Tag Archives: Ukraine

Hackers may have wider access to Ukrainian industrial facilities

KIEV (Reuters) – Hackers were able to attack four sections of Ukraine’s power grid with malware late last year because of basic security lapses and they could take down other industrial facilities at any time, a consultant to government investigators said.

Three power cuts reported in separate areas of western and central Ukraine in late December were the first known electrical outages caused by cyber attacks, causing consternation among businesses and officials around the world.

The consultant, Oleh Sych, told Reuters a fourth Ukrainian energy company had been affected by a lesser attack in October, but declined to name it.

He also said a similar type of malware had been identified by the Ukrainian anti-virus software company Zillya! where he works as far back as July, making it impossible to know how many other systems were at risk.

“This is the scariest thing – we’re living on a powder keg. We don’t know where else has been compromised. We can protect everything, we can teach administrators never to open emails, but the system is already infected,” he said.

Sych, whose firm is advising the State Security Service SBU and a commission set up by the energy ministry, said power distributors had ignored their own security rules by allowing critical computers to be hooked up to the Internet when they should have been kept within an internal network.

This so-called “air gap” separates computer systems from any outside Internet connections accessible to hackers.

“A possible objective was to bring down some branches (of the Ukrainian energy system) and create a ‘domino effect’ to collapse the entire system of Ukraine or a significant part,” Sych said.

Ukraine has also been targeted in other cyber attacks, which included hacking into the system of Ukraine’s biggest airport and TV news channels.

Security services and the military blamed the attacks on Russia, an allegation dismissed by the Kremlin as evidence of Ukraine’s tendency to accuse Russia of “all mortal sins”.

Russia annexed Crimea from Ukraine in 2014 and has supported separatist rebels in east of the former Soviet republic, arguing that Kiev’s Western-backed government, elected after the Moscow-backed president fled widespread protests, was illegitimate.

Sych, who said he could not reveal all the details of the probe, said there was no conclusive evidence that the attacks originated in Russia. One of the emails was sent from the server of a German university, another from the United States, he said.

INSIDER

International cyber-security researchers who have studied the attacks believe the attackers broke into networks by sending targeted emails designed to trick utility insiders to click on Excel documents that were poisoned with malware used to gain control inside the networks.

Sych agreed, saying:

“We understand that this couldn’t have happened without an insider. To carry out this kind of attack you need to know what kind of operating system and SCADA (supervisory control and data acquisition) are used and what software controls the industrial facility,” he said.

SCADA software is widely used to control industrial systems worldwide.

“The attackers must have known what software was installed … to test (the malware) on it. Clearly preliminary investigations were carried out and this was easy to do with this kind of insider information.”

He said the hackers had sent the e-mails in question to workers at the affected power distribution companies with infected Word or Excel files that were meant to look like official correspondence from the energy ministry.

They contained topics that would have been recognizable to the workers and were not sent out en masse but targeted certain individuals instead. One of the emails was about regional electricity production levels, he said.

“It was all very simple and stupid,” Sych said, adding that the hackers totally wiped the data of some of the computers in one of the firms.

Details of the impact of the attacks have been sketchy, but one is reported to have affected 80,000 customers for two hours. The three named companies declined to comment on Sych’s remarks.

“All experts agree this sort of attack on electric utilities or other critical infrastructure was bound to happen because engineering-wise, physics-wise it is technically possible to do,” said Kenneth Geers, a Kiev-based national security analyst who worked for U.S. intelligence agencies for 20 years until 2013.

All it takes is political will or opportunism to try something like this, he said.

Ukrainian Deputy Energy Minister Oleksander Svetelyk has also accused the companies of lapses, saying on Tuesday there had been a “a lot of errors”. He added that U.S. cyber experts would come to Kiev later this week to help with the investigation.

(Additional reporting by Maria Tsvetkova in Moscow and Eric Auchard in Brussels; Writing by Matthias Williams; Editing by Philippa Fletcher)

Ukraine to review cyber defenses after airport targeted from Russia

KIEV (Reuters) – Ukrainian authorities will review the defenses of government computer systems, including at airports and railway stations, after a cyber attack on Kiev’s main airport was launched from a server in Russia, officials told Reuters on Monday.

Malware similar to that which attacked three Ukrainian power firms in late December was detected last week in a computer in the IT network of Kiev’s main airport, Boryspil. The network includes the airport’s air traffic control.

Although there is no suggestion at this stage that Russia’s government was involved, the cyber attacks have come at a time of badly strained relations between Ukraine and Russia over a nearly two-year-long separatist conflict in eastern Ukraine.

“In connection with the case in Boryspil, the ministry intends to initiate a review of anti-virus databases in the companies which are under the responsibility of the ministry,” said Irina Kustovska, a spokeswoman for Ukraine’s infrastructure ministry, which oversees airports, railways and ports.

Ukraine’s state-run Computer Emergency Response Team (CERT-UA) issued a warning on Monday of the threat of more attacks.

“The control center of the server, where the attacks originate, is in Russia,” military spokesman Andriy Lysenko said by telephone, adding that the malware had been detected early in the airport’s system and no damage had been done.

A spokeswoman for the airport said Ukrainian authorities were investigating whether the malware was connected to a malicious software platform known as “BlackEnergy”, which has been linked to other recent cyber attacks on Ukraine. There are some signs that the attacks are linked, she said.

“Attention to all system administrators … We recommend a check of log-files and information traffic,” CERT-UA said in a statement.

In December three Ukrainian regional power firms experienced short-term blackouts as a result of malicious software in their networks. Experts have described the incident as the first known power outage caused by a cyber attack.

A U.S. cyber intelligence firm in January traced the attack back to a Moscow-backed group known as Sandworm.

The Dec. 23 outage at Western Ukraine’s Prykarpattyaoblenergo cut power to 80,000 customers for about six hours, according to a report from a U.S. energy industry security group.

Ukraine’s SBU state security service has blamed Russia, but the energy ministry said it would hold off on attribution until after it completes a formal probe.

(Editing by Matthias Williams and Gareth Jones)

U.S. helping Ukraine investigate December power grid hack

WASHINGTON (Reuters) – The U.S. Department of Homeland Security said on Tuesday it was helping Ukraine investigate an apparent attack last month on the country’s power grid that caused a blackout for 80,000 customers.

Experts have widely described the Dec. 23 incident at western Ukraine’s Prykarpattyaoblenergo utility as the first known power outage caused by a cyber attack. Ukraine’s SBU state security service has blamed Russia for the incident, while U.S. cyber firm iSight Partners linked it to a Russian hacking group known as “Sandworm.”

In an advisory, DHS said they had linked the blackout to malicious code detected in 2014 within industrial control systems used to operate U.S. critical infrastructure. There was no known successful disruption to the U.S. grid, however.

DHS said the “BlackEnergy Malware” appears to have infected Ukraine’s systems with a spear phishing attack via a corrupted Microsoft Word attachment.

The DHS bulletin from the agency’s Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, is the first public comment about the Ukraine incident.

A report released by Washington-based SANS Inc over the weekend concluded hackers likely caused Ukraine’s six-hour outage by remotely switching breakers in a way that cut power, after installing malware that prevented technicians from detecting the intrusion. The attackers are also believed to have spammed the Ukraine utility’s customer-service center with phone calls in order to prevent real customers from communicating about their downed power.

DHS and the FBI did not immediately respond to requests for additional comment.

(Reporting by Dustin Volz and Jim Finkle; Editing by Doina Chiacu and Andrew Hay)

Ukraine Power Outage Appears to be Work of Hackers

Some Ukrainians were without power for hours last month after hackers infiltrated the power grid and were able to turn off the lights, according to a report in The Washington Post.

An official with the cybersecurity company iSIGHT Partners told the newspaper that the Dec. 23 cyber attack appeared to be the first documented time that hackers successfully shut off power.

The official told The Washington Post that the group believed to be responsible for turning off the lights was Russian, and had at one point tried to attack targets in the United States and Europe. But another cyber security expert told the paper it could be difficult to determine the exact circumstances about the breach, including if the alleged hackers were even responsible.

Russia Planning to Sue Ukraine Over $3 Billion Bond Default

The Russian government is gearing up for a potential court battle with Ukraine after Kiev failed to repay a $3 billion bond debt, according to official statements from Russia’s prime minister.

Speaking at a meeting with his deputy prime ministers on Monday, Dmitry Medvedev said that Ukraine failed to repay the debt by a Dec. 20 deadline. While Ukraine can still repay the debt without any penalties in the next 10 days, there’s been no indication the nation plans do so.

Medvedev told his cabinet that the Russian government “must hire lawyers and start the procedure to make Ukraine pay everything, including fines,” adding that Ukraine’s failure to pay “amounts to manipulation and violation of its international commitments.”

Relations between Russia and Ukraine have been deteriorating in recent months, fueled in large part by Russia annexing the Ukrainian territory of Crimea in February 2014 amid the Ukrainian revolution. The European Union issued a host of sanctions against Russia in the wake of the Crimean crisis, and announced Monday those sanctions would be extended through July 2016.

While it’s not a member of the European Union, the Ukraine has signed an economic agreement with the group. Speaking to his cabinet, Medvedev said that Ukraine implementing that pact “impinges on our interests and creates risk to our economic security.” Medvedev said he had signed a decree to enact “reciprocal economic measures” against the Ukraine beginning January 1, when the Ukraine’s revised economic agreement with the European Union goes into effect.

Bloomberg reported that Ukraine’s former president, Viktor Yanukovych, sold the debt to Russia in December 2013, weeks before Yanukovych was ousted. Ukraine’s new leader, Petro Poroshenko, has called that payment a bribe Russian President Vladimir Putin used to reward Yanukovych for shying away from closer trade ties with the European Union, which helped ignite the revolution.

The conflict has wreaked havoc on Ukraine’s bank accounts, and the International Monetary Fund (IMF) loaned the country $17 billion in April 2014 to help the nation reform its economy.

Bloomberg reported the Ukraine had to restructure billions of dollars in debt to obtain the IMF money, but Russia refused to participate and countered with its own proposed payment plan.

Ukraine’s finance minister, Natalie Jaresko, told Bloomberg that the decision to halt bond payments to Russia was made to remain compliant with IMF requirements, and that paying Russia “would have breached the contractual obligations that we have to our other creditors.”

Jaresko told Bloomberg she remained hopeful that an out-of-court settlement could be reached.

Russia-Ukraine tensions rise as Crimea is still without power

Russia is cutting off gas supplies to Ukraine this week and could also stop providing coal to the nation as a dispute over a blackout in Crimea escalates.

Crimea, the subject of an ongoing quarrel between the countries, has been relying on emergency power generators since its main supply was attacked over the weekend, Reuters reported. It’s not known who was responsible for attacking the power supply, and the New York Times reported that millions of residents of the peninsula are still without electricity.

The BBC reported there are also water shortages in Crimea, and the Ukraine has stopped delivering goods to the peninsula in the Black Sea.

Tensions between the two nations have been high since Russia annexed the peninsula last year. Russia doesn’t border the territory by land. Ukraine does.

Protesters are preventing repair work from being done. The New York Times report indicates the activists — Crimean Tatars and Ukranian nationalists — want Russia to release political prisoners and permit global organizations to review human rights in the territory.

According to Reuters, Russian Energy Minister Alexander Novak claimed that the Ukraine was not doing enough to help crews restore power to the territory. He called the inaction a crime and politically motivated.

Ukraine lawmakers, speaking to Reuters, called suggestions that the government was backing the protesters “absolutely groundless.”

Crimea in State of Emergency after Explosion Knocks Out Power for 1.6 Million People

The Russian-annexed nation of Crimea is under a state of emergency after four electricity transmission towers located in Ukraine were damaged by bombs in two different attacks. Approximately 1.6 million people are without power.

At this time, officials are unclear on who attacked the pylons, but Russian authorities stated it was “an act of terrorism,” according to Voice of America News. And while Russian officials didn’t directly place blame, they implied Ukrainian nationalists may have been behind the attacks. The attacked pylons are located in Ukraine, where Crimea gets the majority of its electricity supplies.

The attacks were a couple days apart with two of the pylons being hit on Friday and the next two being hit Sunday. The Washington Post reports that more than a quarter of the population, mostly in major cities, had their power restored through the use of mobile gas turbine generators by Sunday afternoon. However, there are still many without power, and the Crimean government said it would come up with a schedule for supplying electricity and water to homes without power.

But repairs were delayed when Ukrainian activists took the roads on Saturday and attempted to block the trucks from getting to the damaged towers. However, they retreated after clashes with the police, according to Voice of America News.

Crimea was annexed in 2014 by Russia after pro-Western Ukrainian protests forced President Viktor Yanukovych from office. Weeks later, a rebel group that wanted to separate from Russia, launched a large enough rebellion that trade and travel sanctions were placed on key Russian officials. Voice of America News reports that the U.N. announced in September that nearly 8,000 people, mostly civilians, have been killed in the conflict.

NATO Chief Raises Alarm over Russia’s Buildup from Baltic to Mediterranean

NATO’s secretary-general Jens Stoltenberg is shouting the alarm over Russia’s recent buildup of military forces from the Mediterranean to the Baltic Sea and is wanting the U.S.-led alliance to respond.

Stoltenberg addressed the issue at a news conference in Portugal during NATO war games. He stated that he is worried that Russia’s military could limit access to those regions for the United States and its allies, according to Fox News.

“We have to be sure that we are able to overcome these capabilities, so we can reinforce, so we can move and we can deploy forces if needed,” said Stoltenberg.

Leaders and representatives of nine Eastern European NATO member nations met on Wednesday. Due to Russia’s annexation of Crimea from Ukraine and threats from ISIS, NATO leaders called for an increased alliance presence in Europe.

In the past, NATO has refrained from deploying permanent substantial combat forces due to an agreement with Russia that dates back to 1997. However, this year NATO has been deploying small military units in and out of countries that they feel is at risk from Russia. NATO has been careful not to make it appear to the Kremlin as if they are deploying permanent reinforcements, according to the Associated Press. Although, Stoltenberg’s comments hint that NATO might be rethinking this agreement.

Meanwhile, Russia continues to build upon their current military presence in Syria. CBS News reports that Russia has recently brought in anti-aircraft missiles to Syria to protect their jets from being attacked or hijacked. Russian military officials did not specify how many missiles or what type of missiles were brought into Syria.

Ukrainian Warhead Brought Down Malaysian Airlines Flight 17

The mystery of what brought down Malaysian Airlines Flight 17 that killed 298 people has been solved according to the Dutch Safety Board (DSB). The Boeing 777 was heading from Amsterdam to Malaysia when it was shot down by a Russian developed BUK missile on July 17, 2014, over Ukrainian territory controlled by pro-Russian separatists.

According to the DSB the missile detonated less than a yard away from Flight 17’s cockpit, caused the plane to break up in midair and scatter over a 20-square-mile area over eastern Ukraine.  The Board cannot assign blame for the bombing so who actually fired at the plane has not yet been established.  

The West and Ukraine say Russian-backed rebels brought down the Boeing 777, but Russia blames Ukrainian forces. The safety board’s chairman told the press conference that because of the armed conflict in Ukraine, there would have been “sufficient reason to close the airspace as a precaution” but “the Ukraine authorities failed to do so.”

Tjibbe Joustra, chairman of the Dutch Safety Board, said the explosion killed the plane’s three crew members in the cockpit and that investigators had found “high energy fragments” in their bodies. Whatever happened to the plane happened quickly, leaving the passengers dazed or unconscious. And while it’s not clear if anyone died in mid air, no one could have survived the plane’s impact with the ground, the DSB said.

The disaster and its aftermath — when armed men initially prevented international monitors from reaching the crash site and recovering the scattered bodies — shocked the world.

U.S. Considers Talks with Russia over Syria

The Obama administration has confirmed they are considering having talks with Russia over their build up in Syria and the future of the Syrian state.

Secretary of State John Kerry said that U.S. officials continue to voice concerns with Russia about their military buildup in support of embattled Syrian President Bashir al-Assad.

Kerry told reporters that Russian Foreign Minister Sergey Lavrov suggested “military-to-military conversation and meeting in order to discuss the issue of precisely what will be done to de-conflict with respect to any potential risks that might be run and have a complete and clear understanding as to the road ahead and what the intentions are.”

“You have to have a conversation in order to do that,” Kerry told reporters. “It is vital to avoid misunderstandings, miscalculations (and) not to put ourselves in a predicament where we are supposing something and the supposition is wrong.”

Defense Secretary Ashton Carter said through a spokesman that because of the close relationship between Kerry and his counterpart he would be deferring the military discussions to Kerry.

The move comes amid criticism that Russia is trying to exploit the U.S.’s lack of action in Syria.

“Into this vacuum has now stepped Vladimir Putin,” Sen. John McCain, the committee chairman, said of Russia’s president. “As in Ukraine and elsewhere, he perceives the administration’s inaction and caution as weakness, and he is taking advantage.”