Russian hackers are targeting millions of devices around the world to spy, steal information and build networks for potentially devastating future cyberattacks, the US and UK have revealed.
The first ever joint “technical alert” from the two countries urged members of the public and businesses to help combat vulnerabilities with basic security precautions.
Ciaran Martin, chief executive of the National Cyber Security Centre (NCSC) – an arm of British intelligence agency GCHQ – said Russia was its “most capable hostile adversary in cyberspace”.
In a call with The Independent and other outlets, he said all attacks uncovered by American security services had directly affected the UK, including intrusion into the energy sector.
“This is sustained targeting of multiple entities over months that we believe the Russian state to be behind,” Mr Martin added.
“The purpose of these attacks could be espionage, the theft of intellectual property and they could be positioned for use in times of tension.
“There are millions of machines being globally targeted, trying to seize control over connectivity.”
The total is believed to include tens of thousands of home devices in the UK alone, which could be used “at scale” for wider operations.
Security services admitted they do not know the full scale of attacks by state-sponsored Russian hackers, who are using routers connecting people’s homes and offices to the internet to spy on the information going through them, harvesting passwords, data and other information that could later be used in an attack.
Mr Martin said some efforts are directly targeting the British government and critical national services, such as the NHS, where the crippling impact of North Korea’s WannaCry attack showed the devastating potential of cyber warfare last year.
Other targets include internet service providers and the private sector, providing a “basic infrastructure” to launch future operations.
GCHQ has been tracking Russian actors for more than 20 years but the threat has come to renewed global attention following global ransomware incidents, power outages in Ukraine and alleged interference in foreign elections.
American officials denied that Monday’s “pre-planned” warning was linked to any increase in malicious activity following air strikes against the Kremlin’s Syrian allies on Saturday.
Bombing targeting chemical weapons stores by the US, UK and France worsened tensions with Vladimir Putin’s government further following the Salisbury nerve agent attack, diplomatic expulsions and ongoing sanctions over the Ukrainian war.
Rob Joyce, special assistant to Donald Trump and the US National Security Council’s cyber security coordinator, said Russia was amassing a “tremendous weapon” but there was no specific intelligence on the targeting of elections.
“When we see malicious cyber activity, whether it be from the Kremlin or other malicious nation-state actors, we are going to push back and push back hard,” he added, detailing cyber defence, sanctions and prosecutions.
Mr Joyce said “all elements of national power” were being mounted against the threat, including counter-attacks and asymmetric warfare.
Security services warned that global connectivity provided by the “internet of things” relied upon in modern life was being exploited and issued advice on how civilians and businesses can protect their devices, as well as national defences.
They stressed that threats came from countries other than Russia, as well as criminals seeking to profit.
Switches, firewalls and Network Intrusion Detection System (NIDS) are also being exploited in what are known as “man-in-the-middle” attacks.
Security weaknesses combined with a “Russian government campaign to exploit these devices” threatens the UK and US’s safety, security, and economic well-being, the NCSC said.
The Kremlin has denied persistent accusations of malicious cyber activity but last year Mr Putin conceded that “patriotic” Russian hackers may be acting “in the fight against those who speak badly about Russia”.
Keir Giles, an expert in Russian information warfare at Chatham House, said the line between government, business and the criminal world was blurred.
“The bottom line is these attacks would not be coming from Russia without Russian state collusion – if they wanted to stop it they could,” he told The Independent.
Mr Giles said Russia’s attacks had become more blatant due to a lack of deterrents during Barack Obama’s administration.
“They have not cared for some time about being identified as the source of hostile activity,” he added.
“Russia is far less concerned about being a rogue state because they have no reputation to maintain, they are behaving more like North Korea than the European nation they once pretended or aspired to be.
“This is just another symptom of Russia believing it is in an advanced state of conflict in the West in every domain apart from overt military clashes.”
Ewan Lawson, a senior research fellow at the Royal United Services Institute for Defence and Security Studies (RUSI), said actors could be viewing browsing history, emails, messages or sending information elsewhere.
“The concern with the presence of someone on your network is are they simply there looking or as a preparatory measure for something more nefarious?” the former RAF officer added.
“Either is bad. We haven’t seen a lot of damaging attacks yet but I believe we’re going to. If they were on a transport network, for example, the potential is there to disrupt train services. You could get into the signalling network.”
Read the full alert and advice here.
A previous version of this article stated that “billions” of machines had been targeted, but the figure was changed to “millions” following clarification from the NCSC.