back to article Russia appears to be 'live testing' cyber attacks – Former UK spy boss Robert Hannigan

Former GCHQ chief Robert Hannigan has warned that the emergence of a commodity marketplace for hacking has changed and escalated the threat. Crooks have solved the skills shortage problem by creating a gig economy and creating "more impressive" and capable tools. Hannigan made the comments during a keynote speech Weaponising …

This post has been deleted by its author

Anonymous Coward

More FUD

"Asked at the start of an audience Q+A whether the UK was at cyberwar with Russia, Hannigan replied that it probably was. "It certainly feels like we are in a state of conflict," he mused".

And with that one statement, any credence disappeared up his own arse.

Probably???

FEELS like it???

Have a word with yourself man..

Handy distraction for the other shitstorm that is brexit??

Cynical? Moi?

28
38

Re: More FUD

I would argue that we are at cyberwar but not just with Russia, Norks, etc

But also the USA, Antartica, Neverland and the many other countries / realities that exist.....

44
0
Silver badge

Re: More FUD

Dunno about Brexit. Feels more like support for his US pals, especially in light of the recent trend to make Russia take the place of the USSR as the Big Enemy in the US. You're right about the FUD though. If there was any real, solid evidence of a sustained nation-state cyberoffensive there would have been Serious Questions all around. So far, it's always been "sponsored groups attributed to...".

Of course, Our Side is all White Hats, who would never.... etc...

29
9

This post has been deleted by a moderator

Anonymous Coward

Re: More FUD

Cynical? Moi?

Sure. So am I. Thought in this case things have a much simpler explanation.

1. He is topping up his pension. There is a ridiculous assumption in the British public and press that senior mandarins once released from the civil service somehow develop independence and wisdom. The legend is that they now act in the country interest by freely providing the future generations with their wisdom by reflecting on current events through the prism of their decades of experience. That is bollocks - all they do is to top up the payments on their yacht by towing the EXACT party line by supplying PAID FOR supposedly independent pronouncements.

2. He is clueless. Same as his ex-office, same as the foreign office, same as Mi5 and Mi6 Russian sections.

2.1. They are continuing to drive the party line that Putin is trying to reincarnate USSR or the Russian empire. That party line is complete and utter bollocks. The key differentiator of Russian Empire (from Peter the Great till its fall) and USSR was that they were NOT nationalistic. Nationalism was frowned upon and discouraged because it was getting in the way of keeping the empire as a cohesive whole. That is absolutely invalid for modern Russia. It has become a nationalistic state. How, what, who - the transition is quite clear and it has been orchestrated from the very top over the last 10 years. It was part of an escape policy of something Putin and Co are even more afraid of than WW3 (what - exercise to the reader). As a result Russia today reacts differently compared to the reactions of the Russian empire and USSR before it.

2.2. He has missed the train on the emergence Wagner and the other Russian army for hire corporations. Think of Blackwater armed to national army standards with tanks, missiles, attack helicopters, artillery and AA missiles (a lot of them with serial numbers listed in "officially scrapped" lists so totally deniable up to and including their existence). There is a similar situation in cyberspace too with even more armies armed to the same standard.

2.3. When you combine 2.1 and 2.2 and stir it up with a few billions in the wrong hands courtesy of our support for Russian disintegration during the Eltsin era you get what Russians call "a monkey with a hand grenade" - you do not know where it will go.

2.4. Going back to the Russian guns for hire (cyber and real). They sometimes fight on the side of the Russian state, sometimes for their own agendas and sometimes someone pays them. In most cases they are not under any state control for a very simple reason - plausible deniability. They "volunteer" to do certain jobs or are paid by "concerned citizens" to do them so that they are in the right place on the shortlist when the state comes with a big order at a later date.

We need to be honest and actually state the facts in 1 and 2 as this changes the strategy of countering them or coexisting peacefully (whatever is chosen) in the first place. Trying to do what this ex-mandarin does to top up his yacht contributions and singing the perennial "Reds Under Our Beds" gets us nowhere.

27
28
Anonymous Coward

Re: More FUD

^^^^I think that our AC above has no idea how much a yacht costs, or any idea how little a civil servant can earn even at the highest employment grades...

18
2
Silver badge

Re: More FUD

Sure. So am I. Thought in this case things have a much simpler explanation.

The game is on! And it is the fun game of "guess the gobby, anonymous commentard". Momentarily I was going to plump for VRH, but there's a couple of style cues in there that persuade me that it definitely isn't.

Is it a breach of etiquette to try and guess who's AC'ing?

15
1
Anonymous Coward

Re: More FUD

"Probably? FEELS like it???"

To be fair, I think anyone would struggle to answer that question given the utter lack of a working definition for what constitutes cyberwar...

13
0
K
Silver badge

Re: More FUD

"any idea how little a civil servant"

I do, as my wife is one of them!

To be fair to the original AC, these level of civil servants earn a f*CK load off private consultancy with the likes of BAE, Raytheon and other military/intelligence contractors for several years after "retirement", which I'm fairly certain he would be making the most of - and rightly so, and so would any of us.

10
1
Silver badge

Re: More FUD

You are Nigel Farage obo Vladimir Putin and I claim my free subscription to Russia Toady [sic]

8
3
Silver badge

Re: More FUD

I think that our AC above has no idea how much a yacht costs

I think our AC's writing shows several signs of AC's first language being Russian (or Ukrainian, but that's less likely given the subject matter and opinion expressed).

1
5
Silver badge

Re: More FUD

"If there was any real, solid evidence of a sustained nation-state cyberoffensive there would have been Serious Questions all around."

You are kidding, right? The evidence is often overwhelming. However, we have done this sort of hacking and information exfiltration stuff for decades ourselves (echelon for instance) so we can hardly complain too loudly when what goes around comes around.

"So far, it's always been "sponsored groups attributed to...""

Of course - It gives a slight veneer of deniability. Just like the Russians pretending to know nothing about nerve agent assassination attempts with a compound that only Russia has, despite having well documented history with radioactive teapots!

6
4
Gold badge

Re: More FUD

"It certainly feels like we are in a state of conflict,"

To all the cynics:

The article notes that he thinks back-dooring every communications channel is probably a bad idea. He knows full well that Vlad would probably have a copy of the keys before Amber did and he has a problem with that. He may be guilty of exaggerating the threat but at least he is consistent and rational in his response to that delusion.

And he may not be guilty of exaggeration. If Russia *isn't* developing cyber-weapons then I'll eat the hat of your choice. If it isn't testing them in the field, I'd be *very* surprised. My undertanding was that it was broadly understood by all that we are doing both of these things (like, Stuxnet) so why the flippety fuck wouldn't they be doing it too?

And the Chinese. And the Norks. And they are probably all practising on each other too, since I don't detect much mutual love between these three. (Kim is just insane and the other two both want to be top dog once they've trumped the US.)

8
1

Re: More FUD

Having personally received malware from UKUSA and partners, whilst not being a terrorist, I do think it highly likely that the Russians are also flinging exploits around at their home and abroad; perhaps they are better at it than our esteemed keyboard warriors?

Remember that the Russian cyberwarriors are typically many moves ahead of us playing “chess,” our Hannigan-led typist forces admittedly seem to be playing an anti-democratic candy-crush/flappy-bird with all the Trump shenanigans whilst the ascendent empire just “go” for it!

This next article describes a Chinese attack in Jan/Feb 2018, which pwned the USNavy, allegedly.

https://www.independent.co.uk/news/world/americas/china-government-hackers-us-navy-contractor-fbi-investigation-a8390831.html

5
0

Re: More FUD

"I think that our AC above has no idea how much a yacht costs, or any idea how little a civil servant can earn even at the highest employment grades..."

Dunno what you are paid but £117k sound like a shed load from where I'm looking.

Might not buy a Yacht, but it will get you a cosy retirement and if you can top it up with after dinner speaking (Think George Osborne @£500k/year).

"April 2014 ASHE report gives median gross annual earnings of £22,044 for all employees and £27,195 for full-time employees."

"According to the Annual Survey of Hours and Earnings (ASHE), average gross annual earnings for full-time employees was £27,600 in 2015"

https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/583819/FOI2016-26337_grade_salary_bands.pdf

3
0
Gold badge
Gimp

"State of cyberwar with Russia" --> Must slurp every email/text/phone call in UK

Because....

Security.

Once a data fetishist, always a data fetishist.

5
0

Consider the possibility that...

When analysing politics, I always like to view the situations through the most far out lens - consider the possibility that the earth is flat.

That would mean that almost every country is hiding/sharing/covering up at least that one common objective.

It would then appear everything else in the "news" about "politics" is entirely orchestrated.

Not saying its true, but an interesting perspective to consider.

0
0

Re: More FUD

That's not the way security works on an inter-nation basis. Saying that it feels like we are in a cyber conflict just tells the other side what they already know - they're doing stuff and we know. Going beyond this, which is fine if you're looking to prosecute a criminal, means that you tell the other side which bits of what they're doing aren't working, and by extension which bits are.

That's just foolish as it tells them where to put their future efforts.

3
0
FAIL

Re: More FUD

«Kim is just insane» And, Mr Hagan, you know that how ? From your personal experience as treating psychiatrist ?...

Henri

0
2

Nice old pals.

Nice old Putin and co. not only they bankrolled donations to some of our beloved leaders' campaigns, they keep playing games that allow us to keep shouting "The Russian are coming!" whenever we need to throw a (diversionary) bone to the unwashed ones.

Thank you pals.

19
3
Silver badge

The best defense

We should start live testing of cutting Russia from the Internet.

11
12
Anonymous Coward

Re: The best defense

That's not going to help with threats found elsewhere.

Do you also think that Russia wouldn't be able to utilise connections in other countries?

14
0
Silver badge

Re: The best defense

Aaaaand that's why we don't want the USA to control the world's DNS.

18
4
Bronze badge

Re: The best defense

Spend five minutes wargaming a major powers conflict with the internet involved. None of these global structures survive. So more like--that's why there should not be a world's DNS.

6
0
Anonymous Coward

Many organised cyber criminal outfits are Russian too

although their relationship with the government may be harder to ascertain...

Agree with above, possibly cyber war, but certainly not limited to Russia as a nation state.

12
0

Re: Many organised cyber criminal outfits are Russian too

The Russian government is an organised (cyber) criminal outfit.

13
6
Silver badge

Re: Many organised cyber criminal outfits are Russian too

The Russian government is an organised (cyber) criminal outfit.

How does that differ to the governments of the US, Israel, Iran and so forth?

I suppose we can at least allow that the British government isn't, purely on the grounds that they're too stupid, disorganised and lacking in any real "cyber" skills or knowledge.

13
4

Re: Many organised cyber criminal outfits are Russian too

To quote Inside Cyber Warfare by Jeffrey Carr, They (Russian cyber criminals) don't ask who you are and why you are doing this. They 'll just break both your arms.

1
0

Re: Many organised cyber criminal outfits are Russian too

If thats the case, I would argue the same for at least the UK's and the US's government are also criminal cartels in disguise.

Freemason run countries especially.

Prison is just for those that didnt make it to the top.

2
2
Silver badge

It was only yesterday

Someone posted thus, right here on El Reg. Well, almost right.

1
0
Silver badge

Re: It was only yesterday

I need to do the lottery tonight it seems.

1
1
Anonymous Coward

I said a while back blame Canada and look what the US president has done, applied sanctions on them being a national security threat, knew they were too nice.

Seriously though, Russia? I'm sure they do have people attacking other countries and us but so do a lot of others that don't like us. It's getting a bit tiresome this default to who we want people not to like this week.

14
4
Anonymous Coward

Well its only fair, the Russian authorities have been blaming the West for their problems for over a decade.

7
5

"Warns that nation state hacking threatens corporate networks"

No. Really? you're PUTIN me on.

3
3

My own theory is that they are being tested by cybercriminals who are too smart to try and probe their own country's web infrastructure for fear of being arrested by local police. Naturally, this is easier to do in countries such as Russia that have less oversight for this sort of thing - it's a bit like the Isle of Man* setting low tax rates and people being puzzled why rich people move there.

Some of the testing may be state-sponsored, but I doubt it. I would expect that state-sponsored attacks generally tend to be tested behind closed doors, rather than in the wild, for the simple reason that you don't want to give your enemy clues as to what you're planning until you're ready so to do.

* I was going to say Monaco but I always wanted to live in Monaco as a kid because of the grand prix, of course.

16
2
Mushroom

Tepid War

Just like the good ol' days, 'cept this time the Russians are flush with Oligarch cash.

7
1
Anonymous Coward

Russia? I'd be much more concerned about the Chinese, we train a lot of their government sponsored hackers in UK Universities, they manufacture most of the internet 'equipment' that's been firmware compromised. But poking the bear seems to be more acceptable, especially as they've been more effective in fighting the wests proxies in the middle east.

9
2
Anonymous Coward

"they manufacture most of the internet 'equipment' that's been firmware compromised"

Yes I guessed Cisco probably is made in China these days.

7
0
Anonymous Coward

Is he trying to say the US and UK are not doing such things - if so he needs to pull the other one because this sounds like crap.

7
3
Holmes

Ivan, it's called sarcasm.

2
0
Silver badge

The Bigger Picture Show with Greater IntelAIgent Games Plays for Heavenly Places

Re: Weaponising the web: Nation-state hacking and what it means for enterprise cybersecurity

Internet Networking Things have also moved on into altogether more engaging and demanding and rewarding spheres of Virtually ACTive IT, Robert H., and that might warrant a current GCHQ chief, if able to enable and/or disable such things, to pen and pen test The Massively Destructive and Creative Tools for Web Weaponisation: Enterprise State Hacks and Secret Code Cracking and what IT All Means for Memes in Nation State CyberSecurity Systems/Fields of Dream Operation.

Nation states don't do hacking, nor anything else for that matter if the truth be told, Prime ACTors do, and ideally for both nation state[s] and Prime ACTor[s], to positively reinforcing and increasing mutual self benefit. Such is easy to consider as being worthy of recognition as an Almighty Immaculate Driver ... for how on Earth would one be able to effectively and efficiently either compete against or oppose such a thing and Dream Operation Field?

I suppose if one didn't want to HyperRadioProActively Engage with Prime ACTors in NEUKlearer Conflicts, there is always the Danegeld Option to Exercise which relies solely on Interested and Interesting Parties keeping to their word .... and their Proprietary Intellectual Property locked safely away deep underground in Perfectly Secure Spaces.

3
1

Re: The Bigger Picture Show with Greater IntelAIgent Games Plays for Heavenly Places

I'll bite.

'Nation states don't do hacking, nor anything else for that matter if the truth be told,'

Utter, utter bollocks.

So, am I responding out of context?

'Prime ACTors do, and ideally for both nation state[s] and Prime ACTor[s], to positively reinforcing and increasing mutual self benefit.'

So if it's not 'the state', it's state sponsored? Or are they black-hat and hope that if they hack for a state (without permission, ergo 'black hat') they'll be handsomely rewarded?

We're not talking about Popov here.

1
0
Anonymous Coward

In the cold war Russian military capabilities were vastly overstated by western intelligence and defence. That way they could keep the population scared and also receive continued and increased funding.

That's fine, however I don't like the whingey and whiny undertone that "the Russians aren't playing fair."

It makes me wonder what sort of poor leadership the western intelligence agencies have these days.

4
2
Silver badge

Speaking from Experience Renders the Truth and Facts that are Indisputable and even Disagreeable

It makes me wonder what sort of poor leadership the western intelligence agencies have these days. .... Anonymous Coward

The sort of poor leadership, AC, which has one engaging and exploring with intelligence agents in erotic and exotic eastern parts whenever direct contact on certain relevant matters relating to home grown catastrophic zeroday vulnerabilities made with home western systems admins/security agencies are left unanswered.

One can only assume and presume that the deafening silence is a failed attempt to not reveal that they have no defence or attack strategies to mitigate against the obviously new and invariably totally disruptive views that are revealed to them in such communications.

However, following Ye Olde Worlde Ignorance is Bliss Approach to the AIDynamic Radical Fundamental Changes which have them Terrified of and Terrorised by All Manner of Sticky Tricky Phantoms and Intangible Ghosts from Immaculate Hosts, invites nothing but Guaranteed Disaster after Guaranteed Disaster upon such Gross Stupidity.

1
1
Silver badge
Flame

As we used to say on Usenet

PPoGTFO. Vague, hand-wavy assignment of baddie-du-jour just isn't going to cut it any more. It's looking increasingly like justifying their own position.

If our infrastructure is so fragile that any random Sergey Hackovitch with his computamabob¹ can knock it over, perhaps instead of spending billions on spooks we should be concentrating on making it not so fragile?

¹ Those sodding meerkats have seeped into the consciousness. Bloody ad flingers.

6
2
Devil

All people who stick [************] on the internet should put their head in the toilet.

Having a system network does not mean it has to be connected to what is now a quasi public freefor all, and what's more the communications infrastructure 'Backbone"' is just so exposed it's criminal insanity.

Just add an item from the list to fill in the asterisks above:~

Infrastructure, Essential systems, Military systems, Hospitals, Government business, Banking, .... , ...

More toilets please !!!!!

2
0
Silver badge

Is there much in the way of concrete evidence against the Russian govrnment and agencies? We hear a lot of rhetoric but we rarely get to see much in the way of evidence. On the other hand, we do have evidence that the NSA has been creating malware and that GCHQ were reading teenagers' encrypted sexting.

2
2
Silver badge

Immature Shenanigans Extraordinarily Renders Fool Tools Herding the Masses Grimly

Is there much in the way of concrete evidence against the Russian govrnment and agencies? ... JohnG

Both the simple and more laboured of answers, evidenced by all manner of popular media and official report, is an inconvenient and resounding NO, JohnG.

And such calamities and economies of truth reveal the not so secret way your globalised realities are phormed and maintained/created and fed. With such knowledge, honed in the field of sublime developments for application, is it not impossible and incredibly easy to both radically and fundamentally change and disrupt/take over and destroy fake empires fronted by naked emperors and attendant lackeys/groupies.

They be the real vile enemy of the people, and are always forced to run scared and create new foes to fill column inches to distract and subvert mainstream attention away from the literary sources of their plights and problems. However, nowadays, with everyone more able and/or enabled to question more, is there no safe haven and heavenly hiding place in which to cower and avoid due just desserts. Such as is, is Absolutely Fabulous Fabless Progress and an Almighty Development Program ......... or, if needs be, one Hellish Nightmare of a Phantom Battle to Fight Against and Vainly Lose Your Life To.

0
1
Silver badge

Re: Immature Shenanigans Extraordinarily Renders Fool Tools Herding the Masses Grimly

Furthermore to the grim virtual realities pimped and pumped and peddled into your consciousness for a controlled and controlling mindset .... Which government and intelligence agencies are failed state entities and guilty of catastrophic lying with the serial spreading of right dodgy non-facts. The HM Government and SIS type Servers of UKGBNI or the counterparts in the Federal Republic of Germany?

What can you not easily believe here and thus consider to be designedly untrue and worthy of more questioning for different answers ...... and for the outing of the puppets and muppets of the intellectually challenged?

1
1

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2018