Ukrainian security officials say cyber defenders are on edge as they face attacks almost every day.
In the first days after Russia launched its campaign in Ukraine, Illia Vitiuk and her colleagues feared the worst: the collapse of Kiev.
Vitiuk, head of the cyber division of the Security Service of Ukraine (SBU), the country’s top counterintelligence force, said he had been fighting Russian hackers and spies for years. But on February 24, 2022, the SBU was tasked with a different task. They had to move servers and critical technical infrastructure out of Kiev to protect them from Russian attacks.
“Missiles hit Kiev and people rushed to evacuate the city. We tried to contact some agencies and critical infrastructure managers but sometimes got answers like ‘the system administrator is away because his family is in Bucha and he needs to get them out of Bucha,’” Vitiuk recalled.
“Kiev was at risk of being surrounded,” he continued. “So we needed to move the most important databases and hardware out of Kiev.”
Ultimately, thanks to Vitiuk and his “cyberwarfare” experts, Russian hackers were unable to destroy Ukraine’s digital infrastructure in the early days of the conflict.
However, Ukraine has suffered a series of cyber attacks, up to nearly 3,000 this year, according to Vitiuk.
Along with missile and drone attacks, cyber operations conducted by Russian hackers have significantly weakened Ukraine’s infrastructure, especially the power grid. Russian hackers have also obtained sensitive information to support Moscow’s campaign.
Illia Vitiuk, head of the cyber department of the Security Service of Ukraine. Photo: SBU
Starting around December 2021, cyberattacks from Russia have increased dramatically, causing many in the private sector to fear the worst-case scenario.
Around the same time, representatives from the US Cyber Command traveled to Kiev to help inspect key components of Ukraine's cyber infrastructure that they said would be "at the center of attacks," Vitiuk said.
“And that’s exactly what happened,” he said, adding that the US also provided hardware and software that the Ukrainian government still uses to this day to protect its cyber infrastructure.
Russia then deployed a number of cyberattack tools against some 70 Ukrainian government agencies and shut down dozens of government websites. They claimed to have infiltrated Diia, a digital application used by Ukrainians to store documents, as well as disrupted a range of other online services. In February 2022, Russian hackers targeted financial services to make Ukrainians think they would not be able to access their money in an emergency.
Vitiuk said it appeared the Russian hackers were "testing and preparing for something big" at the time.
Things became more tense than ever on the night of February 23, 2022, just before the conflict broke out. “We started to experience a series of cyberattacks,” Vitiuk said. “We had to withstand the psychological campaign they launched.”
Some of the attacks took down ViaSat, the satellite communications system used by the Ukrainian military at the time. When it failed to prevent the Ukrainian armed forces from communicating with each other, Vitiuk said Russia appeared to have called in every cyber force it had, targeting media outlets, telecommunications service providers, and local government and ministry websites.
“From the very beginning, it was clear to us that they were trying to use all the trump cards in their hand,” he said.
For Ukraine, the main challenge during that period was coordinating with cybersecurity experts in government agencies and other key organizations, many of whom were under threat from artillery fire. This is when the SBU began moving servers out of Kiev.
Asked whether the initial attacks had any lasting impact, Vitiuk said only a few systems were damaged and a small amount of data was stolen.
“No major systems were damaged,” he said. “We work 24/7. We resolved the issue fairly quickly.”
Ukrainian soldiers study data on a tablet before opening fire in Bakhmut in January. Photo: Reuters
After the failure of the blitzkrieg operation, Vitiuk said the SBU observed Russian hackers shifting tactics, mainly aiming at gathering intelligence and disrupting the power grid.
“Since the summer, they have understood that this conflict is going to be longer and they need to move on to something more serious,” he said.
According to Vitiuk, Russia has also attempted to hack into Ukraine’s military operations planning systems, including the Delta platform. The SBU recently released a detailed report on how Russian military intelligence officers on the front lines tried to take Android tablets used by Ukrainian officers in order to hack into Delta to gather intelligence, as well as the Ukrainian military’s use of Starlink mobile communications equipment from billionaire Elon Musk’s SpaceX.
This way, Russia could pinpoint the location of some of the devices connected to Starlink and better target missile strikes.
The SBU claims it has successfully blocked Russia's access to Delta and similar programs, but Vitiuk admits it still lost some information.
Ukrainian soldiers with Starlink equipment in Kreminna in February. Photo: Reuters
When the conflict broke out, nearly everyone in Ukraine volunteered, donated money, or worked directly with the government to support the fighting effort. Among them was the information technology (IT) community.
Many are working as part-time consultants to government agencies, while others are taking a more hands-on role. The most prominent is the IT Army, which has been supported by Ukraine’s Ministry of Digital Transformation since the beginning of the conflict. The group has focused primarily on developing software and tools for civilians to launch denial-of-service (DoS) attacks against Russian targets, and developing automated software to help the government gather intelligence.
Participating in the effort are groups like the Ukrainian Cyber Alliance, Hackyourmom, a project started by Ukrainian cybersecurity entrepreneur Nykyta Kynsh, and Inform Napalm, a website that investigates leaked data and identifies Russian hackers.
Many groups announce their activities publicly, but others operate more secretly.
Still, cybersecurity experts warn that attacks carried out by volunteers, which sometimes appear randomly and often have no lasting effect, can do more harm than good for covert operations.
Despite the concerns, Vitiuk argues that every skill set volunteers have is valuable to some degree. “It’s like defending our territory online,” he says. “It’s our job to monitor and get to know the volunteers, to direct them or give them advice on how to do their work more effectively.”
When asked about the future cyber threat from Russia, Vitiuk predicted that attacks would continue at the same intensity as last year, especially as winter approaches.
The attacks could become more sophisticated, but increasing the intensity would be a challenge for Russia because its current pool of skilled specialists is limited. “They need more people,” Vitiuk said.
Vitiuk said the SBU is focusing on preparing for winter, working with the Energy Ministry and other experts to protect the grid based on lessons learned last year.
Despite all their successes, they still need help to continue to strengthen critical infrastructure, he acknowledged, a need that is especially urgent at the local level, where resources are limited.
At a recent conference in Estonia, Vitiuk called on cybersecurity companies to come to Ukraine to help assess the country's needs, from technical infrastructure to hardware and software, and to send equipment directly instead of transferring money.
He expressed concern about corruption in the country. "We don't need money. We need a system that is as transparent as possible," he stressed.
Vitiuk believes that even when the conflict ends, cybersecurity will remain a major focus. “New doctrines will be written and applied based on what happened in Ukraine, based on our experience,” he said.
Vu Hoang (According to NPR )
Source link
Comment (0)