SlideShare a Scribd company logo
1 of 31
Download to read offline
Cyber and Geopolitics:
Ukrainian factor
Victor Zhora
UISG, Member of Board
Agenda
• Election’s Hack
– Cyberberkut
– First messages
– Versions
• DNC Hack
– Circumstances
– Results
• Press and follow-up
Election hack, 22-25/05/2014
Phases
• “Elections” System destruction/disruption
• Displaying of fake election results
• DDoS attack on CEC website
Cyberberkut, 23/05/2014
Nalyvaichenko, 23/05/2014
• "Yesterday, an
infected program
was destroyed. On
May 25, the virus
had to destroy the
election results.
The virus has been
eliminated, the
software has been
replaced.”
CERT-UA
Versions
• Malware (Uroboros, Sofacy ???)
• Insider
• Cisco 0-day
• Web shell
• SOESoftware
Version #1: Sofacy
Version #1: Sofacy
• Nikolay Koval: “The technical aspects of this
hack also tell us something very important:
the hackers were professionals. Beyond
disabling the site and successfully displaying
incorrect election results, CERT-UA discovered
advanced cyber espionage malware on the
CEC network (Sofacy/APT28/Sednit).”
• My question: which one? Sofacy, X-agent…?
Version #2: Cisco 0-day
• Cyberberkut: “We
hacked CEC
network via 0-day
vulnerability in
Cisco ASA”
Version #3: Web shell, SOESoftware
• Web shell had been probably used for placing
of a Yarosh picture and changing of a content
according to circumstances
• Web server logs show only several
connections, shell wasn’t widely used
• Persistent access had been arranged long
before elections
Yarosh picture
Yarosh picture
• Nikolay Koval: “On 25 May – election day – 12
minutes before the polls closed (19:48 EET),
the attackers posted on the CEC website a
picture of Ukrainian Right Sector leader
Dmitry Yarosh, incorrectly claiming that he
had won the election. This image was
immediately shown on Russian TV channels.”
WSJ, 09/11/2015
• Margaret Coker, Paul Sonne
US Media
2016 Democratic National
Committee email leak, 22/07/2016
• 19,252 emails and 8,034 attachments leaked to
and subsequently published by WikiLeaks
• Idea of leaked emails: sabotage Bernie Sanders’
election campaign
• 08/11/2016 – Election Day
• 09/12/2016 - the CIA told that the US Intelligence
Community concluded Russia conducted
operations during the 2016 U.S. election to
prevent Hillary Clinton from winning the
presidency
DNC Hack
• “Guccifier 2.0” (Romanian???) claimed to be
the source of the leaks
• CrowdStrike, Fidelis Cybersecurity, Mandiant,
SecureWorks, and ThreatConnect, and the
editor for Ars Technica, stated the leak was
part of a series of cyberattacks on the DNC
committed by two Russian intelligence groups
DNC Hack
• 06/10/2016, Joint Statement from the
Department Of Homeland Security and Office of
the Director of National Intelligence on Election
Security
– “The U.S. Intelligence Community (USIC) is confident
that the Russian Government directed the recent
compromises of e-mails from US persons and
institutions, including from US political organizations.
The recent disclosures of alleged hacked e-mails on
sites like DCLeaks.com and WikiLeaks and by the
Guccifer 2.0 online persona are consistent with the
methods and motivations of Russian-directed efforts”
DNC Hack
• 06/10/2016, Joint Statement from the
Department Of Homeland Security and Office of
the Director of National Intelligence on Election
Security
– “These thefts and disclosures are intended to
interfere with the US election process. Such activity is
not new to Moscow—the Russians have used similar
tactics and techniques across Europe and Eurasia, for
example, to influence public opinion there. We
believe, based on the scope and sensitivity of these
efforts, that only Russia's senior-most officials could
have authorized these activities”
DNC Hack
• 06/10/2016, Joint Statement from the Department Of
Homeland Security and Office of the Director of
National Intelligence on Election Security
– “The USIC and the Department of Homeland Security
(DHS) assess that it would be extremely difficult for
someone, including a nation-state actor, to alter actual
ballot counts or election results by cyber attack or
intrusion. This assessment is based on the decentralized
nature of our election system in this country and the
number of protections state and local election officials
have in place. States ensure that voting machines are not
connected to the Internet, and there are numerous checks
and balances as well as extensive oversight at multiple
levels built into our election process”
DNC Hack
• 14/10/2016, Joe
Biden, NBC News
– “…the U.S. would
respond to these
attacks at the time of
our choosing, and
under the
circumstances that
have the greatest
impact.”
Time, 07/11/2016
• Simon Shuster
Time, 07/11/2016
• Idea #1: UCA appears as
an independent player
• Idea #2: binding UCA
activity to foreign
intelligence, presumably
US one
New York Times, 16/08/2017
• Andrew A. Kramer, Andrew Higgins
New York Times, 16/08/2017
• Idea #1: “Profexer”, the Ukrainian hacker,
developed malware (P.A.S. web shell) used in the
DNC Hack
• Idea #2: binding Ukrainian hackers to Fancy Bear/
Cosy Bear
• “The mirror of the hard drive (from CVK – VZ)
went to the F.B.I., which had this forensic sample
when the cybersecurity company CrowdStrike
identified the same malware two years later, on
the D.N.C. servers”
The Washington Times, 21/08/2017
• Dan Boylan, DNC hack theories considered
extreme and fringe now entering mainstream
– Idea: not a hack, but a leak by the insider
– Ray McGovern, CIA veteran “There is clear
evidence that some of the DNC emails given to
WikiLeaks contained superimposed Russian
language formatting. Essentially, they were
synthetically tainted with Russian fingerprints”
Crowdstrike, 22/12/2016
• “In late June and August 2016,
CrowdStrike Intelligence
provided initial reporting and
technical analysis of a variant
of the FANCY BEAR implant X-
Agent that targeted the
Android mobile platform2.
CrowdStrike identified this X-
Agent variant within a
legitimate Android application
named Попр-Д30.apk”
Goal #1: We’re under attack!!!
Goal #2: You’re in danger too!
Goal #3: Invest in Ukraine!
To be continued…
• Wired, Andy Greenberg, 06/09/2017

More Related Content

What's hot

A US Cybersecurity Strategy for 2030
A US Cybersecurity Strategy for 2030A US Cybersecurity Strategy for 2030
A US Cybersecurity Strategy for 2030
Scott Dickson
 
Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011
hassanzadeh20
 
Lim JUS 394 Cyberterrorism
Lim JUS 394 CyberterrorismLim JUS 394 Cyberterrorism
Lim JUS 394 Cyberterrorism
merlyna
 

What's hot (20)

Cyber Terrorism Presentation
Cyber Terrorism PresentationCyber Terrorism Presentation
Cyber Terrorism Presentation
 
A US Cybersecurity Strategy for 2030
A US Cybersecurity Strategy for 2030A US Cybersecurity Strategy for 2030
A US Cybersecurity Strategy for 2030
 
Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
 
2016 us election cyber attack
2016 us election cyber attack2016 us election cyber attack
2016 us election cyber attack
 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ss
 
Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)
 
Cyberwarfare
CyberwarfareCyberwarfare
Cyberwarfare
 
Cyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant MaliCyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant Mali
 
Lim JUS 394 Cyberterrorism
Lim JUS 394 CyberterrorismLim JUS 394 Cyberterrorism
Lim JUS 394 Cyberterrorism
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Cyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreCyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece Moore
 
Session 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj YunosSession 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj Yunos
 
RSTREET17
RSTREET17RSTREET17
RSTREET17
 
Cyber war
Cyber warCyber war
Cyber war
 
Cyberwar and Geopolitics
Cyberwar and GeopoliticsCyberwar and Geopolitics
Cyberwar and Geopolitics
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )
 
Shubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.pptShubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.ppt
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 

Similar to Viktor Zhora - Cyber and Geopolitics: Ukrainian factor

Select a recent Internet scandaleventnews media happening. Describ.pdf
Select a recent Internet scandaleventnews media happening. Describ.pdfSelect a recent Internet scandaleventnews media happening. Describ.pdf
Select a recent Internet scandaleventnews media happening. Describ.pdf
nishadvtky
 
San Francisco Isaca Fall Security Conference G32 Wiki Leaks Social Media &amp...
San Francisco Isaca Fall Security Conference G32 Wiki Leaks Social Media &amp...San Francisco Isaca Fall Security Conference G32 Wiki Leaks Social Media &amp...
San Francisco Isaca Fall Security Conference G32 Wiki Leaks Social Media &amp...
Pw Carey
 
C|EH Introduction
C|EH IntroductionC|EH Introduction
C|EH Introduction
sunnysmith
 
Cyber Wars.pptx
Cyber Wars.pptxCyber Wars.pptx
Cyber Wars.pptx
ArjunKumar684595
 

Similar to Viktor Zhora - Cyber and Geopolitics: Ukrainian factor (20)

https://uii.io/Oneconflict
https://uii.io/Oneconflicthttps://uii.io/Oneconflict
https://uii.io/Oneconflict
 
Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!
Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!
Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!
 
Does a Bear Leak in the Woods?
Does a Bear Leak in the Woods?Does a Bear Leak in the Woods?
Does a Bear Leak in the Woods?
 
Cyber securityincidents 2016
Cyber securityincidents 2016Cyber securityincidents 2016
Cyber securityincidents 2016
 
Select a recent Internet scandaleventnews media happening. Describ.pdf
Select a recent Internet scandaleventnews media happening. Describ.pdfSelect a recent Internet scandaleventnews media happening. Describ.pdf
Select a recent Internet scandaleventnews media happening. Describ.pdf
 
San Francisco Isaca Fall Security Conference G32 Wiki Leaks Social Media &amp...
San Francisco Isaca Fall Security Conference G32 Wiki Leaks Social Media &amp...San Francisco Isaca Fall Security Conference G32 Wiki Leaks Social Media &amp...
San Francisco Isaca Fall Security Conference G32 Wiki Leaks Social Media &amp...
 
San Francisco Isaca Fall Security Conference G32 Wiki Leaks Social Media &amp...
San Francisco Isaca Fall Security Conference G32 Wiki Leaks Social Media &amp...San Francisco Isaca Fall Security Conference G32 Wiki Leaks Social Media &amp...
San Francisco Isaca Fall Security Conference G32 Wiki Leaks Social Media &amp...
 
C|EH Introduction
C|EH IntroductionC|EH Introduction
C|EH Introduction
 
Full Sail University, Graphic Design BS — 01 Digital Literacy — 2.5: Research...
Full Sail University, Graphic Design BS — 01 Digital Literacy — 2.5: Research...Full Sail University, Graphic Design BS — 01 Digital Literacy — 2.5: Research...
Full Sail University, Graphic Design BS — 01 Digital Literacy — 2.5: Research...
 
Several major cyber attack weapons exposed in the United States.doc
Several major cyber attack weapons exposed in the United States.docSeveral major cyber attack weapons exposed in the United States.doc
Several major cyber attack weapons exposed in the United States.doc
 
G32 Wiki Leaks Social Media & Whistleblowers The Future Of It Auditing A ...
G32 Wiki Leaks Social Media & Whistleblowers The Future Of It Auditing A ...G32 Wiki Leaks Social Media & Whistleblowers The Future Of It Auditing A ...
G32 Wiki Leaks Social Media & Whistleblowers The Future Of It Auditing A ...
 
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
 
Privacy in the Information Age
Privacy in the Information AgePrivacy in the Information Age
Privacy in the Information Age
 
Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]
 
Cyber Wars.pptx
Cyber Wars.pptxCyber Wars.pptx
Cyber Wars.pptx
 
Several major cyber attack weapons exposed in the United States.docx
Several major cyber attack weapons exposed in the United States.docxSeveral major cyber attack weapons exposed in the United States.docx
Several major cyber attack weapons exposed in the United States.docx
 
News bytes-July 2013
News bytes-July 2013News bytes-July 2013
News bytes-July 2013
 
Cyber Threats to Human Rights
Cyber Threats to Human RightsCyber Threats to Human Rights
Cyber Threats to Human Rights
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence Operations
 
Network security threats ahmed s. gifel
Network security threats ahmed s. gifelNetwork security threats ahmed s. gifel
Network security threats ahmed s. gifel
 

More from OWASP Kyiv

Software Supply Chain Security та компоненти з відомими вразливостями
Software Supply Chain Security та компоненти з відомими вразливостямиSoftware Supply Chain Security та компоненти з відомими вразливостями
Software Supply Chain Security та компоненти з відомими вразливостями
OWASP Kyiv
 
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout SuiteCloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite
OWASP Kyiv
 

More from OWASP Kyiv (20)

Is there a penetration testing within PCI DSS certification? (Dmytro Diordiyc...
Is there a penetration testing within PCI DSS certification? (Dmytro Diordiyc...Is there a penetration testing within PCI DSS certification? (Dmytro Diordiyc...
Is there a penetration testing within PCI DSS certification? (Dmytro Diordiyc...
 
Software Supply Chain Security та компоненти з відомими вразливостями
Software Supply Chain Security та компоненти з відомими вразливостямиSoftware Supply Chain Security та компоненти з відомими вразливостями
Software Supply Chain Security та компоненти з відомими вразливостями
 
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout SuiteCloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite
 
Threat Modeling with OWASP Threat Dragon
Threat Modeling with OWASP Threat DragonThreat Modeling with OWASP Threat Dragon
Threat Modeling with OWASP Threat Dragon
 
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
 
Vlad Styran - Cyber Security Economics 101
Vlad Styran - Cyber Security Economics 101Vlad Styran - Cyber Security Economics 101
Vlad Styran - Cyber Security Economics 101
 
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in SecurityPavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
 
Ivan Vyshnevskyi - Not So Quiet Git Push
Ivan Vyshnevskyi - Not So Quiet Git PushIvan Vyshnevskyi - Not So Quiet Git Push
Ivan Vyshnevskyi - Not So Quiet Git Push
 
Dima Kovalenko - Modern SSL Pinning
Dima Kovalenko - Modern SSL PinningDima Kovalenko - Modern SSL Pinning
Dima Kovalenko - Modern SSL Pinning
 
Yevhen Teleshyk - OAuth Phishing
Yevhen Teleshyk - OAuth PhishingYevhen Teleshyk - OAuth Phishing
Yevhen Teleshyk - OAuth Phishing
 
Vlada Kulish - Why So Serial?
Vlada Kulish - Why So Serial?Vlada Kulish - Why So Serial?
Vlada Kulish - Why So Serial?
 
Vlad Styran - OWASP Kyiv 2017 Report and 2018 Plans
Vlad Styran - OWASP Kyiv 2017 Report and 2018 PlansVlad Styran - OWASP Kyiv 2017 Report and 2018 Plans
Vlad Styran - OWASP Kyiv 2017 Report and 2018 Plans
 
Roman Borodin - ISC2 & ISACA Certification Programs First-hand Experience
Roman Borodin - ISC2 & ISACA Certification Programs First-hand ExperienceRoman Borodin - ISC2 & ISACA Certification Programs First-hand Experience
Roman Borodin - ISC2 & ISACA Certification Programs First-hand Experience
 
Ihor Bliumental - WebSockets
Ihor Bliumental - WebSocketsIhor Bliumental - WebSockets
Ihor Bliumental - WebSockets
 
Serhiy Korolenko - The Strength of Ukrainian Users’ P@ssw0rds2017
Serhiy Korolenko - The Strength of Ukrainian Users’ P@ssw0rds2017Serhiy Korolenko - The Strength of Ukrainian Users’ P@ssw0rds2017
Serhiy Korolenko - The Strength of Ukrainian Users’ P@ssw0rds2017
 
Andriy Shalaenko - GO security tips
Andriy Shalaenko - GO security tipsAndriy Shalaenko - GO security tips
Andriy Shalaenko - GO security tips
 
Vlad Styran - "Hidden" Features of the Tools We All Love
Vlad Styran - "Hidden" Features of the Tools We All LoveVlad Styran - "Hidden" Features of the Tools We All Love
Vlad Styran - "Hidden" Features of the Tools We All Love
 
Volodymyr Ilibman - Close Look at Nyetya Investigation
Volodymyr Ilibman - Close Look at Nyetya InvestigationVolodymyr Ilibman - Close Look at Nyetya Investigation
Volodymyr Ilibman - Close Look at Nyetya Investigation
 
Ihor Bliumental - Collision CORS
Ihor Bliumental - Collision CORSIhor Bliumental - Collision CORS
Ihor Bliumental - Collision CORS
 
Lidiia 'Alice' Skalytska - Security Checklist for Web Developers
Lidiia 'Alice' Skalytska - Security Checklist for Web DevelopersLidiia 'Alice' Skalytska - Security Checklist for Web Developers
Lidiia 'Alice' Skalytska - Security Checklist for Web Developers
 

Recently uploaded

Recently uploaded (20)

Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024   Teams Premium - Pretty SecureECS 2024   Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Buy Epson EcoTank L3210 Colour Printer Online.pdf
Buy Epson EcoTank L3210 Colour Printer Online.pdfBuy Epson EcoTank L3210 Colour Printer Online.pdf
Buy Epson EcoTank L3210 Colour Printer Online.pdf
 
The Metaverse: Are We There Yet?
The  Metaverse:    Are   We  There  Yet?The  Metaverse:    Are   We  There  Yet?
The Metaverse: Are We There Yet?
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
THE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in  GERMANY for 2024: IPTVreelTHE BEST IPTV in  GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreel
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdf
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
 

Viktor Zhora - Cyber and Geopolitics: Ukrainian factor

  • 1. Cyber and Geopolitics: Ukrainian factor Victor Zhora UISG, Member of Board
  • 2. Agenda • Election’s Hack – Cyberberkut – First messages – Versions • DNC Hack – Circumstances – Results • Press and follow-up
  • 3. Election hack, 22-25/05/2014 Phases • “Elections” System destruction/disruption • Displaying of fake election results • DDoS attack on CEC website
  • 5. Nalyvaichenko, 23/05/2014 • "Yesterday, an infected program was destroyed. On May 25, the virus had to destroy the election results. The virus has been eliminated, the software has been replaced.”
  • 7. Versions • Malware (Uroboros, Sofacy ???) • Insider • Cisco 0-day • Web shell • SOESoftware
  • 9. Version #1: Sofacy • Nikolay Koval: “The technical aspects of this hack also tell us something very important: the hackers were professionals. Beyond disabling the site and successfully displaying incorrect election results, CERT-UA discovered advanced cyber espionage malware on the CEC network (Sofacy/APT28/Sednit).” • My question: which one? Sofacy, X-agent…?
  • 10. Version #2: Cisco 0-day • Cyberberkut: “We hacked CEC network via 0-day vulnerability in Cisco ASA”
  • 11. Version #3: Web shell, SOESoftware • Web shell had been probably used for placing of a Yarosh picture and changing of a content according to circumstances • Web server logs show only several connections, shell wasn’t widely used • Persistent access had been arranged long before elections
  • 13. Yarosh picture • Nikolay Koval: “On 25 May – election day – 12 minutes before the polls closed (19:48 EET), the attackers posted on the CEC website a picture of Ukrainian Right Sector leader Dmitry Yarosh, incorrectly claiming that he had won the election. This image was immediately shown on Russian TV channels.”
  • 14. WSJ, 09/11/2015 • Margaret Coker, Paul Sonne
  • 16. 2016 Democratic National Committee email leak, 22/07/2016 • 19,252 emails and 8,034 attachments leaked to and subsequently published by WikiLeaks • Idea of leaked emails: sabotage Bernie Sanders’ election campaign • 08/11/2016 – Election Day • 09/12/2016 - the CIA told that the US Intelligence Community concluded Russia conducted operations during the 2016 U.S. election to prevent Hillary Clinton from winning the presidency
  • 17. DNC Hack • “Guccifier 2.0” (Romanian???) claimed to be the source of the leaks • CrowdStrike, Fidelis Cybersecurity, Mandiant, SecureWorks, and ThreatConnect, and the editor for Ars Technica, stated the leak was part of a series of cyberattacks on the DNC committed by two Russian intelligence groups
  • 18. DNC Hack • 06/10/2016, Joint Statement from the Department Of Homeland Security and Office of the Director of National Intelligence on Election Security – “The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations. The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts”
  • 19. DNC Hack • 06/10/2016, Joint Statement from the Department Of Homeland Security and Office of the Director of National Intelligence on Election Security – “These thefts and disclosures are intended to interfere with the US election process. Such activity is not new to Moscow—the Russians have used similar tactics and techniques across Europe and Eurasia, for example, to influence public opinion there. We believe, based on the scope and sensitivity of these efforts, that only Russia's senior-most officials could have authorized these activities”
  • 20. DNC Hack • 06/10/2016, Joint Statement from the Department Of Homeland Security and Office of the Director of National Intelligence on Election Security – “The USIC and the Department of Homeland Security (DHS) assess that it would be extremely difficult for someone, including a nation-state actor, to alter actual ballot counts or election results by cyber attack or intrusion. This assessment is based on the decentralized nature of our election system in this country and the number of protections state and local election officials have in place. States ensure that voting machines are not connected to the Internet, and there are numerous checks and balances as well as extensive oversight at multiple levels built into our election process”
  • 21. DNC Hack • 14/10/2016, Joe Biden, NBC News – “…the U.S. would respond to these attacks at the time of our choosing, and under the circumstances that have the greatest impact.”
  • 23. Time, 07/11/2016 • Idea #1: UCA appears as an independent player • Idea #2: binding UCA activity to foreign intelligence, presumably US one
  • 24. New York Times, 16/08/2017 • Andrew A. Kramer, Andrew Higgins
  • 25. New York Times, 16/08/2017 • Idea #1: “Profexer”, the Ukrainian hacker, developed malware (P.A.S. web shell) used in the DNC Hack • Idea #2: binding Ukrainian hackers to Fancy Bear/ Cosy Bear • “The mirror of the hard drive (from CVK – VZ) went to the F.B.I., which had this forensic sample when the cybersecurity company CrowdStrike identified the same malware two years later, on the D.N.C. servers”
  • 26. The Washington Times, 21/08/2017 • Dan Boylan, DNC hack theories considered extreme and fringe now entering mainstream – Idea: not a hack, but a leak by the insider – Ray McGovern, CIA veteran “There is clear evidence that some of the DNC emails given to WikiLeaks contained superimposed Russian language formatting. Essentially, they were synthetically tainted with Russian fingerprints”
  • 27. Crowdstrike, 22/12/2016 • “In late June and August 2016, CrowdStrike Intelligence provided initial reporting and technical analysis of a variant of the FANCY BEAR implant X- Agent that targeted the Android mobile platform2. CrowdStrike identified this X- Agent variant within a legitimate Android application named Попр-Д30.apk”
  • 28. Goal #1: We’re under attack!!!
  • 29. Goal #2: You’re in danger too!
  • 30. Goal #3: Invest in Ukraine!
  • 31. To be continued… • Wired, Andy Greenberg, 06/09/2017