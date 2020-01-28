LONDON (Reuters) – Three high-ranking Western security officials have announced that extensive cyber attacks against governments and other organizations in Europe and the Middle East are hackers acting in the interests of the Turkish government.

The hackers have attacked at least 30 organizations, including ministries, embassies and security services, as well as businesses and other groups. This resulted in a Reuters review of public internet records. Victims included email services from the Cypriot and Greek governments and the Iraqi government’s national security advisor, the records show.

The attacks include interception of Internet traffic on victims ‘websites, which may allow hackers to gain unauthorized access to government and other organizations’ networks.

According to two British and one US officials, the activity has the characteristics of a government-sponsored cyber espionage operation that was carried out to advance Turkish interests.

The officials said the conclusion was based on three elements: the identity and whereabouts of the victims, which included governments of countries that are geopolitically important to Turkey; Similarities to previous attacks, which are claimed to have used the infrastructure registered from Turkey; and information contained in confidential intelligence reviews that has not been discussed in detail.

The officials said it was not clear which individual or organization was responsible, but believed that the waves of the attack were linked because they all used the same server or different infrastructure.

The Turkish Ministry of the Interior declined to comment. A senior Turkish official did not answer questions about the campaign directly, but said that Turkey itself was often the victim of cyber attacks.

The Cypriot government said in a statement that “the competent authorities were immediately aware of the attacks and were trying to contain them”. “We will not comment on details for reasons of national security,” he added.

Officials in Athens said they had no evidence that the Greek government’s email system had been compromised. The Iraqi government did not respond to requests for comments.

The attacks on Cyprus, Greece, and Iraq identified by Reuters occurred in late 2018 or early 2019, according to public Internet records. The broader range of attacks continues, according to officials and private investigators, in the area of ​​cyber security.

A spokeswoman for the British National Cyber ​​Security Center, which is part of the GCHQ intelligence service, declined to comment on who was behind the attacks. In the United States, the National Intelligence Director’s office declined to comment on who was behind the attack, and the Federal Bureau of Investigation did not respond to a request for comment.

Hijacked

The attacks highlight a weakness in a core pillar of online infrastructure that can expose victims to attacks that occur outside their own network and that make it difficult for them to identify and defend themselves, cyber security specialists said.

The hackers used a technique known as DNS hijacking, according to Western officials and private cyber security experts. This includes manipulation of the effective address book of the Internet, the so-called Domain Name System (DNS), with which computers can compare the website addresses with the correct server.

By reconfiguring parts of this system, hackers were able to redirect visitors to fraudulent websites such as a fake email service and capture passwords and other text entered there.

Reuters checked public DNS records showing that website traffic was being redirected to servers identified by private cyber security firms as being controlled by the hackers. According to the records and cybersecurity experts who investigated the attacks, all victims identified by Reuters have had traffic to their websites hijacked – often traffic through login portals for email services, cloud storage servers, and online networks.

The attacks have occurred since at least early 2018, as the records show.

While minor DNS attacks are relatively common, the scale of these attacks has alarmed western intelligence, the three officials and two other U.S. intelligence officials said. Officials said the attacks had nothing to do with a campaign that used a similar attack method that was uncovered in late 2018.

As part of these attacks, hackers have successfully violated some organizations that control top-level domains. These are the suffixes that appear immediately after the dot symbol at the end of the web addresses, said James Shank, a researcher at US cyber security company Team Cymru notified some of the victims.

THE VICTIMS

According to public internet records, the victims also included Albanian secret services. Albanian intelligence had compromised hundreds of usernames and passwords as a result of the attacks, one of the private cyber security investigators familiar with intercepted web traffic.

The Albanian government information service said the attacks were aimed at an unclassified infrastructure that “does not store or process information that is classified as” state secrets “at any level.”

According to the records, civilian organizations in Turkey have also been attacked, including a Turkish Freemason chapter that, according to conservative Turkish media, has been linked to the U.S.-based Muslim cleric Fethullah Gulen, who was accused of an attempted coup in 2016 to have perpetrated.

Turkey’s Great Liberal Lodge said there were no records of cyberattacks against the kidnapped domains identified by Reuters and there was “no data exfiltration.”

“Due to precautionary measures, attacks on the websites are not possible,” said a spokesman, adding that the cleric had no affiliation with the organization.

The minister publicly refused to prevent the attempted coup by saying “it is not possible” and said that he was always against coups.

A Gulen spokesman said Gulen was not involved in the attempted coup and has repeatedly convicted him and his perpetrators. Gulen was never associated with the Masonic organization, the spokesman added.

