Over the last five to ten years intelligence agencies have seen the link between cybercrime and nation states grow significantly, he said. “[We see] criminal groups being proxies of nation states and actively tasked and controlled by them,” he said. “That is a fairly new development. In some cases you can see nation state people sitting in the same room [as known cyber criminals]. In some cases … people have been conducting state activity during the day and then doing crime at night. Robert Hannigan, former director-general of GCHQ, gives a keynote speech at the Infosecurity Europe 2018 conference Credit:Nick Miller “It’s a funny mixture of profit and increasingly of political intent.” Russia’s investment in cyber espionage in the last 10 years is “paying off”, Hannigan said.

But the biggest change is in Russia’s intent. “If you want to start taking risks and don’t mind being found out and feel like being destructive, that suddenly becomes very dangerous. I think that’s what’s changed … not just online but in other areas. Russians hackers targeted Democrats during the 2016 election. Credit:AAP “It’s the decision to weaponise everything, from switching off domestic power in Ukraine to annoy the people of Ukraine for a few hours in the winter, through to hacks against elections in the US, Germany and France. “The level of sophistication points to a real escalation.”

Intelligence agencies had found Russia “pre-positioning” in vulnerable networks but did not know why they were there. One example was their widespread hacking of domestic internet routers. “It may be a mistake, it may be an experiment,” Hannigan said. “Russia has been particularly keen on live-testing weapons in Syria, through to cyber attacks.” Russian hackers pretended to be Islamic State online in a hacking attack on French media. Credit:File In May 2015 Russians disrupted the broadcasts of French television network TV5 Monde for three hours, and took over their social media accounts.

Then they deliberately withdrew and left a false trail to make people think it had been Islamic State hackers. “It’s not clear why Russian actors wanted to do that,” said Hannigan. “It’s consistent with their doctrine of testing, but we still don’t fully understand.” Hannigan said other countries were also on the radar of intelligence agencies in the UK and US. North Korea has been behind several cyber attacks aimed at stealing foreign currency, which it desperately needs. And Iran – though it has been quieter in recent years – has a sophisticated cyber capability that is connected to criminal actors.

“One of the concerns of the [Iran] nuclear deal falling apart, if it does, is that we would normally expect that [cyber espionage] activity to rise as a result,” Hannigan said. He said the “risk of miscalculation is huge” in using cyber weapons. “We haven’t seen anyone killed or seriously injured as a result of cyber attacks but if you start to tamper with industrial controls or health networks it feels it’s only a matter of time until somebody gets hurt and somebody is ultimately killed.” Nations were getting more sophisticated and brazen, though at the moment the activity is “below the threshold of what we would see as a military attack”. Asked if the UK was at cyber war with Russia, Hannigan replied “I think we probably are”.

“We’ve certainly been locked in a kind of cyber conflict with lots of people including Russia for quite a while. Certainly in agencies and the NCSC [a branch of GCHQ] that’s what it feels like. “Whether you actually defined it as war is really a legal point… but it certainly feels like we’re already engaged in a conflict.” In better news, Hannigan said terrorists were still “thousands of miles” from having the capability to perform a catastrophic, destructive cyber attack. Though that could change because there is the “possibility that a sophisticated nation state will at some point sponsor terrorists and cyber terrorism”, he said. But the highest volume, by a long way, of malicious cyber activity was crime, Hannigan said.