Ukraine, already in a shooting war with Russia over its invasion in 2014, could find itself increasingly under attack in cyberspace in 2017. Online security experts also predict the online conflict between Russia and the West will spread.
In the wake of the hacking of the U.S. Democratic National Committee, which the U.S. intelligence community has declared the work of Russia, European states are expecting more Kremlin cyber-meddling in elections this year in France and Germany.
Meanwhile Ukraine, which suffered several cyber attacks last year, has already developed a strategy. But experts say no country can fully protect itself from online attack.
During the Defcon annual world hackers’ conference in August, Chris Rock, the CEO of the Kustodian specialized security company, which provides penetration testing and security monitoring around the globe, said that a determined cyber criminal can hack anything.
If someone wants to hack a country, they just need to pick their targets: the government, oil and electricity companies, or media agencies, Rock told the Kyiv Post on Jan. 17.
“Ukraine doesn’t have strong cyber security, but neither does the rest of the world,” Rock said. “Any company or country can be hacked, and Ukraine is in no better position than anyone else.”
Cyber wars
According to Ukrainian President Petro Poroshenko, Ukrainian government websites were attacked 6,500 times in November and December 2016 alone.
The latest attack hit state-owned UkrEnergo’s Pivhichna power substation in December, causing an hour-long blackout in the outskirts of Kyiv. A year before, a well-coordinated cyber attack hit another Ukrainian power supplier, PrykarpattyaOblEnergo, leaving more than 200,000 people without electricity.
Maria Melinishyn, PrykarpattyaOblEnergo’s spokesperson, told the Kyiv Post on Jan. 17 that after suffering several massive hacking attacks in December 2015, company’s security service has improved the cyber protection of the plant, and there have been no other serious incidents.
“But the ones we had last year were scary,” Melinishyn said. “Somebody infected our system with a powerful virus and started remotely cutting off power at different electricity substations in the region – in schools, and hospitals. And we couldn’t do anything about it for several hours.”
That attack – thought to be the first one to knock out a power utility – was traced by U.S. cyber security firms to a Russian hacker group called Sandworm, which experts said is aligned with the Russian state.
In 2016, hackers targeted the state retirement fund, Ukrainian Finance Ministry and state treasury, causing one-day delay in payments. Another attack, again thought to have come from Russia, targeted the country’s main airport, Kyiv’s Borispol International Airport, with malware found on the airport’s servers.
In March, the National Security and Defense Council of Ukraine adopted the Ukrainian State Cyber Security Strategy in order to strengthen Ukrainian state agencies’ defenses against virtual criminals.
“This year, and the next five to 10 years, will be known as the (years of) cyber wars and conflicts, where everything online can be a weapon: medical records, stock exchanges, hedge funds, and shared passwords for retail and social media,” said Rock. “All these sorts of internet-connected companies will be targeted by hackers.”
Online target
Ukraine’s parliament has allocated Hr 150 million ($5 million) for cyber defenses in 2017. Although the investigations into the origins of the latest big cyber attacks are still going on in Ukraine, U.S Homeland Security has confirmed to the International Business Times news website that software called BlackEnergy, a favorite with Russian hacking groups, was found lurking in Ukrainian power station systems.
After a month of internal investigation, UkrEnergo’s press service told the Kyiv Post on Jan. 18 that the Pivhichna substation system servers had on the night on Dec. 17-18 suffered a well-planned cyber attack with the use of a Cyber Kill Chain model – a seven-step cyber attack that begins with harvesting email addresses and ends with a network being penetrated and control of it being taken over remotely.
UkrEnergo is currently cooperating with Ukrainian law enforcement agencies in the investigation into the incident. It is hoped that information from the probe will help in developing an effective cybersecurity strategy for Ukraine’s energy sphere, minimizing cyber threats and their consequences, the utility’s press service said.
Sean Townsend, a “hacktivist” and spokesperson for the Ukrainian Cyber Alliance hacking group, told the Kyiv Post that Ukraine is already in a cyber war with Russia, and should focus on protecting key targets.
“First, Ukraine needs to understand what objects must be under cyber guard,” Townsend told the Kyiv Post. “It’s pointless to hack us for information leaks, as we are pretty open to the world. But our government should realize there is war on, and must pay constant attention to protecting infrastructure objects and data that are important for the military and in politics.”
While Russian hackers target utilities and airports, Ukrainian hackers are fighting back by stealing information that can discredit the Kremlin. For instance, Cyber Alliance in October leaked the e-mails of Vladislav Surkov, a top aide of Russian President Vladimir Putin. Some of the messages indicated the Kremlin was closely involved in directing the activities of armed groups that have seized control in parts of Ukraine’s Donbas region.
Hacker for hire
Rock said shopping for a hacker is like getting a haircut – some people will charge $10 for a haircut, and some $240.
For a government hack, experts could charge $100,000 (perhaps $250,000 if the job was risky) upfront. The price depends on whether the client wants long-term stealth access, or just a data grab, he said.
“Finding professional hackers is usually done by word of mouth – you will need to ‘know a guy’ who knows a guy. If you shop on the Dark Web (part of the internet that is accessible only via special software, where users can operate anonymously, without IP addresses) and not by referral, you are likely to lose your money or get a $10 haircut attempt. An expert will guarantee compromised access.”
Hiring a top cyber security professional to protect a company from such “hairdressers” also costs from $100,000 to $250,000 per month on average, depending on their skill set and experience, Rock said.
Unfortunately, the security of many government websites is not difficult to breach, Rock said. For example, a site like that of the state treasury can be accessed via a phishing scam (in which a hacker attempts to trick users into revealing information that gives access to the site.)
An expert hacker could breach such a site’s cyber defenses within 1-4 weeks: one week if they have some luck on their side, four weeks if they have to use a variety of approaches.
“With a bit of luck you could have access within a few days, but we would suggest four weeks if we were doing an assignment,” Rock said.
According to Cybersecurity Ventures, a cyber security research and intelligence company, “black-hat hackers” (the cyber attackers) are usually faster to breach online defenses than “white-hat hackers” (cyber defenders) are to patch gaps in company online security. As a result, enterprises and governments around the world are creating more jobs for cyber security specialists.
“One million cyber security jobs opened in 2016, and the number is expected to reach 1.5 million by 2019,” reads a recent report by the company.
The report also says that annual global cyber crime costs will grow from $3 trillion in 2015, to $6 trillion by 2021.
