Cyberattacks on critical infrastructure
«There is a lot of talk now that Russia is accumulating troops on the border with Ukraine and preparing for a hypothetical invasion. However, in cyberspace, Russia is already attacking Ukraine.
Recall how hackers recently launched a massive attack on Ukrainian government sites, and more than 20 resources became unavailable for a long time. Among them are the websites of the Cabinet of Ministers, the Ministry of Education and the Ministry of Regional Development. At that time, the personal data of Ukrainians did not seem to be affected. The hackers aimed to undermine the reputation and prestige of Ukraine. State portals reported in Ukrainian, Russian and Polish that ‘the sites were blocked as punishment of Ukrainians for the actions of the OUN-UPA.’
«Globally, computer viruses have begun to cause death. For example, in September 2020, computers at Düsseldorf Hospital were infected with a virus, and health professionals could not legally accept patients. One patient was taken to a hospital on the other side of the city because of this, she did not survive the road and died in an ambulance.
«Viruses have become so commonplace that they are often underestimated. However, it is worth mentioning at least the Petya computer virus to understand that this threat is real. At that time, Boryspil Airport, post-service Ukrposhta, Oschadbank, railway company Ukrzaliznytsia and many other large state-owned enterprises in Ukraine were affected by it. The administration of former US President Donald Trump called it the biggest hacker attack in human history. And in Ukraine, there are many unprotected or weakly protected information systems.
«It should be understood that such attacks are carried out not only by those who want to get rich. In the context of war with Russia, we should expect the actions of hostile hackers, whose target may be critical infrastructure, or even schools, railway stations, subways.
«Hybrid warfare is not war in the literal sense of the word – with shots and explosions of shells. 27 January 2022, unknown people announced the mining of nine Lviv malls, then evacuated 3,000 people. I watched law enforcement officers clearing the «Forum» shopping mall in Lviv and thought: here it is, a clear example of a hybrid war.
«No need to shoot, just turn off the lights all over the country. In 2015-2016, a very powerful hacker attack was carried out on the energy supply companies of Ukraine. At that time, state enterprises Prykarpattyaoblenerho, Chernivtsioblenerho, and Kyivoblenerho suffered much. Dozens of substations were shut down, leaving hundreds of thousands without electricity. There was no light for more than six hours.
«If you infect critical infrastructure, such as water, blow up a nuclear power plant, turn off heating, it will lead to chaos in the country. Therefore, we must remember about cybersecurity. After the attacks, government officials decided that each critical infrastructure company would have a cybersecurity officer. So yes, hacker attacks are an element of hybrid warfare. We cannot rule out that they will be carried out both on weekends and on weekdays. We have to learn to live with it.
«Another striking example happened in May 2021, when an information system serving the American Colonial Pipeline was hacked, shutting it down for five days. The attackers disabled a nearly 9,000-kilometer pipeline that provided nearly half of the US East Coast’s gasoline needs. And these are dozens of states. Problems with fuel supply began at many gas stations, queues began to form, and a state of emergency was declared in the country. And this all was caused by one computer virus.»
Hacker attacks on ordinary citizens
«It should be understood that not only government servers are being attacked, but also the personal accounts of ordinary citizens are suffering. In particular, recently there was an announcement about the sale of personal data of Ukrainians on one of the Kharkiv forums. It was allegedly obtained after the hacking of the service «Diia», but now it’s impossible to confirm. Hackers were selling a database of more than 13.5 million accounts for $15,000.
«Here is a plate in which the personal data of Ukrainians are collected: e-mail address, name and surname, date of birth, gender, mobile phone number, identification code, data of domestic and foreign passports. Moreover, hackers claimed that they could sell photos of driver’s licenses, university diplomas, and military tickets if necessary. The attackers claimed that such a volume of data from the «Diia» – only part of the information that they allegedly have gathered from various government and medical sites.
«For me, this is a global fallacy. The Ministry of Digital Technologies assured that nothing had disappeared from them, that it was all a fake, that the merged data was old because it had been posted online until 2019. But there are people who have checked themselves and their acquaintances. Frankly speaking, I also wouldn’t like to believe in their veracity, but accidentally, the passport of the 14-year-old son of my friend from Chernivtsi had been found there. The boy made himself a passport in the summer of 2021, and this document is among those merged data.»
How stolen data might be used
«The more private data shared, the worse. Nothing may happen, but the thieves can also «hang» a bunch of loans on you or start spreading different profanity. However, there is a lot of information about us online. When my friend got married and I saw a photo of the bride on Facebook, in two hours everyone already knew about her, including her home address.
«In fact, it seems paradoxical that the documents in «Diia» are equated to paper counterparts. How can you compare a picture on a smartphone screen with a document of strict reporting, made at a printing plant with many degrees of protection?
«In November 2021, the cyberpolice of Kharkiv found a 17-year-old boy who not only suceeded in forging «Diia», but also created the largest channel for the spread of this forgery. More than 20,000 people have subscribed to his Telegram bot and channel, which are already blocked.
«Now, to get a loan, you do not even need to go to the bank. In microcredit organizations, it can be given on a copy of the passport. They can draw a document in «Diia», send it, and issue a loan on you. One of the well-known Facebook users, Konstantyn Korshun, writes about such cases. He collects stories of how people were «stolen» by hacking «Diia», and they were then surprised to learn that they owed 20-30 thousand microcredit organizations.»
Which accounts should be secured first and how to do it correctly
«Before securing something, says another IT expert Roman Khimich, you need to understand what is critical to you. For example, if you are a journalist who conducts investigative journalism, you may have photos of some secret documents on your phone. Accordingly, you need to protect these photos. If you are an accountant who runs several companies, then you need to protect all reporting. If you are in the military and in a war zone, you should not use the VKontakte social network and Telegram messenger. And when you realize this, you can move on to direct protection.
«Probably, you have one e-mail account to which e-banking, «Diia», electronic digital signature, hosting, domains are linked. For such an account, you need to set the maximum level of protection – two-factor authentication, take care of backup codes and everything possible for security.»
The worst consequences for a particular person due to hacker attacks
«It seems to me that the worst thing for a person is when his «digital» life is destroyed. We need to understand that the cost of our devices has long been inconsistent with the value of their content.
«Roughly speaking, if you have been photographing your child on the phone for three years, there are no copies of the photos and this phone is lost, it is a tragedy for you. Or if you are writing a dissertation or thesis, and suddenly the hard drive burns, this is also a catastroph.
«The worst threat in all these cases is identity theft, when your data is stolen and used to commit some crimes.»
«Recently, there was a loud story an American who had his identity stolen, in particular social security number. The hackers conducted some illegal operations with this data, and he was being stopped at the airport a number of times during six years because he was on the list of criminals. The man became a victim of thieves, but the databases indicated that he was a criminal. And every time he crossed the border, he had to prove it wrong.
«In fact, it’s very serious that we show a screenshot of «Diia» in the same coffee shops to show our Covid-certificate. This is wrong because, in addition to this screenshot, we have to show a paper document to prove that it is really «our» «Diia», that it is us and that it is our certificate. This is done almost everywhere in Europe, but simpler does not mean better. Pseudo-digitalization simplifies everything. Someone who looks like you can «draw» a «Diia» and take a loan or find you in merged databases and commit a terrorist attack.
About how to secure your account
«Unfortunately, it is impossible to avert trouble, but we can do everything in our power to protect our data. This requires strong passwords and, let me repeat it, two-factor authentication. It is also important to use updated software and make sure you have backups. You can’t open unexpected emails and download attachments, trust phone calls and payroll notifications. Moreover, I advise you to use a licensed antivirus and work on the Internet with the firewall enabled.
«Children under the age of 18 cannot have a ‘life of their own’ online. Parental control should be exercised over this.
«Finally, purchases should be made only on verified sites, personal and financial information mustn’t be left everywhere. You should have a copy of the critical information on another device.»
Roman Tyshchenko-Lamansky, translated by Vitalii Holich
You can read a Ukrainian language version of this story here.
Follow Lviv Now on Facebook and Instagram. To receive our weekly email digest of stories, please follow us on Substack.
Lviv Now is an English-language website for Lviv, Ukraine’s «tech-friendly cultural hub.» It is produced by Tvoe Misto («Your City») media-hub, which also hosts regular problem-solving public forums to benefit the city and its people.
