by Michael McManus
This week news broke that Russian hackers had stolen sensitive login details of British government officials. According to press reports around 70,000 firewalls were breached in a major event cyber professionals are calling the “FortBleed” event. This colourful name alludes to the fact the Fortinet security firm was allegedly breached as part of the attack. Credentials linked to UK government staff have been stolen from entities ranging from London boroughs to UK embassies and eight different RAF bases. The attack was aided by using information stolen in previous cyber attacks to identify weaknesses in the system.
Thanks to the proliferation of internet-capable devices, cyber attackers have a much larger “attack surface” to attempt to compromise. Even things as mundane as household appliances connected to the Wi-Fi can be a way in for the cyber actor. Around 550,000 people work for the UK civil service, and this means a very target-rich environment for Russian cyber units. A single slip up from a civil servant such as connecting to an unsecure network or clicking a bad link and the Russians are potentially in.
Moscow possesses significant cyber capacities, and employs well-trained and equipped units to launch cyber offensives against rival nations. Cyber warfare is much more than simple “hacking”. Gathering hyper-specific information on staff can be used to engineer scams against them, such as posing as family members or colleagues in deepfakes. Any staff with something to hide can be blackmailed in the best Russian tradition of “kompromat”. Email exchanges between colleagues can also be captured to establish what governments are planning to do, or at least exploring. All highly useful to a rival nation.
The good news is that this attack is now public knowledge, and the UK government can immediately move to close loopholes and warn staff. The bad news is that not all attacks can be determined with certainty, and some attacks are undetected. Indeed, Chinese hackers had access to sensitive US government systems thanks to loopholes in access to systems that lay undetected for months. We should hope that similar undetected loopholes do not exist in the UK system.
Another thing to worry about is that security experts feel the recent theft of UK government login credentials was merely the first wave of a much larger attack that is to come. The NHS could be a prime target. According to Dr Saif Abed, a former doctor “This is exactly the type of hack that’s the first step for launching catastrophic ransomware attacks that can threaten patient safety across the country”. The NHS has been targeted by Russia before, and we cannot rule out it being targeted again.
Russia is getting desperate. Its planned “special military operation” was meant to subdue Ukraine in 10 days. Yet four years later, Ukraine still stands while Russia is reeling from sanctions, 1 million casualties, and an inability to counter Ukrainian strikes into Russia. Vladimir Putin has become increasingly paranoid and the prospect of a breakthrough at the front seems remote. In this wounded state, Russia could see cyber aggression against the UK and NATO as a way of rebalancing and signalling strength. There may also be elements of wishing to make a quick buck, with credentials being traded for tens of thousands of dollars on the dark web.
Whether it is strategy, financial gain, or a mix, Britain must take the theft of sensitive government logins seriously, and move to close whatever loopholes Russia managed to find. Our national security depends on it.