Black Hat The ongoing conflict between Russian and the Ukraine has shown the increasing sophistication of state-sponsored hackers and the casualties of war have included some surprising victims.
Dr Kenneth Geers, senior research scientist at Comodo and coauthor of a NATO-funded study into the conflict, told delegates at the Black Hat security conference that the conflict showed that online warfare is a fact of life and we had all better get used to the idea. You can grab his slides here and white paper here [PDFs].
“Last month, at a NATO summit in Poland, they adopted the motion that cyberspace is a legitimate domain of warfare. You can agree with that or not but it doesn’t matter, the world’s most powerful military alliance has declared it so.”
Geers has spent the last two years living in Ukraine and studying how the conflict has played out online, away from the battlefield. He said that as tensions on both sides mounted then there was a corresponding increase in hacking activity.
Back in 2012, when the situation was still jaw-jaw, not war-war, websites in Ukraine - and particularly government sites - were frequently defaced. By 2013 Ukrainian sysadmins saw penetration by advanced malware families such as Red October, miniduke and NetTraveler, laying the ground for future attacks.
By the the conflict became a shooting war in 2014 the gloves came off and Ukraine saw a massive and widespread technological campaign. The State Space Agency of Ukraine satellites found that some of its satellites were p0wned, there were special forces attacks against key data lines, and there were a series of political doxing attacks against NATO and the Ukraine.
For example, in February 2014 a highly embarrassing phone call between US Assistant Secretary of State Victoria Nuland and Geoffrey Pyatt, US ambassador to Ukraine, was leaked. In it Nuland was disparaging about some Ukrainian politicians ands was scathing about EU efforts to broker peace in the area, responding with “Fuck the EU.”.
Geers said that, as the troops were moving, there was a different kind of hacking. There was sudden and major changes to Wikipedia pages relating to the country, smart TV sets in the Ukraine were hacked and started displaying Russian propaganda, and fake social media posts were spammed out.
In the latter case the most infamous example was the case of Igor Rosovskiy, who posted on social media that he was a doctor in the Ukraine who had been prevented from treating the wounded by the “fascist” Ukrainian government. These were immediately picked up by Russian media, even after the posts were debunked and the picture of Rosovskiy was identified as being of a Russian dentist.
These attacks weren’t one sided, however. Ukrainian hackers started taking control of Russian digital billboards and broadcast their own propaganda. But the size, depth, and audacity of the Russian attacks shocked NATO, Geers said.
This culminated in an attack on the 2014 Ukrainian presidential election itself. After votes were cast on election day the official government website reported the wrong result. The hacked site reported that a candidate from a far-right party who received few votes had won, and again Russian media ran with the news.
Then there was the infamous hacking attack against the Ukrainian power system that blocked out 50 substations and left 200,000 people in the dark. Geers said the blackout was initiated by spear phishing staff at electrical utilities, blocking backup systems, with the possible use of a Cisco zero-day to gain control of key systems.
"There is no question cyberwar exists, but whether it rises to being a weapon of mass distraction isn’t certian,” he said. “It’s not decisive I think. But if you’re a tank commander and the opponent has a zero day on an app you need then it’s going to be a long day on the battlefield because modern military hardware is basically a collection of computers.” ®