UK, Australia blame Russian military for cyber attacks

The headquarters of the Russian Main Intelligence Department (GRU) in Moscow, which has been accused of various high-profile hacking attacks (AFP pic)

LONDON: Britain and Australia on Thursday blamed Russia’s military intelligence service for some of the biggest cyber attacks of recent years — including one on the Democratic National Committee during the 2016 US presidential campaign.

They said the GRU military intelligence service could have only been conducting operations of such scale on Kremlin orders.

Russian President Vladimir Putin has repeatedly and angrily rejected similar charges.

He told US President Donald Trump during a July summit in Helsinki that talk of Russia meddling in the 2016 election was “nonsense”.

But Britain’s National Cyber Security Centre (NCSC) and the Australian government pointed the blame directly at alleged GRU front operations such as Fancy Bear and APT 28.

The announcement could further strain relations between Russia and Britain that began to deteriorate with the 2006 assassination with polonium in London of former Russian spy Alexander Litvinenko.

“This is not the actions of a great power, this is the actions of a pariah state,” British Defence Secretary Gavin Williamson said during a visit to Brussels.

“We’ll continue working with allies to isolate, make them understand they cannot continue to conduct themselves in such a way.”

The Australian government added that Russia’s actions violated its international commitments to “responsible state behaviour” in cyberspace.

“Cyberspace is not the Wild West,” Prime Minister Scott Morrison and Foreign Minister Marise Payne said in a joint statement.

Airports and tennis stars

Russia is not the only nation accused of conducting aggressive cyber operations in recent years.

The United States blames North Korea for hacking Sony in 2014 and launching the WannaCry ransomware attack last year.

US security researchers said on Wednesday that an elite group of North Korean hackers was also the source of attacks on world banks that netted “hundreds of millions” of dollars.

But British government sources said the NCSC has assessed with “high confidence” that the GRU was “almost certainly” behind the DNC hack that some Hillary Clinton supporters helped tip the US election in Trump’s favour.

Batches of DNC emails were later published by WikiLeaks. Special Counsel Robert Mueller is investigating whether their release was coordinated with the Trump campaign.

Mueller in July indicted 12 Russian GRU officers in connection with the DNC attack.

The independent findings by Britain and Australia may help Mueller fend off some of the accusations of political bias in his probe.

British sources said the GRU was also behind BadRabbit ransomware that caused disruptions on the Kiev metro and at an international airport in the Ukrainian port of Odessa last October.

The same attack affected Russia’s Interfax news agency and the popular news site.

British sources said the third strike resulted in the release of the medical files of global sports stars in August 2017.

They included tennis’s Serena and Venus Williams and Britain’s Tour de France winning cyclists Chris Froome and Bradley Wiggins.

The World Anti-Doping Agency (WADA) thinks the files’ release resulted from a data hack of its Doping Administration and Management system.

Russia was arguing at the time that its athletes were being unfairly targeted by anti-doping inspectors.

The fourth attack identified by the NCSC accessed multiple accounts belonging to a small UK-based TV station.

Some opposition Russian-language channels operate out of London.

Blurring war and peace

British government sources identified 12 fronts the GRU allegedly uses to conduct its operations in cyberspace.

APT 28 and Fancy Bear have already been identified by the Mueller probe.

The other names on the list include Cyber Berkut — long suspected of targeting Ukraine — as well as less-known groups such as Sednit and BlackEnergy Actors.

Researchers at the Royal United Services Institute (RUSI) in London said Russia often conducts cyber attacks to simply show it is capable of disrupting the networks of a potential enemy.

“The GRU’s activities go well beyond this traditional peacetime espionage role,” said RUSI Professor Malcolm Chalmers.

“By launching disruptive operations that threaten life in target societies, they blur the line between war and peace.”