Russia is sponsoring cyberattacks in U.S. homes and businesses, U.S. and U.K. officials warn

Show Caption Hide Caption Russia may be looking to hack into your router UK and US authorities have sent out a rare joint cyber security warning about a Russian campaign to attack firewalls and routers for future espionage.

WASHINGTON – Cybersecurity officials from the U.S. and United Kingdom accused the Russian government Monday of sponsoring attacks for possible use in espionage or stealing intellectual property from large corporations down to individual homes.

The attacks have targeted millions of computer networks worldwide through equipment such as routers, switches and firewalls, according to the officials from the White House, Department of Homeland Security and FBI, and counterparts in Britain. The targets included government and private organizations, including internet service providers, officials said.

The goal of the announcement Monday was to warn corporations and individuals to protect themselves against attacks.

“We hold the Kremlin responsible,” said Jeanette Manfra, assistant secretary for cybersecurity at the Department of Homeland Security.

The officials said the attacks aren't always for espionage or to steal intellectual property, an d also to lay the foundation for seizing control of computer equipment to potentially launch future attacks.

“It’s a tremendous weapon in the hand of an adversary,” said Howard Marshall, FBI’s deputy assistant director for cybersecurity.

The report Monday follows U.S. government identification of cyber attacks from North Korea, Russia and Iran. The U.S. response to China attacks included the $50 billion in threatened trade sanctions, which apply largely to the alleged theft of intellectual property, Joyce said.

“We are pushing back and we’re pushing back hard,” said Rob Joyce, White House special assistant to the president and cybersecurity director.

The campaign launched Monday is designed to encourage companies and individuals to protect their systems including routers, switches and firewalls through changing passwords and configuring their devices to prevent them from being hijacked.

Routers have long been known to be vulnerable to hacking and infiltration. Multiple studies have found that companies often install routers with their default passwords (often simply 1-2-3-4), making them child’s play to break into. In addition, many small and home offices as well as individuals never set up any security on their home routers.

Once a skilled, or even semi-skilled, hacker has accessed a router it can be a simple matter to connect to other networks. Unless the hacker hits a tough firewall or other protective software, they can often wander at will.

The concerns here are two-fold. The first is that the Russians might gain access to data and intellectual property, allowing them to spy on companies and individuals and steal not only their secrets but the data that they use to run their businesses.

The second, which the officials alluded to, is that the Russians could be setting up backdoors that would allow them to take down critical infrastructure such as banking, energy and manufacturing, as a precursor to actual physical war.

Military officials have long worried that the first strike in any “kinetic” war (in which things are actually blown up) could very likely be a cyber strike, knocking out a nation’s infrastructure and making it more difficult for the nation to strike back against missiles and other hostile actions. Russian generals have discussed this as a legitimate form of warfare for years.

“This is a global threat," Manfra said. "Once you own the router, you own the traffic that is traversing the router."

Ciaran Martin, chief executive of the British government’s National Cyber Security Centre, said “millions of machines” were targeted in the campaign.

“This the first time that in attributing a cyber attack to Russia, the U.S. and UK have, at the same time, issued joint advice to industry about how to manage the risks from attacks," Martin said. "It marks an important step in our fight back against state-sponsored aggression in cyberspace."

The advice to reduce cyber threats included using encrypted management protocols, disabling protocols that aren't encrypted and changing default passwords.

"Many of the techniques used by Russia exploit basic weaknesses in network systems," Martin said.

The United States and United Kingdom have been tracking the vulnerabilities of these devices and knows of at least two examples of them being targeted.

In November 2016 they saw Russian cyber actors scanning a basic Internet protocol for finding devices that are on Internet networks, looking for vulnerable infrastructure devices such as routers that could be easily hacked.

In June and July 2017 they saw Russian actors using software created by Internet network company Cisco that allows networks to be profiled to scan for vulnerable systems and routers.

“It is fairly widespread and can cover everything from large enterprises to small home offices,” Manfra said.