BOSTON (AP) – Russia’s relentless digital attacks on Ukraine may have caused less damage than many expected. But most of his hacking is focused on another goal that gets less attention, but has chilling potential consequences: data collection.
Ukrainian agencies breached on the eve of the February 24 invasion include the Interior Ministry, which oversees police, national security and border patrols. A month earlier, a national database of car insurance policies was attacked during a sabotage cyber attack that damaged Ukrainian websites.
Hacks, combined with pre-war data theft, may have armed Russia with extensive details about much of Ukraine’s population, say cybersecurity and military intelligence analysts. This is information that Russia can use to identify and locate Ukrainians who are most likely to oppose occupation, and potentially direct them to internment or worse.
“Fantastically useful information if you’re planning a profession,” said Jack Watling, a military analyst at the Royal United Services Institute, on car insurance data, “knowing exactly which car everyone drives and where they live.”
With the development of the digital age, information domination is increasingly being used for social control, as China has shown in its repression of the Uighur minority. It came as no surprise to Ukrainian authorities that Russia’s pre-war priority would be to gather information about citizens.
“The idea was to kill or imprison these people in the early stages of the occupation,” said Viktor Zhora, a senior official in Ukraine’s cyber defense.
Aggressive data collection accelerated just before the invasion, with hackers serving the Russian military increasingly targeting individual Ukrainians, according to Jora’s agency, the State Service for Special Communications and Information Protection.
Sergei Demedyuk, deputy secretary of Ukraine’s National Security and Defense Council, said in an email that personal data remains a priority for Russian hackers as they try to break into more government networks: “Cyberwarfare is really hot today .
There is no doubt that political targeting is a goal. Ukraine says Russian forces have killed and abducted local leaders where they have seized territory.
Demedyuk was stingy with details, but said Russian cyberattacks in mid-January and early in the invasion were primarily aimed at “destroying government agencies’ information systems and critical infrastructure” and involved data theft.
The Ukrainian government claims that the hacking of car insurance since January 14 has led to the theft of up to 80% of Ukrainian policies registered with the Bureau of Road Transport.
Demedyuk acknowledged that the interior ministry was among the government agencies breached on February 23rd. He said the data had been stolen, but would not say which agencies, but “it has not had significant consequences, especially when it comes to data on servicemen or volunteers.” Security researchers from ESET and other cybersecurity companies working with Ukraine said the networks had been compromised months earlier, allowing enough time for theft.
Collecting data through hacking is a long process.
A unit of Russia’s FSB intelligence agency, which researchers have called Armageddon, has been doing so for years outside of Crimea, which Russia took over in 2014. Ukraine says it has tried to infect more than 1,500 Ukrainian government computer systems.
Since October, it has been trying to disrupt and maintain access to government, military, judicial and law enforcement agencies, as well as non-profit organizations, with the main goal of “filtering out sensitive information,” Microsoft said in a February 4 blog post. This included unnamed organizations “critical to responding to emergencies and ensuring security on Ukrainian territory”, plus the distribution of humanitarian aid.
After the invasion, the hackers targeted European organizations that help Ukrainian refugees, according to Jora and cybersecurity firm Proofpoint. Authorities did not specify which organizations or what may have been stolen.
Another attack on April 1 crippled the National Call Center of Ukraine, which maintains a hotline for complaints and inquiries on a wide range of issues: corruption, domestic violence, people displaced by the invasion, benefits for war veterans. Used by hundreds of thousands of Ukrainians, it issues vaccine certificates against COVID-19 and collects personal data from callers, including emails, addresses and telephone numbers.
Adam Myers, senior vice president of intelligence at cybersecurity firm CrowdStrike, said the attack, like many others, could have a greater psychological impact than gathering intelligence – in order to undermine Ukrainians’ trust in their institutions.
“Make them fear that when the Russians take power, if they don’t cooperate, the Russians will find out who they are, where they are and persecute them,” Myers said.
The attack took the center offline for at least three days, said the center’s director Mariana Vilshinska: “We could not work. Neither the phones nor the chatbots worked. They broke the whole system. ”
Hackers calling themselves the Russian Cyber Army say they stole the personal data of 7 million people in the attack. However, Vilshinska denied that they had violated the database with personal information of users, while confirming that the list of contacts that hackers published online to more than 300 employees of the center is true.
Phishing attacks in recent weeks have focused on military, national and local officials aimed at stealing credentials to open government data warehouses. Such activity relies heavily on Ukraine’s cellular networks, which CrowdStrike’s Myers said were too rich in intelligence for Russia to want to close.
On March 31, Ukraine’s SBU intelligence agency said it had seized a remote-controlled bot farm in the eastern Dnipropetrovsk region and sent text messages to 5,000 Ukrainian soldiers, police and SBU members urging them to surrender or sabotage their parts. . Agency spokesman Artem Dekhtiarenko said authorities were investigating how the phone numbers were obtained.
Jean Yu, CEO of cybersecurity firm ReSecurity, said it was probably not difficult: the subscriber databases of major Ukrainian wireless companies have been available for sale by cybercriminals on the dark network for some time – as in many countries.
If Russia manages to take control of more than eastern Ukraine, stolen personal data will be an advantage. Russia’s occupiers have already gathered passport information, a senior adviser to the Ukrainian president recently tweeted, which could help organize separatist referendums.
Ukraine, for its part, appears to have carried out significant data collection – quietly supported by the United States, the United Kingdom and other partners – targeting Russian troops, spies and police, including rich geolocation data.
Demedyuk, the senior security official, said the country “knows exactly where and when a serviceman crossed the border with Ukraine, in which occupied settlement he stopped, in which building he spent the night, stole and committed crimes on our land.” .
“We know their cell phone numbers, the names of their parents, wives, children, their home addresses, who their neighbors are, where they went to school and the names of their teachers,” he said.
Analysts warn that some allegations of data collection on both sides of the conflict may be exaggerated.
But in recordings published online by Ukrainian Minister of Digital Transformation Mikhail Fedorov, callers are heard calling distant wives of Russian soldiers and posing as Russian state security officials to say that the parcels sent to them by Belarus have been looted from Ukrainian homes.
In one woman with a nervous sound, she admits that she received what she calls souvenirs – a handbag, a keychain.
The caller tells her that she shares criminal responsibility that her husband “killed people in Ukraine and stole their belongings.”
She closes.
___
AP journalist Larry Fenn in New York and Inna Verenitsa in Kyiv, Ukraine, contributed to the report.
Add Comment