US, UK say Russia targets Internet hardware for espionage

Washington and London jointly accused the Russian government of maliciously targeting global Internet equipment for political and economic espionage. (Shutterstock)
Updated 17 April 2018
0

US, UK say Russia targets Internet hardware for espionage

  • A joint statement by the US Department of Homeland Security, the FBI and the UK’s National Cyber Security Center said the main targets include “government and private-sector organizations”
  • Australia also admonished Russia and accused Kremlin-backed hackers of cyberattacks on hundreds of Australian companies last year

Washington and London on Monday jointly accused the Russian government of maliciously targeting global Internet equipment for political and economic espionage.
The two governments said the Russian operations, which allegedly involve planting malware on Internet routers and other equipment, could also lay the foundation for future offensive cyberattacks.
A joint statement by the US Department of Homeland Security, the FBI and the UK’s National Cyber Security Center said the main targets include “government and private-sector organizations,” as well as providers of “critical infrastructure” and Internet service providers.
“Victims were identified through a coordinated series of actions between US and international partners,” according to a companion technical alert issued by the US Computer Emergency Response Team (US-CERT). Both nations have “high confidence” in the finding of Russian-sponsored cyber-meddling, which the alert said has been reported by multiple sources since 2015.
Australia also admonished Russia and accused Kremlin-backed hackers of cyberattacks on hundreds of Australian companies last year.
Respected US cybersecurity researcher Jake Williams said it was difficult for him to understand the motivation for Monday’s alert given that “the activity has been ongoing for some time.”
“Calling the Russians out on this hardly makes much sense unless there’s some other agenda (most likely political),” Williams, the president of Rendition Infosec, added via text message.
Routers direct data traffic across the Internet. US-CERT said the compromised routers can be exploited for “man-in-the-middle” spoofing attacks, in which communications are intercepted by a seemingly trusted device that has actually been infiltrated by an attacker.
“The current state of US network devices — coupled with a Russian government campaign to exploit these devices — threatens the safety, security, and economic well-being of the United States,” the alert stated. An email message seeking comment from the Russian embassy in Washington, D.C., received no response.
US-CERT urged affected companies, and public sector organizations and even people who use routers in home offices to take action to harden poorly-secured devices. But its alert cited only one specific product: Cisco’s Smart Install software.
Australian Defense Minister Marise Payne told reporterse about 400 Australian companies were targeted in the Russian attacks, but there was no “exploitation of significance.” The country’s cybersecurity minister, Angus Taylor, said. “This attempt by Russia is a sharp reminder that Australian businesses and individuals are constantly targeted by malicious state and non-state actors.”
On March 15, US-CERT issued a similar alert saying the FBI and DHS had determined that Russian government “cyber actors” had sought to infiltrate US agencies as well as “organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.” It said Russian agents had obtained “remote access” to energy sector networks and obtained information on industrial control systems.
Experts have stressed that the March 15 bulletin did not mean Russia had obtained access to systems that control critical infrastructure such as the power grid. But Russia does have history in this regard, as many security experts blame it for several cyber-sabotage attacks on Ukraine’s power grid.


Acting Pentagon chief not decided yet on funding US-Mexico border wall

Updated 17 February 2019
0

Acting Pentagon chief not decided yet on funding US-Mexico border wall

  • President Donald Trump has declared a national emergency in a bid to fund his promised wall at the US-Mexico border without congressional approval
  • Within hours, the action was challenged in a lawsuit filed on behalf of three Texas landowners

ABOARD A US MILITARY AIRCRAFT: Acting US Defense Secretary Patrick Shanahan said on Saturday he had not yet determined whether a border wall with Mexico was a military necessity or how much Pentagon money would be used.
President Donald Trump on Friday declared a national emergency in a bid to fund his promised wall at the US-Mexico border without congressional approval.
A US defense official, speaking on the condition of anonymity, said that Shanahan was likely to approve the $3.6 billion being redirected from the military construction budget.
By declaring a national emergency, Trump can use certain Department of Defense funding to build the wall.
According to the law, the defense secretary has to decide whether the wall is militarily necessary before money from the military construction budget can be used.
“We always anticipated that this would create a lot of attention and since moneys potentially could be redirected, you can imagine the concern this generates,” Shanahan told reporters traveling back with him from his trip to Afghanistan, the Middle East and Europe.
“Very deliberately, we have not made any decisions, we have identified the steps we would take to make those decisions,” Shanahan said.
He added that military planners had done the initial analysis and he would start reviewing it on Sunday.
Officials have said that the administration had found nearly $7 billion to reallocate to the wall, including about $3.6 billion from the military construction budget and $2.5 billion from a Defense Department drug interdiction fund.
The US defense official said Shanahan would meet with the service secretaries in the coming days to pick which specific projects the money should come from.
Shanahan said that planners had identified the different sources of money that could be used, but he had not decided specifically what projects it would impact and ultimately it was his decision.
“I am not required to do anything,” he said.
Shanahan said he did not expect to take money away from projects like military housing.
Poor standards of military housing were highlighted by recent Reuters reporting, which described rampant mold and pest infestations, childhood lead poisoning, and service families often powerless to challenge private landlords in business with their military employers.
“Military housing, what’s been interesting- I’ve received a number of letters, I’ve had lots of feedback, do not jeopardize projects that are underway,” Shanahan said.
“As we step our way through the process, we’ll use good judgment,” Shanahan said.
The Republican president’s move, circumventing Congress, seeks to make good on a 2016 presidential campaign pledge to build a border wall that Trump insists is necessary to curtail illegal immigration.
Within hours, the action was challenged in a lawsuit filed on behalf of three Texas landowners.
“We are following the law, using the rules and we’re not bending the rules,” Shanahan said.