The cyberwar between the west and Russia has escalated after the UK and the US issued a joint alert accusing Moscow of mounting a “malicious” internet offensive that appeared to be aimed at espionage, stealing intellectual property and laying the foundation for an attack on infrastructure.
Senior security officials in the US and UK held a rare joint conference call to directly blame the Kremlin for targeting government institutions, private sector organisations and infrastructure, and internet providers supporting these sectors.
Rob Joyce, the White House cybersecurity coordinator, set out a range of actions the US could take such as fresh sanctions and indictments as well as retaliating with its own cyber-offensive capabilities.
He added: “We are pushing back and we are pushing back hard.”
Joyce stressed the offensive could not be linked to Friday’s raid on Syria. It was not retaliation for the US, UK and French attack as the US and UK had been investigating the cyber-offensive for months. Nor, he said, should the decision to make public the cyber-attack be seen as a response to events in Syria.
Joyce was joined in the call by representatives from the FBI, the US Department of Homeland Security and the UK’s National Cyber Security Centre (NCSC), which is part of the surveillance agency GCHQ.
The US and UK have previously blamed Russia for cyber-attacks such as the crippling NotPetya in June 2017 that created disruption worldwide, including to the National Health Service, and for a cyber-intrusion into the US energy grid.
But they portrayed this as far more serious because of the potential to undermine infrastructure. Millions of machines had been targeted in a “sustained” campaign and the US and UK admitted they still did not know the full extent to which the system had been compromised.
Previously the two nations have spoken only of attacks “originating from Russia”, with lines between Russian criminals and state activity being blurred, but on this occasion they pinned blame on the Kremlin.
The US and UK said they had “high confidence” that the Kremlin was behind the attack.
It is the first time they have issued joint advice to all sectors that might have been compromised, offering steps to to identify and neutralise potential problems relating to the attacks.
Ciaran Martin, chief executive of the NCSC, which works closely with the surveillance agency GCHQ, said: “This is a very significant moment as we hold Russia to account.”
Howard Marshall, who works in the FBI’s cyber-division and who was also on the conference call, said: “We will bring every tool to bear against them in every corner of cyberspace.”
The decision of the US and UK governments to go public reflects a loss of patience with Moscow after a series of cyber-attacks and hacks allegedly originating from within Russia. It could also be born out of frustration over Russia’s supposed interference in democratic elections in the US and Europe, its support for Syria’s Bashar al-Assad and incidents such as the use of a nerve agent in Salisbury.
Both the US and UK, like Russia, have cyber-offensive capabilities. The head of GCHQ, Jeremy Fleming, in his first public speech last week, described how such a capability was used to degrade Islamic State’s ability to disseminate propaganda from its Syrian headquarters in Raqqa.
It was the first time that UK has admitted to having used its cyber-offensive capability.