SlideShare a Scribd company logo

War between Russia and Ukraine in cyber space

Download as PPT, PDF
U
uisgslide

Cyber attacks increased in Ukraine during the revolution and Russian intervention. DDoS attacks targeted opposition media and banks, while personal accounts of opposition politicians were hacked. Mobile technologies were important for communication during protests. Russia occupied Crimea and turned off Ukrainian TV channels while hacking government systems and intercepting traffic. Ongoing cyber attacks support Russia's military operations and use of propaganda. Ukraine is working to improve its response through legislation, collaboration, and supporting cyber defense capabilities, but more efforts are still needed to prepare networks and critical infrastructure.

Technology
1 of 13
Unifying the Global Response to Cybercrime Cyber attacks in Ukraine during revolution and Russian intervention Glib Pakharenko gpaharenko (at) gmail.com 2014-11-15 This is solely my personal opinion Do not consider as call for any action
Unifying the Global Response to Cybercrime Cyber attacks were before the revolution 2 Kyiv< 30 November 2013 Cyber attacks was quite popular before the revolution. • 100Gbit/s Ddos in UA segment in 2010 • politically motivated attacks before elections • Ddos on party sites • Compromise of accounts of politician • economically motivated attacks: • Ddos, on e-shops before Christmas • Mobile operators fraud • Carding • Internet banking unauthorized transfers • Lockers • SEO optimization, SPAM, etc. Police fights with pirated content, unauthorized porno- studios, and online gambling. Used to takes all servers and PC’s with them from victim or suspected.
Unifying the Global Response to Cybercrime Ddos attacks was most popular during street protest 3 December 2013-January 2014 The rate of attacks grows enormously (but dropped for Christmas holidays): •Ddos attacks against opposition media (BlackEnergy, DirtJumper – Russian made); •Police takes servers from opposition office; •Personal accounts of opposition politicians hacked; •Banks, which served accounts of opposition under hacking attacks (unauthorized transfer and then a Ddos to hide the fraud); •Anonymous attack government sites; •A “red” alarm level was on UA nuclear stations when protesters took the ministry of energy building, where control systems were located; •A PC which controls electricity in the city hall was broken, which led to its black-out; •Malicious traffic from Russia rerouted out of Ukraine through Belarus and Cyprus (HostExploit statistics). That’s why the first time in recent years, Ukraine was not in the list of countries with boosted cybercrime.
Unifying the Global Response to Cybercrime Mobile technologies were used during the peak of Revolution 4 Feb 2014 During the peak of the Revolution mobile technologies was most important: •Opposition Parliament member phones were flooded with SMS&Calls; •IMSI catcher mass messaging was used against protesters; •In West regions (where the Revolution started) in police departments only mobile phones were working (no PSTN or other connectivity); •Main opposition TV channel was turned off; •Police planned to turn off mobile connectivity; •In East regions police used mobile phone to compromise two-factor authentication and gain access to protester account.
Unifying the Global Response to Cybercrime Russia occupies Crimea 5 Feb-March 2014 •Government under attack: • Ddos on the parliament site to prohibit law publishing; • Ddos on other sites (national security council, president, etc.); •Physical attack on cabling infrastructure in Crimea; •Anonymous attack sites of Russian government in Crimea; •Russia turned-off UA channels in Crimea; •Broadcasters were unable to take their telecom equipment hosted in Crimea government datacenters; •Enormous amount of government and personal data from IT systems now in Russian hands; •Increased amount of GSM fraud from Crimea against UA operators (as UA law enforcement no longer effective there); •Russian IT-security NGO RISSPA censored anti-war discussions in its forum; •Mass changes in Wikipedia articles; •UA broadcasting satellite “Lybid” was not launched, as the space control center was conquered.
Unifying the Global Response to Cybercrime War with Russia 6 April 2014 – till now Russia effectively use cyber-technology to support their war. Physical attacks are especially dangerous against: •cabling and broadcast infrastructure in area of fighting (media and financial services unavailable); •cabling infrastructure in Kyiv (terracts); •ATMs of specific banks all over Ukraine (terracts). Mobile technology attacks: •Used for correction of artillery fire; •Talks interception; •Traffic rerouting into Russia using VLR/HRL updates; •Forensics of devices owned by UA supporters; Hacking attempts against IT systems of: •UA officials and businessmen accounts; •Local and central public administration; •Electronic election systems (coordinated with Russian main TV channel); •Railway IT systems; •Mobile operators; Russian military activity coordinated with Russian TV channels.
Unifying the Global Response to Cybercrime Russia acts 7 April 2014 – till now Russia has big potential for future cyber conflict: •Mass attacks similar (like against Estonia and Georgia); •Data interception in Russian IT services: • Ukrainians use Mail.ru, VK.com, etc.; • UA sites have counters (JavaScript)from Yandex; • Kaspersky, Dr. Web, 1C, Abby are very popular; •Russian owns or influence UA: • mobile operators (MTS, Kyivstar); • IT integrators and distributors (RRC, Jet); • Parameters of national encryption standard; • Support centers based in Russia (e.g. Arbor); • Webmoney (installs their root CA in browser!); • SCADA systems produced in Russia; • Internet-banking produced in Russia; • Anti-Ddos solutions (traffic rerouted to Moscow); •On the occupied territory: • Internet censorship (blocking UA sites); • Taking ownership on telecom and media property; • UA TV channels are turned off.
Unifying the Global Response to Cybercrime Russia acts (continued) 8 April 2014 – till now Russian cyber criminals became very active: •Specialized botnets being created from UA users only; •Mass attacks against smartphone users over SMS; •Even Smart TV’s were infected and forced to show aggressors’ channels; Russian propaganda is very effective: •Thousands of bots and operators work to influence rating and comments in social media or on popular news sites; •Pro-Russian articles all over the Internet (even on IT sites); Agressor use Internet to: •Recruited new members; •Communicate with each other in a secure way. Agressor warns about bombs in main TV channels in Kyiv.
Unifying the Global Response to Cybercrime Cyber attacks during elections and latest time 9 October 2014 (information mostly from CERT UA team). •Head of territory election commissions allowed unauthorized access to the server room. The spyware was installed from USB flash. File name was “CVK2014_217.exe”. •Ddos attacks against elections commission site. •Fake sites of election commission. Conflict in information space still goes. •Ukraine attempts to block international calls to new Russian Crimea code; •GPS signals could be blocked to fight with air-drones; •Internet access to Ukrainian sites is being blocked in Crimea schools; •Electronic billboards were hacked.
Unifying the Global Response to Cybercrime Sandworm has Russian origins 10 Information from iSightPartners and Trend micro. •Attribute to Russia; •Uses PowerPoint with very interesting topic (names of persons under investigation); •Targeting NATO, UA government, Polish energy firm; •Targeting SCADA devices.
Unifying the Global Response to Cybercrime Ukraine response 11 April 2014 – till now Ukraine improves its response in cyber-space: •Close access to national registers from occupied territories; •Aggressor communications being intercepted; •Blocking of sites of aggressor; •Prosecution authors of aggressor content; •Improve capabilities of CERT-UA team; •Development of national cyber-security legislation; •Limiting usage of Russian software; •Limited usage of mobile phones on war territory; •Fight with Russian cyber-criminals; •Increased collaboration between government and private sectors. •Mobilizaiton of Ukrainian chapters and NGOs like ISACA Kyiv chapter, OWASP, UISG etc. ; •Volunteers give IT equipment to army.
Unifying the Global Response to Cybercrime Even more effort required (lessons learned) 12 Cyber-war is effectively supports military operations. •Put cyber-security into your “crisis-plan”, when your closest ally becomes an enemy; •Do not have all your Internet traffic routed through a single neighbor country; •Clean your country networks (DNS&NTP servers, infected PC, no pirated software); •Design your web sites to be compatible with anti-ddos solutions (but attacks can flood your office WAN links to defeat anti-ddos service); •Monitor attacks, exchange information about them, research them; •Implement effective filtering mechanism on national exchange points; •Implement BCP plans for media to work in zones of war and deliver government information to audience in those areas; •Have a strong cyber-research capabilities in your country; •Have a strong national IT services (resist to globalization); •Implement controls for unauthorized use of lawful interception and cyber-operations by public authorities; •Implement national security standards acceptable both in public and private sector; •Make a simple and easy mechanisms for private researchers to get attack details; •Support creation of many CERT teams as possible; •Provide military and special forces with capabilities of effective large scale cyber-operations and forensics; •Prepare for occupation: have encryption, hidden communication with your partners, emergency data erase and quick recovery of IT systems in other geographical region.
Unifying the Global Response to Cybercrime BE READY TO PROTECT YOUR INDEPENDENCE AND DEMOCRACY 13 Share your ideas about improving national cyber security capabilities with me gpaharenko [at] gmail.com

Recommended

Iran’s nuclear program
Iran’s nuclear programIran’s nuclear program
Iran’s nuclear program
Ran Porat
 
Lecture 2 -Technology, Innovation and Great Power Competition
Lecture 2 -Technology, Innovation and Great Power CompetitionLecture 2 -Technology, Innovation and Great Power Competition
Lecture 2 -Technology, Innovation and Great Power Competition
Stanford University
 
Crimea annexation Lessons 2014
Crimea annexation Lessons 2014Crimea annexation Lessons 2014
Crimea annexation Lessons 2014
Andrii Ryzhenko
 
International Security 3
International Security 3International Security 3
International Security 3
alw1125
 
Middle east ottoman empire
Middle east ottoman empireMiddle east ottoman empire
Middle east ottoman empire
North Gwinnett Middle School
 
Russia Ukraine war analysis.pptx
Russia Ukraine war analysis.pptxRussia Ukraine war analysis.pptx
Russia Ukraine war analysis.pptx
Khulna University
 
Proxy wars
Proxy warsProxy wars
Proxy wars
Danielle Downey
 
Real Ways to Stop the War in Ukraine
Real Ways to Stop the War in UkraineReal Ways to Stop the War in Ukraine
Real Ways to Stop the War in Ukraine
EasyBusiness
 

Recommended

Iran’s nuclear program
Iran’s nuclear programIran’s nuclear program
Iran’s nuclear program
Ran Porat
 
Lecture 2 -Technology, Innovation and Great Power Competition
Lecture 2 -Technology, Innovation and Great Power CompetitionLecture 2 -Technology, Innovation and Great Power Competition
Lecture 2 -Technology, Innovation and Great Power Competition
Stanford University
 
Crimea annexation Lessons 2014
Crimea annexation Lessons 2014Crimea annexation Lessons 2014
Crimea annexation Lessons 2014
Andrii Ryzhenko
 
International Security 3
International Security 3International Security 3
International Security 3
alw1125
 
Middle east ottoman empire
Middle east ottoman empireMiddle east ottoman empire
Middle east ottoman empire
North Gwinnett Middle School
 
Russia Ukraine war analysis.pptx
Russia Ukraine war analysis.pptxRussia Ukraine war analysis.pptx
Russia Ukraine war analysis.pptx
Khulna University
 
Proxy wars
Proxy warsProxy wars
Proxy wars
Danielle Downey
 
Real Ways to Stop the War in Ukraine
Real Ways to Stop the War in UkraineReal Ways to Stop the War in Ukraine
Real Ways to Stop the War in Ukraine
EasyBusiness
 
strategic studies and international relations
strategic studies and international relationsstrategic studies and international relations
strategic studies and international relations
Tallat Satti
 
Crimea crisis
Crimea crisisCrimea crisis
Crimea crisis
Yasir Dil
 
Vladimir Vladimirovich Putin
Vladimir Vladimirovich Putin Vladimir Vladimirovich Putin
Vladimir Vladimirovich Putin
Antonis Gkekas
 
9 11 attacks
9 11 attacks9 11 attacks
9 11 attacks
bernardsanch
 
Conflict between ukraine and russia
Conflict between ukraine and russiaConflict between ukraine and russia
Conflict between ukraine and russia
Burnee Bok
 
DRONE WARFARE AND THE LAW OF ARMED CONFLICT
DRONE WARFARE AND THE LAW OF ARMED CONFLICTDRONE WARFARE AND THE LAW OF ARMED CONFLICT
DRONE WARFARE AND THE LAW OF ARMED CONFLICT
Angelo State University
 
Russia Ukraine crisis
Russia Ukraine crisisRussia Ukraine crisis
Russia Ukraine crisis
Dais informatics Pvt limited
 
Geopolitics and geostrategy dynamics in asia pacific region amidst covid 19
Geopolitics and geostrategy dynamics in asia pacific region amidst covid 19Geopolitics and geostrategy dynamics in asia pacific region amidst covid 19
Geopolitics and geostrategy dynamics in asia pacific region amidst covid 19
Sampe Purba
 
why CENTRAL ASIA is important?
why CENTRAL ASIA is important?why CENTRAL ASIA is important?
why CENTRAL ASIA is important?
s.tahira hussain
 
The Fall of Constantinople
The Fall of ConstantinopleThe Fall of Constantinople
The Fall of Constantinople
ssclasstorremar
 
Nuclear proliferation
Nuclear proliferationNuclear proliferation
Nuclear proliferation
Robert Young
 
Global Terrorism Challenges & Response
Global Terrorism Challenges & ResponseGlobal Terrorism Challenges & Response
Global Terrorism Challenges & Response
Shahid Hussain Raja
 
Non kinetic warfare share
Non kinetic warfare shareNon kinetic warfare share
Non kinetic warfare share
104016032
 
Russia's war in Ukraine.pptx
Russia's war in Ukraine.pptxRussia's war in Ukraine.pptx
Russia's war in Ukraine.pptx
AayushiPriya6
 
Russia Ukraine Gas Conflict
Russia Ukraine Gas ConflictRussia Ukraine Gas Conflict
Russia Ukraine Gas Conflict
Akash Jauhari
 
Evolving PRC Military Capabilities
Evolving PRC Military CapabilitiesEvolving PRC Military Capabilities
Evolving PRC Military Capabilities
ICSA, LLC
 
Carl von clausewitz
Carl von clausewitzCarl von clausewitz
Carl von clausewitz
Shafiq Ridz
 
The Syrian Crises : Past,Present and Future
The Syrian Crises : Past,Present and FutureThe Syrian Crises : Past,Present and Future
The Syrian Crises : Past,Present and Future
Shahid Hussain Raja
 
The crimean war key events AS History - Bhasvic
The crimean war key events AS History - BhasvicThe crimean war key events AS History - Bhasvic
The crimean war key events AS History - Bhasvic
cajbhasvic
 
Terrorism in india
Terrorism in indiaTerrorism in india
Terrorism in india
Col Mukteshwar Prasad
 
Ataki po stronie klienta w publicznych punktach dostępowych
Ataki po stronie klienta w publicznych punktach dostępowychAtaki po stronie klienta w publicznych punktach dostępowych
Ataki po stronie klienta w publicznych punktach dostępowych
Pawel Rzepa
 
Overview of Ukrainian Crisis Presentation Troian
Overview of Ukrainian Crisis Presentation TroianOverview of Ukrainian Crisis Presentation Troian
Overview of Ukrainian Crisis Presentation Troian
irinatroian
 

More Related Content

What's hot

Crimea crisis
Crimea crisisCrimea crisis
Crimea crisis
Yasir Dil
 
DRONE WARFARE AND THE LAW OF ARMED CONFLICT
DRONE WARFARE AND THE LAW OF ARMED CONFLICTDRONE WARFARE AND THE LAW OF ARMED CONFLICT
DRONE WARFARE AND THE LAW OF ARMED CONFLICT
Angelo State University
 
The Fall of Constantinople
The Fall of ConstantinopleThe Fall of Constantinople
The Fall of Constantinople
ssclasstorremar
 
Nuclear proliferation
Nuclear proliferationNuclear proliferation
Nuclear proliferation
Robert Young
 
Global Terrorism Challenges & Response
Global Terrorism Challenges & ResponseGlobal Terrorism Challenges & Response
Global Terrorism Challenges & Response
Shahid Hussain Raja
 
Carl von clausewitz
Carl von clausewitzCarl von clausewitz
Carl von clausewitz
Shafiq Ridz
 

What's hot (20)

strategic studies and international relations
strategic studies and international relationsstrategic studies and international relations
strategic studies and international relations
 
Crimea crisis
Crimea crisisCrimea crisis
Crimea crisis
 
Vladimir Vladimirovich Putin
Vladimir Vladimirovich Putin Vladimir Vladimirovich Putin
Vladimir Vladimirovich Putin
 
9 11 attacks
9 11 attacks9 11 attacks
9 11 attacks
 
Conflict between ukraine and russia
Conflict between ukraine and russiaConflict between ukraine and russia
Conflict between ukraine and russia
 
DRONE WARFARE AND THE LAW OF ARMED CONFLICT
DRONE WARFARE AND THE LAW OF ARMED CONFLICTDRONE WARFARE AND THE LAW OF ARMED CONFLICT
DRONE WARFARE AND THE LAW OF ARMED CONFLICT
 
Russia Ukraine crisis
Russia Ukraine crisisRussia Ukraine crisis
Russia Ukraine crisis
 
Geopolitics and geostrategy dynamics in asia pacific region amidst covid 19
Geopolitics and geostrategy dynamics in asia pacific region amidst covid 19Geopolitics and geostrategy dynamics in asia pacific region amidst covid 19
Geopolitics and geostrategy dynamics in asia pacific region amidst covid 19
 
why CENTRAL ASIA is important?
why CENTRAL ASIA is important?why CENTRAL ASIA is important?
why CENTRAL ASIA is important?
 
The Fall of Constantinople
The Fall of ConstantinopleThe Fall of Constantinople
The Fall of Constantinople
 
Nuclear proliferation
Nuclear proliferationNuclear proliferation
Nuclear proliferation
 
Global Terrorism Challenges & Response
Global Terrorism Challenges & ResponseGlobal Terrorism Challenges & Response
Global Terrorism Challenges & Response
 
Non kinetic warfare share
Non kinetic warfare shareNon kinetic warfare share
Non kinetic warfare share
 
Russia's war in Ukraine.pptx
Russia's war in Ukraine.pptxRussia's war in Ukraine.pptx
Russia's war in Ukraine.pptx
 
Russia Ukraine Gas Conflict
Russia Ukraine Gas ConflictRussia Ukraine Gas Conflict
Russia Ukraine Gas Conflict
 
Evolving PRC Military Capabilities
Evolving PRC Military CapabilitiesEvolving PRC Military Capabilities
Evolving PRC Military Capabilities
 
Carl von clausewitz
Carl von clausewitzCarl von clausewitz
Carl von clausewitz
 
The Syrian Crises : Past,Present and Future
The Syrian Crises : Past,Present and FutureThe Syrian Crises : Past,Present and Future
The Syrian Crises : Past,Present and Future
 
The crimean war key events AS History - Bhasvic
The crimean war key events AS History - BhasvicThe crimean war key events AS History - Bhasvic
The crimean war key events AS History - Bhasvic
 
Terrorism in india
Terrorism in indiaTerrorism in india
Terrorism in india
 

Viewers also liked

Viewers also liked (6)

Ataki po stronie klienta w publicznych punktach dostępowych
Ataki po stronie klienta w publicznych punktach dostępowychAtaki po stronie klienta w publicznych punktach dostępowych
Ataki po stronie klienta w publicznych punktach dostępowych
 
Overview of Ukrainian Crisis Presentation Troian
Overview of Ukrainian Crisis Presentation TroianOverview of Ukrainian Crisis Presentation Troian
Overview of Ukrainian Crisis Presentation Troian
 
S4 krotofil afternoon_sesh_2017
S4 krotofil afternoon_sesh_2017S4 krotofil afternoon_sesh_2017
S4 krotofil afternoon_sesh_2017
 
Ukrainian Crisis 2013-2015
Ukrainian Crisis 2013-2015Ukrainian Crisis 2013-2015
Ukrainian Crisis 2013-2015
 
S4 krotofil morning_sesh_2017
S4 krotofil morning_sesh_2017S4 krotofil morning_sesh_2017
S4 krotofil morning_sesh_2017
 
Ukraine crisis
Ukraine crisisUkraine crisis
Ukraine crisis
 

Similar to War between Russia and Ukraine in cyber space

Cyber Wars.pptx
Cyber Wars.pptxCyber Wars.pptx
Cyber Wars.pptx
ArjunKumar684595
 
GovSec Joyal New Threat Matrix
GovSec Joyal New Threat MatrixGovSec Joyal New Threat Matrix
GovSec Joyal New Threat Matrix
Paul Joyal
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
Sai praveen Seva
 
Cybercrime and Cybersecurity Governance: A Kenyan Perspective
Cybercrime and Cybersecurity Governance: A Kenyan PerspectiveCybercrime and Cybersecurity Governance: A Kenyan Perspective
Cybercrime and Cybersecurity Governance: A Kenyan Perspective
Ivan Sang
 

Similar to War between Russia and Ukraine in cyber space (20)

Cyber attacks in Ukraine
Cyber attacks in UkraineCyber attacks in Ukraine
Cyber attacks in Ukraine
 
Cyber Wars.pptx
Cyber Wars.pptxCyber Wars.pptx
Cyber Wars.pptx
 
https://uii.io/Oneconflict
https://uii.io/Oneconflicthttps://uii.io/Oneconflict
https://uii.io/Oneconflict
 
Mis chapter 9
Mis chapter 9Mis chapter 9
Mis chapter 9
 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ss
 
Cyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant MaliCyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant Mali
 
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...
 
Technical, Legal and Political Issues of Combating Terrorism on the Internet.
Technical, Legal and Political Issues of Combating Terrorism on the Internet.Technical, Legal and Political Issues of Combating Terrorism on the Internet.
Technical, Legal and Political Issues of Combating Terrorism on the Internet.
 
Cybercrime and security.pptx
Cybercrime and security.pptxCybercrime and security.pptx
Cybercrime and security.pptx
 
Cyberware
CyberwareCyberware
Cyberware
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
 
GovSec Joyal New Threat Matrix
GovSec Joyal New Threat MatrixGovSec Joyal New Threat Matrix
GovSec Joyal New Threat Matrix
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and Solutions
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
 
Security News Byes- Nov
Security News Byes- NovSecurity News Byes- Nov
Security News Byes- Nov
 
Towngas Infomation Security Week 2013 presentation
Towngas Infomation Security Week 2013 presentationTowngas Infomation Security Week 2013 presentation
Towngas Infomation Security Week 2013 presentation
 
The New Front Line:An observation of cyber threats in the 21st century
The New Front Line:An observation of cyber threats in the 21st centuryThe New Front Line:An observation of cyber threats in the 21st century
The New Front Line:An observation of cyber threats in the 21st century
 
Cybercrime and Cybersecurity Governance: A Kenyan Perspective
Cybercrime and Cybersecurity Governance: A Kenyan PerspectiveCybercrime and Cybersecurity Governance: A Kenyan Perspective
Cybercrime and Cybersecurity Governance: A Kenyan Perspective
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Focus on cyber threats in hacking cycle
Focus on cyber threats in hacking cycle Focus on cyber threats in hacking cycle
Focus on cyber threats in hacking cycle
 

More from uisgslide

Коментарі до концепції інформаційної безпеки
Коментарі до концепції інформаційної безпекиКоментарі до концепції інформаційної безпеки
Коментарі до концепції інформаційної безпеки
uisgslide
 
Uisg infosec 10_crypto
Uisg infosec 10_cryptoUisg infosec 10_crypto
Uisg infosec 10_crypto
uisgslide
 
Uisg itgov 7_top10
Uisg itgov 7_top10Uisg itgov 7_top10
Uisg itgov 7_top10
uisgslide
 
Uuisg itgov 10_bcp
Uuisg itgov 10_bcpUuisg itgov 10_bcp
Uuisg itgov 10_bcp
uisgslide
 
Uuisg itgov 9_itfinance
Uuisg itgov 9_itfinanceUuisg itgov 9_itfinance
Uuisg itgov 9_itfinance
uisgslide
 
Uisg itgov 19_cloud
Uisg itgov 19_cloudUisg itgov 19_cloud
Uisg itgov 19_cloud
uisgslide
 
Uisg itgov 15_nda
Uisg itgov 15_ndaUisg itgov 15_nda
Uisg itgov 15_nda
uisgslide
 
Uisg itgov 8_i_taudit
Uisg itgov 8_i_tauditUisg itgov 8_i_taudit
Uisg itgov 8_i_taudit
uisgslide
 
Uisg itgov 7_top10
Uisg itgov 7_top10Uisg itgov 7_top10
Uisg itgov 7_top10
uisgslide
 

More from uisgslide (20)

Стандарт верифікації безпеки веб-додатків ASVS 3.0
Стандарт верифікації безпеки веб-додатків ASVS 3.0Стандарт верифікації безпеки веб-додатків ASVS 3.0
Стандарт верифікації безпеки веб-додатків ASVS 3.0
 
Коментарі до концепції інформаційної безпеки
Коментарі до концепції інформаційної безпекиКоментарі до концепції інформаційної безпеки
Коментарі до концепції інформаційної безпеки
 
Кращи практики з аудиту та підтвердження довіри до інформаційних системи (ITA...
Кращи практики з аудиту та підтвердження довіри до інформаційних системи (ITA...Кращи практики з аудиту та підтвердження довіри до інформаційних системи (ITA...
Кращи практики з аудиту та підтвердження довіри до інформаційних системи (ITA...
 
Необхідність реформи галузі захисту інформації в Україні
Необхідність реформи галузі захисту інформації в УкраїніНеобхідність реформи галузі захисту інформації в Україні
Необхідність реформи галузі захисту інформації в Україні
 
Sandbox kiev
Sandbox kievSandbox kiev
Sandbox kiev
 
Comments glib pakharenko
Comments glib pakharenkoComments glib pakharenko
Comments glib pakharenko
 
Актуальні кібер-загрози АСУ ТП
Актуальні кібер-загрози АСУ ТПАктуальні кібер-загрози АСУ ТП
Актуальні кібер-загрози АСУ ТП
 
Circl eco
Circl ecoCircl eco
Circl eco
 
Group fs owasp_26-11-14
Group fs owasp_26-11-14Group fs owasp_26-11-14
Group fs owasp_26-11-14
 
Owasp healthcare cms
Owasp healthcare cmsOwasp healthcare cms
Owasp healthcare cms
 
OWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationOWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentation
 
Isaca kyiv chapter vygody v3
Isaca kyiv chapter vygody v3Isaca kyiv chapter vygody v3
Isaca kyiv chapter vygody v3
 
Uisg infosec 10_crypto
Uisg infosec 10_cryptoUisg infosec 10_crypto
Uisg infosec 10_crypto
 
Uisg itgov 7_top10
Uisg itgov 7_top10Uisg itgov 7_top10
Uisg itgov 7_top10
 
Uuisg itgov 10_bcp
Uuisg itgov 10_bcpUuisg itgov 10_bcp
Uuisg itgov 10_bcp
 
Uuisg itgov 9_itfinance
Uuisg itgov 9_itfinanceUuisg itgov 9_itfinance
Uuisg itgov 9_itfinance
 
Uisg itgov 19_cloud
Uisg itgov 19_cloudUisg itgov 19_cloud
Uisg itgov 19_cloud
 
Uisg itgov 15_nda
Uisg itgov 15_ndaUisg itgov 15_nda
Uisg itgov 15_nda
 
Uisg itgov 8_i_taudit
Uisg itgov 8_i_tauditUisg itgov 8_i_taudit
Uisg itgov 8_i_taudit
 
Uisg itgov 7_top10
Uisg itgov 7_top10Uisg itgov 7_top10
Uisg itgov 7_top10
 

Recently uploaded

PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
 

Recently uploaded (20)

Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 

War between Russia and Ukraine in cyber space

  • 1. Unifying the Global Response to Cybercrime Cyber attacks in Ukraine during revolution and Russian intervention Glib Pakharenko gpaharenko (at) gmail.com 2014-11-15 This is solely my personal opinion Do not consider as call for any action
  • 2. Unifying the Global Response to Cybercrime Cyber attacks were before the revolution 2 Kyiv< 30 November 2013 Cyber attacks was quite popular before the revolution. • 100Gbit/s Ddos in UA segment in 2010 • politically motivated attacks before elections • Ddos on party sites • Compromise of accounts of politician • economically motivated attacks: • Ddos, on e-shops before Christmas • Mobile operators fraud • Carding • Internet banking unauthorized transfers • Lockers • SEO optimization, SPAM, etc. Police fights with pirated content, unauthorized porno- studios, and online gambling. Used to takes all servers and PC’s with them from victim or suspected.
  • 3. Unifying the Global Response to Cybercrime Ddos attacks was most popular during street protest 3 December 2013-January 2014 The rate of attacks grows enormously (but dropped for Christmas holidays): •Ddos attacks against opposition media (BlackEnergy, DirtJumper – Russian made); •Police takes servers from opposition office; •Personal accounts of opposition politicians hacked; •Banks, which served accounts of opposition under hacking attacks (unauthorized transfer and then a Ddos to hide the fraud); •Anonymous attack government sites; •A “red” alarm level was on UA nuclear stations when protesters took the ministry of energy building, where control systems were located; •A PC which controls electricity in the city hall was broken, which led to its black-out; •Malicious traffic from Russia rerouted out of Ukraine through Belarus and Cyprus (HostExploit statistics). That’s why the first time in recent years, Ukraine was not in the list of countries with boosted cybercrime.
  • 4. Unifying the Global Response to Cybercrime Mobile technologies were used during the peak of Revolution 4 Feb 2014 During the peak of the Revolution mobile technologies was most important: •Opposition Parliament member phones were flooded with SMS&Calls; •IMSI catcher mass messaging was used against protesters; •In West regions (where the Revolution started) in police departments only mobile phones were working (no PSTN or other connectivity); •Main opposition TV channel was turned off; •Police planned to turn off mobile connectivity; •In East regions police used mobile phone to compromise two-factor authentication and gain access to protester account.
  • 5. Unifying the Global Response to Cybercrime Russia occupies Crimea 5 Feb-March 2014 •Government under attack: • Ddos on the parliament site to prohibit law publishing; • Ddos on other sites (national security council, president, etc.); •Physical attack on cabling infrastructure in Crimea; •Anonymous attack sites of Russian government in Crimea; •Russia turned-off UA channels in Crimea; •Broadcasters were unable to take their telecom equipment hosted in Crimea government datacenters; •Enormous amount of government and personal data from IT systems now in Russian hands; •Increased amount of GSM fraud from Crimea against UA operators (as UA law enforcement no longer effective there); •Russian IT-security NGO RISSPA censored anti-war discussions in its forum; •Mass changes in Wikipedia articles; •UA broadcasting satellite “Lybid” was not launched, as the space control center was conquered.
  • 6. Unifying the Global Response to Cybercrime War with Russia 6 April 2014 – till now Russia effectively use cyber-technology to support their war. Physical attacks are especially dangerous against: •cabling and broadcast infrastructure in area of fighting (media and financial services unavailable); •cabling infrastructure in Kyiv (terracts); •ATMs of specific banks all over Ukraine (terracts). Mobile technology attacks: •Used for correction of artillery fire; •Talks interception; •Traffic rerouting into Russia using VLR/HRL updates; •Forensics of devices owned by UA supporters; Hacking attempts against IT systems of: •UA officials and businessmen accounts; •Local and central public administration; •Electronic election systems (coordinated with Russian main TV channel); •Railway IT systems; •Mobile operators; Russian military activity coordinated with Russian TV channels.
  • 7. Unifying the Global Response to Cybercrime Russia acts 7 April 2014 – till now Russia has big potential for future cyber conflict: •Mass attacks similar (like against Estonia and Georgia); •Data interception in Russian IT services: • Ukrainians use Mail.ru, VK.com, etc.; • UA sites have counters (JavaScript)from Yandex; • Kaspersky, Dr. Web, 1C, Abby are very popular; •Russian owns or influence UA: • mobile operators (MTS, Kyivstar); • IT integrators and distributors (RRC, Jet); • Parameters of national encryption standard; • Support centers based in Russia (e.g. Arbor); • Webmoney (installs their root CA in browser!); • SCADA systems produced in Russia; • Internet-banking produced in Russia; • Anti-Ddos solutions (traffic rerouted to Moscow); •On the occupied territory: • Internet censorship (blocking UA sites); • Taking ownership on telecom and media property; • UA TV channels are turned off.
  • 8. Unifying the Global Response to Cybercrime Russia acts (continued) 8 April 2014 – till now Russian cyber criminals became very active: •Specialized botnets being created from UA users only; •Mass attacks against smartphone users over SMS; •Even Smart TV’s were infected and forced to show aggressors’ channels; Russian propaganda is very effective: •Thousands of bots and operators work to influence rating and comments in social media or on popular news sites; •Pro-Russian articles all over the Internet (even on IT sites); Agressor use Internet to: •Recruited new members; •Communicate with each other in a secure way. Agressor warns about bombs in main TV channels in Kyiv.
  • 9. Unifying the Global Response to Cybercrime Cyber attacks during elections and latest time 9 October 2014 (information mostly from CERT UA team). •Head of territory election commissions allowed unauthorized access to the server room. The spyware was installed from USB flash. File name was “CVK2014_217.exe”. •Ddos attacks against elections commission site. •Fake sites of election commission. Conflict in information space still goes. •Ukraine attempts to block international calls to new Russian Crimea code; •GPS signals could be blocked to fight with air-drones; •Internet access to Ukrainian sites is being blocked in Crimea schools; •Electronic billboards were hacked.
  • 10. Unifying the Global Response to Cybercrime Sandworm has Russian origins 10 Information from iSightPartners and Trend micro. •Attribute to Russia; •Uses PowerPoint with very interesting topic (names of persons under investigation); •Targeting NATO, UA government, Polish energy firm; •Targeting SCADA devices.
  • 11. Unifying the Global Response to Cybercrime Ukraine response 11 April 2014 – till now Ukraine improves its response in cyber-space: •Close access to national registers from occupied territories; •Aggressor communications being intercepted; •Blocking of sites of aggressor; •Prosecution authors of aggressor content; •Improve capabilities of CERT-UA team; •Development of national cyber-security legislation; •Limiting usage of Russian software; •Limited usage of mobile phones on war territory; •Fight with Russian cyber-criminals; •Increased collaboration between government and private sectors. •Mobilizaiton of Ukrainian chapters and NGOs like ISACA Kyiv chapter, OWASP, UISG etc. ; •Volunteers give IT equipment to army.
  • 12. Unifying the Global Response to Cybercrime Even more effort required (lessons learned) 12 Cyber-war is effectively supports military operations. •Put cyber-security into your “crisis-plan”, when your closest ally becomes an enemy; •Do not have all your Internet traffic routed through a single neighbor country; •Clean your country networks (DNS&NTP servers, infected PC, no pirated software); •Design your web sites to be compatible with anti-ddos solutions (but attacks can flood your office WAN links to defeat anti-ddos service); •Monitor attacks, exchange information about them, research them; •Implement effective filtering mechanism on national exchange points; •Implement BCP plans for media to work in zones of war and deliver government information to audience in those areas; •Have a strong cyber-research capabilities in your country; •Have a strong national IT services (resist to globalization); •Implement controls for unauthorized use of lawful interception and cyber-operations by public authorities; •Implement national security standards acceptable both in public and private sector; •Make a simple and easy mechanisms for private researchers to get attack details; •Support creation of many CERT teams as possible; •Provide military and special forces with capabilities of effective large scale cyber-operations and forensics; •Prepare for occupation: have encryption, hidden communication with your partners, emergency data erase and quick recovery of IT systems in other geographical region.
  • 13. Unifying the Global Response to Cybercrime BE READY TO PROTECT YOUR INDEPENDENCE AND DEMOCRACY 13 Share your ideas about improving national cyber security capabilities with me gpaharenko [at] gmail.com