The UK's critical infrastructure is under heavy and sophisticated attack by hackers, the government body charged with its security has reported.
The National Infrastructure Security Co-ordination Centre (NISCC) announced, after a confirmed report in the Financial Times, that there had been a long-running series of attacks using targeted Trojans. These were mostly on government bodies, it said, but also on companies that formed part of the UKs critical national infrastructure.
Such companies would include water, power and communications utilities as well as health and transport.
The NISCC advised IT managers to take standard precautions to protect their networks, linking to existing guidelines.
Trojans targeted at specific people, with the aim of gaining secret information from the organisations they work for, were highlighted last month when several Israeli firms were exposed as having used them to spy on rival companies.
"Trojan capabilities suggest that the covert gathering and transmitting of otherwise privileged information is a principal goal," the NISCC said of the British attacks. "The attacks normally focus on individuals who have jobs working with commercially or economically sensitive data."
But one security consultant, who works in conjunction with the National High Tech Crime Unit, was surprised that the latest trojans got through Britains Government Secure Intranet, which keeps systems one step removed from the Internet and whose traffic is also closely scanned by Message Labs.
He said that normally trojans are dispersed on the Internet and anti-virus companies pick them up and issue protections. With targeted ones this cant happen. "But they dont like any executable code on the GSI. There are lots of choke points," he said.
"One way around this is to target a low level administration staff member and post CDs to them that they then put on their machines, as well as email. The CD can look like its a government update-type document. You can tag the trojan onto the end of something else."
The NISCC conceded that the attackers used social engineering to appear credible. It added that the breaches, which had recently increased in sophistication, used e-mails containing either trojanised attachments or links to websites hosting trojanised files.
"Its not impossible to get through the GSI with email," the consultant said. "But you would have to be very cunning indeed."
Asked who might have mounted such attacks, he said: "For a foreign government to do this is not surprising. I wouldnt be surprised if they were trying it, the risk of being caught is pretty minimal. Trying to find out something secret is a good security services exercise in itself."
The NISCC said the originating IP addresses were "often linked to the Far East".
The consultant said: "This is not the old fashioned 14-year-old smelly hacker, I dont think they even exist anymore. This time its an organisation, an agency or in the worst case scenario a country. They have got a lot of time and good coders.
"This is taking electronic snooping to the next level. Instead of having planes fly over our heads dropping bombs, why not put things in our PCs? Countries do engage in low-level electronic warfare. Weve seen it with Israel and Palestine and India and Pakistan."
Asked why the government had decided to go public, he said that he thought either a journalist was going to break the story or the NISCC wanted to let the attackers know they were on to them.
A few weeks ago, the US Government Accountability Office warned in a lengthy report that US government departments were ill protected from cyber-attack and rapped federal agencies over the knuckles for not reporting attacks as required.
In April, the NISCC came under heavy criticism from Lord Harris of Haringey, a former Metropolitan Police Authority chairman who currently represents the Home Secretary on the authority. He told delegates at the InfoSec security show in London that the centre needed a radical overhaul if it was to protect the UK from cyber-attack.
He said the £10 million a year organisation was limited to an advisory role and had no teeth to act in a disaster. The former head of Haringey Council, which governs a north London borough, said that, since 2002, 71 Ministry of Defence computers had been attacked and the British Coast Guard was taken out of action last year by the Sasser worm. He said more than 100 countries now had some form of cyber-attack capability.
The NISCC did not say in its statement that it had foiled the trojan attacks. The Financial Times report said no "significant information" was taken but industry commentators have said that such sophisticated targeted attacks with powerful trojans are unlikely to be completely unsuccessful. The trojans are written to target specific information. Around 10,000 documents were taken in the Israeli operation from 30 to 40 companies.
Request for comment from the NISCC was referred to the Home Office which did not respond before time of publication.
"We have never seen anything like this in terms of the industrial scale of this series of attacks," said Roger Cumming, director of NISCC, told the Financial Times. "This is aimed at organisations, targeted at gaining information and is extremely well organised and well structured."