Ukrainian state institutions have undergone an unprecedented hacker attack. While politicians accused of attacking Russia, experts point to the low level of protection and unqualified civil servants.
“Hello, friend. Here we are again. The battle began, but before the end of the war is still far away…” — so on the morning of 6 December 2016 welcomed the visitors to the web site of the State Treasury of Ukraine. More precisely, the site redirected to another page with the domain name whoismrrobot.com. But still few could read in the English greeting is a quote from the American television series Mr.Robot — a story about a group of hackers, which has been fighting against the powerful financial Corporation.
Bizarre trick with the replacement of the home page is merely a wrapper large-scale hacker attack on the financial system of Ukraine, which lasted about three days. Its main goal became the payment system of the Treasury, the Pension Fund and the Ministry of Finance. Over the next days steel objects of the information system of the ministries of defense and infrastructure, Railways, the sea port “southern” and NAK “Ukrenergo”.
“We are aware of at least 25 incidents of hacker attacks on state institutions during the last three weeks, told DW the head of the Department of Ukrainian of Kiev Sergey Demediuk. — However, officially we are investigating only four. Other victims do not apply to us or does not say about the attacks publicly.”
Thousands of payments to hundreds of cars and areas without light
DW tried to calculate the damage from the December attacks on state information system of Ukraine, but the majority of affected institutions are not in a hurry to disclose their losses. In a press-service of “Ukrainian Railways” DW said that due to hacker attacks in the two days not worked system of electronic document circulation: in particular, system clearance and system for reservation and sale of electronic tickets. Through the last, according to forecasts of the railroad, for the year 2016 should be about 30 million orders and therefore the losses from two days of downtime can be estimated by the least 160 thousand operations.
Was relatively easy this time attack for power systems. Failure at the substation “North”, which were left without electricity inhabitants of right-Bank Kiev and the neighboring districts of the region, managed to eliminate about one hour. The CEO of the company Ukrenergo Vsevolod Kovalchuk has estimated that the total off 200 megawatts, or about a fifth of the night consumption of the capital.
Hacker attack suffered and resources of Ukrainian Railways
Hacker attack suffered and the resources of the “Ukrainian Railways”
The biggest losses were suffered by Finance. The payment system of the state Treasury not worked for at least three working days that almost paralyzed the whole system of budgetary payments.
“Customs payments podvisli, silence, nothing is clear, — have explained then in the comment to the edition “RBC-Ukraine”, Vice-President of the Ukrainian Union of Industrialists and entrepreneurs Yulia Drogovoz. — The system of electronic administration of VAT, there was not a single invoice. But if in time you do not — fine”.
Even greater losses can be related to information theft, the Deputy Director of the National Institute for strategic studies under the President of Ukraine Oleksandr Vlasiuk. According to him, during the attack companies lost three terabytes of confidential data. The agencies do not confirm the words of Vlasyuk, head of postal and telecommunications Sergey Demediuk denies the possibility of leaks. “We found no traces of a kidnapping of any of the registers”, — he told DW.
The investigation leading
In the Ukrainian police see the December attacks, “the Kremlin’s hand”, calling them another element of hybrid war. “Of course, victims can make any assumptions, and policy — loud statements, — says Sergey Demediuk. But now I can say that all of the latest known attacks have common characteristics, common way of infecting computer systems through a rather primitive virus and basic illiteracy of the staff.”
As told DW in company CYS-Centrum; one of the two officially registered in Ukraine centers computer emergency response emergency events (CERT), the victim of the December attacks were probably infected in the spring and summer of this year. And in October, users in several affected organizations received e-mails supposedly from programme coordinators Western donor aid. The letters contained a Microsoft Excel file with the list of recommended IT equipment, but for correct display content, the user was asked to run the so-called macro — built-in macro that automatically downloaded a computer virus from the Network.
“A macro virus is a fairly simple, old method of infection — explain to the CYS-Centrum. But we have it still come across. A similar scheme was organized last year’s attack on the objects of “Prykarpattyaoblenergo”. The result for the year, nobody learned nothing”.
Not to fight, and to warn
On 8 December, immediately following the hacker attacks on financial institutions, the Cabinet of Ministers of Ukraine has allocated 40 million hryvnia to the Ministry of Finance and the state Treasury for an urgent upgrade of IT equipment. DW interviewed experts, however, note that only one replacement “hardware” problem of protection of information resources of the state are not solved. “We need to improve literacy of civil servants, to hire quality security professionals who constantly improve their knowledge and warned would attack, and did not correct their consequences”, — explains the head of postal and telecommunications Sergey Demediuk.
In CYS-Centrum — company, founded by former employees of the state service of special communication and information protection, also concluded that the importance of preventing cyber attacks do not even understand in the private sector. “From the point of view of costs, our work is 36 thousand dollars a year. But even the Ukrainian banks it is difficult to pay 20 thousand a year”, — explained in the company.
Our observations confirm this view. “We figured out, it is easier for us just for a few days off than to hire professionals,” commented DW in one of the Ukrainian institutions, injured during the December attacks.