
Red lines in cyberspace
This joint statement is a sign of a growing will on both sides of the Atlantic draw red lines in the face of one of the most offensive countries on the Internet and more generally in the face of certain behaviors deemed dangerous in cyberspace. It is still necessary that the crossing of these lines is of consequence.
Just recently, the United States and its closest allies, including the United Kingdom, had already accused Russia of being behind NotPetya, a destructive virus that caused more than one billion euros in damage. The United States also directly accused Russia of being behind attacks aimed at compromising energy installations .
The charge is also the focus of the attack: it is not a high-level infiltration into highly secure government systems, but a vast campaign of control over devices (routers, switches …) poorly secured but essential for the proper functioning of internal networks of administrations and companies, including the most sensitive.
NotPetya virus: London, Washington and their close allies accuse Russia, which denies
According to US authorities, hackers have benefited from glaring security defects in these devices. ” [Their] state [of security] current situation, coupled with a Russian government campaign for exploit , threatens the security and economic health of the United States “, so writes the DHS in its alert .
Among the techniques employed by hackers, the hijacking of a Cisco tool, large network switch manufacturer. The security teams of the US telecommunications giant just alerted a few days ago on a weakness of some of their products, already citing the possible involvement of a state. DHS, as early as summer 2016 , sounded the alarm about a potential attack on network components.