News from the #cyberwar in #Ukraine

#Blackout, #Bots and #Trolls

On December, 23th, 2015, parts of the electricity infrastructure in Ukraine were attacked by hackers. The result was a blackout for approx. 700K people.

According to @wired and @ZEIT, the hack was launched with a malware called blackenergy. This is a framework that can be equipped with different exploits. In the attack a „killdisc“ feature was used that destroys the boot sector on a hard disk and thereby makes the computer useless.

In addition, wired reports that there had been a denial of service attack on the telephone hotlines of the energy companies: Many people called the hotlines and made wrong statements about the location of blackouts so that the companies could not know what was really going on.

This case reminds of a cyberattack in the Russian-Georgian war in 2008 when the energy infrastructure in Georgia was taken down: The target is similar, the exploit seems to be an update and at least for the telephone denial of service attack, many “hacktivists” are necessary. All three points show a parallel to the attack from 2008.

Some weeks earlier, paramilitaries from Ukraine had destroyed manually the energy transmission to Crimea. It therefore seems very plausible to assume that Russia is responsible for this attack.

But the nearby solution does not have to be right! First of all it makes a big difference if the attack was made by any pro-Russian group (like the hacker group cyberberkut) or by the Government. Even in the very good documented case of 2008 it is not clear if the attack was launched by official institutions like secret service or army or by the Russian mafia.

Second, there is always the possibility that even a serious attack is a hoax by an agent provocateur. Especially secret services trained in the tradition of KGB (and that holds true for the Ukrainian side as well) are said to be experts in those operations. (Take a look at Alan Furst’s “Night Soldiers” for a literarily perspective!)

Just a week later, Twitter began to block many accounts from Ukraine. The internet service UAposition claims that Russian bots did falsely report innocent Ukrainian users to be blocked and that Twitter made a mistake.

Might be. But from my own studies I know that there are so many Ukrainian bots that it is as well very likely that Twitter has just started to block these users now. By the way, Facebook has started to block Ukrainian users as well, some month ago, because of hate speeches. Mighty Marc himself reviewed some of the blockings and said: “I think, we made the right decision.” At least, this is wat UAposition says.

What we can say for certain is that cyberwar activities from bots to hacks are happening regularly in Ukraine and frequency and intensity seems to increase.