The UK government fell victim to a cyberattack that infected systems, foreign secretary William Hague has admitted.
Foreign secretary William Hague has confirmed that UK government systems fell victim to a Zeus Trojan attack. Photo credit: Foreign and Commonwealth Office
In late December, spoofed emails claiming to come from the White House bypassed government filters and infected systems with a variant of the Zeus information-stealing Trojan, Hague told the Munich Security Conference on Friday.
"The UK Government was targeted in this attack and a large number of emails bypassed some of our filters," said Hague. "Our experts were able to clear up the infection, but more sophisticated attacks such as these are becoming more common."
The emails directed users to click on a link, which downloaded a variant of the Zeus Trojan, said Hague. MessageLabs, which filters emails for the UK government, had not responded to a request for comment at the time of writing. The Cabinet Office, which oversees government cybersecurity efforts, had also not responded to a request for comment.
Peter Sommer, a cybersecurity expert with the London School of Economics, told ZDNet UK that attribution of cyberattacks was difficult, so governments should focus more on defence than attacks.
Our experts were able to clear up the infection, but more sophisticated attacks such as these are becoming more common. – William Hague, foreign secretary
"Nations still need to focus their cyber-defence policies on resilience — hardening the protection of computer systems and having detailed contingency plans to enable them to recover from an attack," Sommer said.
In his speech, Hague called for new rules to establish how countries should behave in cyberspace.
"In Britain, we believe that the time has come to seek international agreement about norms in cyberspace," Hague said. "We believe there is a need for a more comprehensive, structured dialogue to begin to build consensus among like-minded countries and to lay the basis for agreement on a set of standards on how countries should act in cyberspace."
Hague said the UK government wanted to host a cybersecurity conference in the summer "to explore mechanisms for giving [cyber] standards real political and diplomatic weight."
The UK government will push for agreements that aim for "governments to act proportionately in cyberspace and in accordance with national and international law", Hague said. Additional aims include more accessibility, tolerance, open flow of ideas, privacy, protection of intellectual property, collective action against criminals, and the promotion of competition, he added.
A report issued by US think tank the EastWest Institute on Thursday also called for "rules of the road", to be agreed between the US, Russia and other countries.
"Cybersecurity has quickly emerged as the linchpin of our mutual safety, stability and security," the report stated. "Yet the 'rules of the road' for cyber-conflict, or even the norms for behaviour, are blatantly absent."
The report said that countries need to establish whether humanitarian critical infrastructure should be disentangled from 'non-protected' infrastructures. Russia and the US need to examine whether humanitarian infrastructure, such as medical systems, needs to be clearly marked in cyberspace to avoid fallout, in a similar way to physical infrastructure being marked with a red cross or crescent.
A cyber-war convention should recognise that 'non-state actors' such as individuals or groups of citizens have more power in cyberspace than in the physical world, the report said, and that governments should be open to new levels of co-operation with non-state actors, non-governmental organisations and corporations.
Cyber-weaponry needs to be examined to see if any attack tools or methods have attributes that are proscribed under the Geneva Protocol, the report added, noting that Russia, the US and other countries should examine 'cyber-war' to see if a third state other than 'war' or 'peace' is applicable to cyberattacks.
The report was overseen by Karl Rauscher, who used to work for Bell Labs as executive director of network reliability and security, and Andrey Korotkov, a former Russian deputy 'informatisation' minister.