Yesterday the reports surfaced that the government is preparing for a Russia-backed cyberattack, with the intention of compromising embarrassing information about government officials. While preparations are supposedly being made to retaliate if need be, today the official word expands beyond trying to exploit politicians' personal information. According to a joint statement from the National Cyber Security Centre, FBI, and US Department of Homeland Security, Russian-backed hackers have actually been involved in a months-long campaign to compromise routers, switches and firewalls around the world.
The idea behind the attacks seems to be the chance to sneak a peak at the data passing through the network, letting Russia collect information on governments, businesses, private individuals, and so on. The BBC also notes that this could give them the chance to firewalls and other intrusion detection systems, preventing end-users from spotting malicious traffic and data before it reaches them.
According to the NCSC the main targets are internet service providers, companies responsible for critical infrastructure, government organisations, and big business, with the hacking itself taking advantage of basic flaws within network security. While we don't know which bodies have been affected by the hack, the joint report contains detailed information about how the attacks work, and the resulting signs that the networks and hardware have been compromised. With that in mind it also offers detailed advice on how to properly configure networks, and how to apply patches that address the weaknesses that could be targeted.
The Russian government will no doubt deny all of these claims, as it has done with other accusations levelled at it in recent weeks, but it's unlikely they'll manage to convince the security service of their innocence. Though that does assume the politicians will pay attention to the experts, since some of them (not naming names) prefer to ignore advice they don't like. What we can be sure of is that this story isn't going to be disappearing anytime soon, so expect to hear more in the very near future. [BBC News | Engadget]