UK and USA Warn Russia Wants to Hack Your Broadband ISP Router

Another day, another security scare. A joint statement by the FBI, DHS and UK NCSC has warned that the Russian Government are now actively conducting “malicious cyber activity” with the aim of compromising network infrastructure devices such as switches, firewalls and even home broadband routers etc.

The “Technical Alert” – TA18-106A – includes further details and notes that the targets of this malicious cyber activity are “primarily government and private-sector organisations, critical infrastructure providers, and the Internet Service Providers (ISPs) supporting these sectors“.

The alert warns that network device vendors, ISPs, public sector organisations, private sector corporations and small-office/home-office (SOHO) customers are the main targets. Apparently Russian “state-sponsored actors” (no.. not bad movie actors) are using compromised routers to conduct “spoofing ‘man-in-the-middle’ attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations.”

The notice goes on to state that this activity has been reported to the U.S. and UK governments by “multiple sources“, including private and public-sector cyber security research organisations and allies.

Ciaran Martin, CEO of the UK National Cyber Security Centre, said:

“Russia is our most capable hostile adversary in cyberspace so tackling them is a major priority for the National Cyber Security Centre and our U.S. allies. This is the first time that in attributing a cyber attack to Russia the U.S. and the UK have, at the same time, issued joint advice to industry about how to manage the risks from the attack. It marks an important step in our fight back against state-sponsored aggression in cyberspace.

For over twenty years, GCHQ has been tracking the key Russian cyber attack groups and today’s joint UK-U.S. alert shows that the threat has not gone away. The UK government will continue to work with the U.S., other international allies and industry partners to expose Russia’s unacceptable cyber behaviour, so they are held accountable for their actions.

Many of the techniques used by Russia exploit basic weaknesses in network systems. The NCSC is leading the way globally to automate defences at scale to take away some of those basic attacks, thereby allowing us to focus on the most potent threats.”

In the language of Fear Uncertainty and Doubt (FUD) we should probably put this into some practical context because, as any experienced IT bod already knows, your computer and networking hardware will come under frequent attack from almost the moment you go online. Often this occurs without you even knowing about it, unless you closely monitor your network traffic.

Most of the time its automated botnets that are scanning global IP address ranges for known vulnerabilities to exploit and on other occasions you’ll simply be passing by an infected web page, clicking a bad email link or installing a dodgy app. As a general rule all of our connected devices are at a constant risk and this is the reason why we all (hopefully) have firewalls, anti-virus, encryption and should be keeping our systems up-to-date with security patches.

Put another way, individual residential home broadband ISP or mobile internet users are arguably at much greater risk from your common run-of-the-mill hacker types or virus infections. The Russian government is probably the least of your concerns and as always, regardless of who is trying to screw up your online day, the best protection is always a strong defence and up-to-date software/hardware.