Whistleblower Reveals Forces Computer Virus Linked to Russia
The Ministry of Defence and a large number of RAF bases and Royal Navy ships have been hit by a computer "worm virus" that is alleged to have been sent to a Russian internet server. The allegations have been made to Conservative MP Mark Pritchard by a whistlebower inside the MoD who is concerned over its failure to take cyber security seriously. Pritchard said the official “told me he could not say whether there was any evidence of active Russian involvement but that email traffic from some RAF stations was sent to a Russian internet server.”
An RAF source confirmed that the virus “originated from the former eastern bloc” and said forces security experts were surprised at how sophisticated it was and how easily it got through the military’s firewalls. “Whoever wrote it really knows their stuff,” he said. The MoD says it did not affect any high security systems but this misses the point, say experts on cyber-warfare.
The virus affected at least 24 RAF bases and 75 per cent of Royal Navy ships, including the aircraft carrier Ark Royal. Training flights were cancelled and RAF stations affected included those from which fighter aircraft have been scrambled over the past two year to counter Russian bombers testing British air defences. Russian cyber experts are known to be probing western military computer systems and have attacked computer systems in Estonia and Georgia over the past two years.
The MoD said it had no knowledge of any emails being sent to a Russian server. It refused to say whether the investigation was looking at Russia as a possible source of the virus. “We will look at every possible cause and take appropriate action to protect against any further viruses,” a spokesman said. He denied that any secure systems were affected by the virus but systems used to order parts for aircraft and other supplies have been brought down by the attack.
Pritchard said the virus attack was “a major national security breach which has affected thousands of military personnel and their ability to do their job. These revelations also underscore the reality of Russia remaining active in military and industrial espionage. Once again, Ministers have failed in their duty to protect the nation’s cyber-security. The sooner Britain adopts a National Security Council which can investigate such matters the better.”
Sophisticated cyber attacks have been launched via Russian servers against two former members of the Warsaw Pact, Georgia and Estonia, in the past two years blocking out all internet traffic. The attacks appear to have been largely generated by “freelance” Russian hackers but Bruce Jones, an expert on cyber warfare, said the Estonia attack was definitely Russian government inspired. “The point now, as then, is that you do not have to attack the most sensitive networks to have a significant effect. By hitting the non-critical infrastructure, the systems that order provisions and spare parts for example, you can very quickly degrade an organisation’s ability to function. Some technical experts question whether nations' militaries can successfully engage in cyber warfare against each other. It is too much of a 'frontal assault' that cannot be easily achieved; far better to hit at more vulnerable but essential elements and components further down the 'food chain'.”
A Cabinet Office report last August warned that “E-espionage” was the second greatest threat to Britain after terrorism and MI5 has repeatedly warned of the threat of Russian or Chinese cyber attacks. Pritchard has campaigned for several years to get the MoD to improve its cyber-security. Sadly it seems his pessimism over the MoD’s ability to get this right was spot on. But will it change or will the MoD continue to fob this off as being unimportant?
Always difficult to keep up the high security that is required whilst online, when in the country it is seen as a joke. Oh! yes I saw that episode in Spooks or other show Hustle, easy to thwart the espionage as the percieved enemy are just muppets.
Posted by: William | 18 Jan 2009 21:29:21
Mick,
Cyber-security is now a major issue in industry. (Defence industry is totally involved in the upgrade of systems that block threats and attacks.)
- Financial transactions,
- control of signalling systems for trains and metro,
- control of distribution systems for electricity, gas, water,
control of networks for IT and telephones
- management of airports
Management of buildings (lifts, security doors)
- logistic support and ordering systems in factories using Just In Time.
All these are under threat and disruptioncould destroy our way of life in an instant.
These are so called Critical Infrastructure Systems and in many ways represent more of a threat to our lives than hacking into a defence network. One might say, stopping flying on a carrier for a couple of days is not really significant for you and me or the general public.
Re the Cyber-attack on Estonia in 2007: Estonia, I believe, has proof that the atacks came from Russia. The effect was to make government ineffective as all government IT systems were sabotaged by waves of e-mails flooding inboxes and other relatively simple effects. In fact, Estonia's ambassador to NATO was absolutely virulent about it (and in one of his speeches, he didn't mince words when he targetted the Russians although I don't know if his remarks were carried by the press.)
I think the other country that we must be wary of is China where hacking activity is relentless - they have thousands of IT engineers trying to attack our systems.
If one talks to NATO security they are attacked thousands of times every day. Fortunately, capability to block these attacks are continuously upgraded.
Posted by: The3rdColumn | 19 Jan 2009 16:49:56