Input your search keywords and press Enter.

Is Russia to blame for increasingly sophisticated cyberattacks?

A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin May 21, 2013. The Financial Times' website and Twitter feeds were hacked May 17, 2013, renewing questions about whether the popular social media service has done enough to tighten security as cyber-attacks on the news media intensify. The attack is the latest in which hackers commandeered the Twitter account of a prominent news organization to push their agenda. Twitter's 200 million users worldwide send out more than 400 million tweets a day, making it a potent distributor of news. REUTERS/Pawel Kopczynski   (GERMANY - Tags: CRIME LAW SCIENCE TECHNOLOGY) - RTXZUYH

A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin May 21, 2013. The Financial Times’ website and Twitter feeds were hacked May 17, 2013, renewing questions about whether the popular social media service has done enough to tighten security as cyber-attacks on the news media intensify. The attack is the latest in which hackers commandeered the Twitter account of a prominent news organization to push their agenda. Twitter’s 200 million users worldwide send out more than 400 million tweets a day, making it a potent distributor of news. REUTERS/Pawel Kopczynski (GERMANY – Tags: CRIME LAW SCIENCE TECHNOLOGY) – RTXZUYH

LET’S be honest – we don’t pay much notice to the security alerts and warnings that pop up on our computers.

What’s more, we don’t spend much time thinking about who’s behind them.

However, this age of digital innocence may be ebbing away.

The British government is certainly concerned. It is spending £1.9bn on new infrastructure – and new experts – to ramp up the country’s cyber defences.

At the same time, the head of MI5 has singled out the Russians for particular criticism.

“It is using its whole range of state organs and powers to push its foreign policy abroad in increasingly aggressive ways – involving propaganda, espionage, subversion and cyberattacks,” said Andrew Parker in an interview with The Guardian.

Unsurprisingly, the Kremlin’s spokesman Dmitry Peskov launched his own attack.

Mr Parker’s words “do not correspond to reality”, he said. “Until someone produces proof, we will consider those statements unfounded and groundless.”

:: Four cyber attacks on UK railways in a year

Computer screen.

 How hackers turned off America’s internet

As for President Putin – well, he responded to allegations that his government hacked Hillary Clinton’s Democratic Party with one lively word last Friday: “Hysteria”.

Despite the accusations – and the rapid-fire denials – there is a mounting body of publicly-available evidence suggesting that Russian-speaking hackers, working for the Russian government, are responsible for a series of increasingly sophisticated cyberattacks.

Researchers at information security company ESET have just published three major reports into the cyber-espionage outfit thought responsible for many of these attacks.

Variously known as Fancy Bear, APT28, Pawn Storm, Tsar Team and Sofacy, ESET’s research team have got their own name for them – Sednit – and they’ve been busy studying them for the past two years.

A number of Sednit targets are already well known – such as the American Democratic National Committee, the German parliament and French television network TV5Monde.

Vladimir Putin
Vladimir Putin described claims Russia hacked the Democratic Party as ‘hysteria’

What ESET and other researchers have discovered, however, is a list of other organisations and individuals singled out by the group.

Sednit fired-off ‘spear-phishing’ emails – designed to trick account-holders into inputting their details – to more than a thousand people working for or linked to NATO institutions, political parties and law enforcement bodies in Ukraine, the political opposition movement in Russian and academic institutions and media groups in Europe.

US-based security firm Secureworks discovered that an email address linked to the spokesman of the Ukrainian prime minister was subject to nine phishing attempts in total – and says that high-profile leaders of Syrian rebel groups were also targeted.

“Overall,” said ESET lead researcher Alexis Dorais-Joncas, “most of the targets we could identify are related by the fact that they all share the same standpoint in the current political situation in Eastern Europe.”

You could put that another way, of course: they are all critical of Russian government policies.

:: Chinese firm recalls webcams after hacking attack

Cybercrime
The Government unveils its new strategy to tackle state-sponsored hacking

As well as determining who was targeted, ESET discovered when these cyberattacks were sent – a time period matching working hours in Moscow and St Petersburg’s time-zone.

Mr Dorais-Joncas said his team was also struck by the sheer sophistication of some of the ‘spy-tools’ dropped into victims’ computers.

Last year, Sednit deployed at least six ‘zero-day exploits’ on unsuspecting recipients. These are so-called because security experts have no defence – or zero days – to protect vulnerable computers.

“Burning six zero-day exploits in one year means they certainly have access to significant resources – either to buy (them) or develop them themselves,” said Mr Dorias-Joncas. “They are really dedicated when they go for their targets.”

Andrew Parker said Russia was making more use of propaganda, spying and cyber-attacks.
Andrew Parker says Russia is making more use of propaganda, spying and cyberattacks

When it comes to attribution – or pointing the finger at those responsible, the folks at ESET are understandably cautious.

“We saw a lot of comments that were written in Russian (script) which leads us to believe that the hackers speak Russian,” said Mr Dorias-Joncas, “but we would need access to their servers and bills, contracts and human intelligence too, to know who is doing it”.

What the hackers have to deal with however, is a growing number of companies and individuals who are watching and analysing them online – and waiting for them to make mistakes.

The age of innocence is over, and it seems likely that Sednit will be unmasked. news.sky.com

Follow us on Twitter on @FingazLive and on Facebook – The Financial Gazette