Fancy Bears hack UK television station

A British TV station was hacked for more than a year by the same group which attacked the Democratic Party during the US Presidential election, according to security researchers.

It is one of hundreds of UK organisations and individuals understood to have been targeted by the so-called Fancy Bear hacking group. Security companies say is a branch of the Russian government, a claim denied by the Russians.

The hackers hit the TV station, the name of which has not been published, with a virus giving them total control of its computer systems. For months they were able to monitor all communications between the channel’s employees, even those at the most senior level.

“They were able to essentially see all communications coming in and out of that organisation,” said Lee Lawson of SecureWorks. “Whether that’s internal communications, or about the TV station as a business, or indeed any stories coming in or being communicated about by the journalists.”

Researchers at SecureWorks say it is the work of the same group which attacked the Democratic National Committee (DNC), revealed in June last year. The group has also been blamed for hacking into French station TV5 Monde in April 2015, taking all 12 of its channels off air.

TV5 Monde’s Director-General Yves Bigot said: “They were off air for eight hours. That’s a big problem, the first thing that you guarantee to the satellite and cable companies is that you’re always going to send them a signal, so we could have lost all our broadcasting capacity throughout the world, which would have obviously killed the company.

“It’s cost us 9m Euros in 2015 and 2016, and it will cost us between 3 and 4m Euros yearly just for our new protection.”

It is believed the attack on the UK broadcaster, which began in July 2015, may have been a test-run for a potential future hack on other media outlets.

The hackers used specific computer viruses that the researchers say are the exclusive property of the Fancy Bear group. The viruses were programmed to send hacked data from the UK television station to the same computer server that was used in a previous attack on the German Parliament, which was blamed on the Fancy Bears group.

“This is a fully funded well resourced nation state group,” said Lawson.

The same virus was also used in the DNC hack, in which dozens of Democratic Party staff were sent fake messages to trick them into revealing their email account passwords. But it wasn’t just US political personnel who were sent these “phishing” emails.

SecureWorks found they had also been sent to anti-Russian figures in Ukraine, as well as opponents of Putin within Russia. Also targeted were embassies and diplomats across Europe. Its researchers say that the types and locations of those who were attacked show it was the work of the Russian government.

In December a joint FBI and Department of Homeland Security report attributed hacks on the US election process to Russian military intelligence.

The TV channel is not the only British target the hackers have gone after, according to research conducted for this report by security firm Trend Micro.

The Fancy Bear group (called Pawn Storm by Trend Micro) sent around 5,000 phishing emails between 2014 and 2016. The UK is the joint-third most popular target country, and more than 170 computers with UK IP addresses have clicked on the fake links, potentially revealing their passwords and allowing the hackers access to their email accounts, from where they attempt to burrow deeper into the victim’s organisation.

A spokesperson for the Russian Embassy in the UK said: “Without any details and proof, available to experts for thorough examination, one cannot make a judgment on this allegation. It is for experts to comment on the basis of evidence available, not for the Embassy. The quality of “proof” produced in the notorious US intelligence report… leads one to conclude that no trustworthy evidence exists so far, that it is a murky business, sort of free-for-all in terms of politicization. Since real war is out of question, this issue seems to be used as a means of keeping afloat the Cold War politics, i.e. of containing Russia.”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s