This article is more than 1 year old

Russia appears to be 'live testing' cyber attacks – Former UK spy boss Robert Hannigan

Warns that nation state hacking threatens corporate networks

InfoSec Europe Former GCHQ chief Robert Hannigan has warned that the emergence of a commodity marketplace for hacking has changed and escalated the threat.

Crooks have solved the skills shortage problem by creating a gig economy and creating "more impressive" and capable tools. Hannigan made the comments during a keynote speech Weaponising the web: Nation-state hacking and what it means for enterprise cybersecurity at the Infosec conference in London yesterday morning.

During a wide-ranging presentation, the former cyber spy boss said that the problem posed by nation state attackers had increased over the last five years and become an issue for enterprises as well as governments. "Nation state attacks using criminal group as a proxy" is a "fairly new issue" and one of the issues along with the commoditisation of hacking tools that makes international geo-politics a feature of corporate security.

Silhouette of spy discerning password from code uses a command on graphic user interface

Good Lord: Former UK spy boss backs crypto


Nation states behave in cyberspace in the same way as the real world, Hannigan explained. North Korea (a centre for counterfeiting) is attacking banks that are on the SWIFT network, as well as crypto exchanges to steal money. "This is a rational state pursuing rational objectives," Hannigan told Infosec Europe delegates.

Iran targeted banks and more recently unis, according to the attribution of Western intel agencies, the former spy boss said, warning that the Trump administration's rejection of a nuclear treaty with Iran could escalate tension in cyberspace.

Russia presents a greater threat in terms of sophistication and a greater overall danger – not least because it doesn't mind being destructive, Hannigan warned. The destructive element of attacks blamed on Russia includes NotPetya and attacks on the Ukrainian power grid.

Attacks attributed back to Russia have become more sophisticated, brazen and even a little bit reckless. Russia appears to be live-testing cyberattacks – as has been speculated about the recent planting of the VPNFilter backdoor on routers – although the intent is unknown.

"It's unclear if that was a mistake or an experiment," Hannigan said. "Russia seems to be live testing things in cyber, as it has been [on the ground] in Syria, but it's a doctrine we don’t fully understand."

Power systems and hospitals are connected to the 'net and, as the WannaCry attack showed, the possibilities of collateral damage from malware are massive. "The problem is that the risk of miscalculation is huge," Hannigan warned.

Asked at the start of an audience Q+A whether the UK was at cyberwar with Russia, Hannigan replied that it probably was. "It certainly feels like we are in a state of conflict," he mused.

Hannigan served as the GCHQ's director between November 2014 until January 2017. Highlights of his tenure include the creation of the NCSC as an operational part of GCHQ. Since leaving the signals intelligence agency, Hannigan has spoken out repeatedly against the advisability and practicality of encryption backdoors. ®

More about

More about

More about


Send us news

Other stories you might like