Translated by
2019/12/31 13:26:31

Cyber crime and cyber conflicts: Ukraine



the Staff of the Ukrainian cyberpolice delayed participants of the hacker grouping trading in cracking of servers to order

On December 29, 2019 it became known that the staff of the Ukrainian cyberpolice delayed participants of the hacker grouping trading in cracking of servers to order. Criminals compromised the remote servers belonging to the companies and individuals and sold access to them. They managed to compromise more than 20 thousand servers worldwide.

As it was reported, three citizens of Ukraine and one foreigner were a part of grouping. All of them were participants of the known hacker forums and were engaged in custom cracking of the servers located in the territory of Ukraine, Europe and the USA.

The group acted since 2014. Malefactors got access to servers with the help brute force attacks and used special programs for operation of vulnerabilities in servers based on Windows. A part of the cracked servers they used in own purposes, in particular, for implementation of DDoS attacks, the organization of the command centers for management of trojans-infostilerami and also for carrying out brute force attacks on other network points.

Besides, grouping sold access to some cracked servers to other hackers which used them for the racketeering attacks, theft of money from bank cards, mining and so forth.

Computer networks in the different countries, including in Ukraine, Russia, France, China, Bulgaria, India, Brazil, Malaysia and countries of Northern Europe suffered from actions of cybercriminals.

For coordination of actions criminals used the protected messengers, and the earned money arrived on cryptocurrency and e-wallets. On several of them police officers detected in total nearly $80 thousand.

During searches at the place of residence of participants of grouping the computer equipment, additional information media, draft records, mobile phones and bank cards was withdrawn.

On this fact police of the beginning criminal case under Part 2 of Article 361 of UK of Ukraine (Unauthorized sale or dissemination of information with limited access which remains in electronic computers (computers) automated systems, computer networks or on carriers of such information)[1].

In Ukraine covered the network of fraudulent call centers earning hundreds of million a year

At the end of December, 2019 it became known of the termination of activity of criminal grouping in Ukraine which created network of fraudulent call centers and enticed money at people under the guise of bank workers.

As reported in the press service of the Ukrainian Cyberpolice, the criminal group was organized by three residents of Zaporizhia aged from 20 up to 24 years. They bought up in the Darknet customer bases of data on which then rang round citizens in attempt to steal money from bank cards.

The cyberpolice neutralized network of the call centers enticing money

Criminals acted on the territory of the Zaporizhia and Dnipropetrovsk regions. Being represented by security service specialists of bank and using measures of psychological influence, they enticed such information as the CVV code, card numbers, PIN codes and so forth at citizens. Besides, monthly all call center agents passed the corresponding trainings on which they were instructed for communication with clients four different languages.

The criminal group had three offices which were located in Zaporizhia. All of them masked as offices selling windows and balconies. The staff made about 100 people among whom and minors.

They monthly received for the work about 15,000 UAH (39 thousand rubles at the rate of for December 31, 2019). Weekly turnover of call centers - about 3 million UAH (7.8 million rubles) a month. Thus, in a year swindlers could earn about 150 million UAH (394 million rubles).

Law enforcement agencies carried out a search in the location of office spaces of swindlers as a result of which they withdrew the computer equipment, mobile phones, customer bases and draft records. All withdrawn equipment was directed to examination. Threatens malefactors up to eight years of prison, reported in Cyberpolice.[2]

Opening of a cyberpolygon

In December, 2019 Public service of special communication and data protection announced creation of a cyberpolygon — a research complex based on the National technical university "Kiev Polytechnical Institute of Igor Sikorsky". Read more here.

The SSU neutralized the hacker grouping abducting means of users of payment systems in the USA and Europe

On November 30, 2019 it became known that security service specialists of Ukraine stopped activity of the international cybercriminal grouping trading in theft of funds from accounts of users of electronic payment systems in the USA and Europe.

According to the official statement of department, the organizer of group was the citizen of Russia living in Kiev, other three participants are natives of the Cherkassk region.

Cybercriminals purchased data on payment accounts of foreigners at underground forums and stole money for which they purchased goods in online stores, then these products were sold in the Ukrainian online-services.

Grouping worked since 2010, its annual turnover made $500 thousand - $700 thousand.

At the place of residence of detainees the police withdrew including the computer equipment and tablets with proofs of crimes. Illegally purchased goods, including the smartwatch, smartphones, video cameras, navigators, video recorders and so forth are also detected.

For the end of November, 2019 the issue of the notification on suspicion of commission of crime according to Part 2 of Article 361 by UK of Ukraine (unauthorized intervention in operation of electronic computers (computers), automated systems, computer networks or networks of telecommunication) and also Part 2 of Article 209 (legalization of income gained in the illegal way) was resolved. Pre-judicial investigation[3] continues[4].


Attack to "the Aulsky chlorooverflow station"

In July it became known that Security service specialists of Ukraine reflected a hacker attack on network equipment of Aulsky Chlorooverflow Station LLC which is an object of critical infrastructure of the country.

As the staff of intelligence agency found out, within several minutes of the process control system and the system of detection of signs of emergency situations of the enterprise was struck with the malware VPNFilterVPNFilter [5] This cyber attack potentially could lead to failure of technology processes and possible accident.

Intention of hackers consisted in blocking of steady functioning of the overflow station providing with liquid chlorine the water and sewer enterprises for all territory of Ukraine.

According to representatives of the SSU, the hackers attacking the station allegedly can be connected with the Government of the Russian Federation.

Poroshenko: Ukraine intercepts data from the Russian satellites

The Ukrainian IT specialists working for the government have an opportunity to intercept data from the Russian satellites. Such statement in September, 2018 was made by the president of Ukraine Petro Poroshenko during the air in Vinnytsia which was broadcast by TV channel of Straight line[6].

According to him, IT in Ukraine have "a broad spectrum of practical application", including help to save lives of the Ukrainian military during fighting. Poroshenko cited one of the last conflicts taking place during the armed opposition on Donbass as an example. He reported that on the eve of the Independence Day of Ukraine which is celebrated on August 24 the Ukrainian troops recorded attempt to break through the front line from the DPR.

Approach was performed by the strengthened company on a band of 1.5 km. According to Poroshenko, on this section the artillery of the enemy, the system of volley fire and mortars was concentrated. The president of Ukraine specified that the Ukrainian troops could tighten timely reserves and artillery to fight back the enemy. He noted that it was succeeded to make it thanks to work of investigation and satellite pictures.

"How it became possible? Thanks to specialists of communicative specialties, satellite technologies, specialists computer interpretation specialists because we did interception from the Russian satellites (I ask not to show it). And it means that in Ukraine very strong school is already created" — Poroshenko concluded.

The USA will double the help to Ukraine on support of cyber security

The USA will double the help to Ukraine for strengthening of cyber security of the country, reports TV channel "112 Ukraine" in May, 2018. The assistant to the Secretary of State Wes Mitchell according to the results of a meeting with the president of Ukraine Petro Poroshenko told about it.

"We discussed issues of cyber security, and I with pride can announce that we double the amount of the help in this direction – in strengthening of cyber security – from $5 million to $10 million" — Mitchell said.

It also expressed support from the USA of progress which Ukraine shows in the aspiration to NATO and Euro-Atlantic integration.

"I just returned from a meeting of Ministers of Foreign Affairs of NATO member states which took place in Brussels recently, and at this meeting recently appointed U.S. Secretary of State Pompeo once again emphasized support of that progress which Ukraine shows in the aspiration to NATO and Euro-Atlantic integration" — he told.

The SSU announced exposure of the "pro-Kremlin" hacker group

The Security Service of Ukraine stated [7] about suppression in Kiev of activity of the "pro-Kremlin" hacker grouping organizing cyber attacks to objects of critical infrastructure, the state and banking organizations of the country. For concealment of the activity malefactors used services of anonymization of messages, said in the press release of intelligence agency[8].

According to the message, criminals under "the decree of the Russian intelligence agencies" used so-called "bot farm" for carrying out special information transactions against Ukraine.

During searches at office and in the place of residence of detainees law enforcement authorities revealed hardware and software systems, the server hardware, the computer equipment and over 50 thousand cards of different mobile operators which were used in cyber attacks.

Pre-judicial investigation within the criminal proceedings opened under the Article 361 by UK of Ukraine (illegal intervention in operation of electronic computers, automated systems, computer networks or networks of telecommunication) is conducted.

Learn more:

CIA: "Russia is guilty"

The Central Intelligence Agency of the USA distributed at the beginning of 2018 the statement, that cyber attacks to Ukraine in 2017 were organized the Russian military. The purpose of the attacks – blasting a financial system of the country against the background of civil war. Writes The Washigton Post with reference to CIA about it.

In particular, experts consider Russia responsible for development of the NotPetya virus which attacked the Ukrainian banks, the airports and computers of officials. Besides the virus affected also other countries though most of all, specialists consider, Ukraine suffered.

Servers of Ministry of Justice of Ukraine underwent the hacker attack, hundreds of gigabytes of data are stolen

The website of the Head Territorial Department of justice in Odessa region was cracked. It is said in the statement of management.

"Now with assistance of the staff of Management of SB of Ukraine and the Black Sea management of cyberpolice work on establishment of the reasons of this incident is conducted", – it is said in the statement[9].

It is reported that hackers managed to steal hundreds of gigabytes of documents of the Ukrainian Ministry of Justice.

"Hundreds of gigabytes of documents of Ministry of Justice in open access. Who filled in a shell, it is unknown. The shell is available without password. URL for obvious reasons is jammed. Passwords of administrators are stolen by hackers. All disks from C to F were available on a read and write", – the activist under the nickname Sean Brian Townsend which is a member of Ukrainian cyberalliance claims.

Suspect intelligence agencies of Russia of the hacker attack. It is said that all servers of Ministry of Justice of Ukraine – are compromised.


Again help of the USA

On December 14 the committee of the House of Representatives of the U. S. Congress on foreign affairs supported the bill directed to assistance to Ukraine in ensuring cyber security and opposition of "the Russian misinformation and promotion". An initiator of the project is the democrat congressman from the State of Pennsylvania Brendan Bouli, the text of the law was also finished with the assistance of the Chairman of the Committee, the republican Ad Reus (State of California)[10].

According to information from the website of committee, the document was supported by all his members. Main objective of the bill - "promote efforts of Ukraine on strengthening of cyber security". And the USA in return intend to help Ukraine to resist to "the attempts supported by Russia to use misinformation and promotion in a cyberspace, including through social networks and other platforms".

The help from the U.S. Secretary of State, according to the document, should be directed to protection of government computer networks of Ukraine and also to decrease in dependence of Kiev "from the Russian information and telecommunication technologies". In 180 days after the introduction of the offered law in force the chief of the American diplomacy is obliged to submit to special-purpose committees of the Congress the report on the done work.

The bill will be considered by the House of Representatives of complete structure, then the document will come to the Senate. In case of the positive solution the text will be directed to the signature to the president.

Help of the European Investment Bank

According to information announced by the press service of the vice-prime minister concerning the European and Euro-Atlantic integration of Ukraine Ivanna Klimpush-Tsintsadze, the European Investment Bank (EIB) offered Ukraine the help in the field of cyber security. The corresponding agreements were reached with the head of EIB in Ukraine Lilia Chernyavskaya during discussion of the "Extraordinary Credit Program for Recovery of Ukraine" project, investments of bank into which will make more than 5 billion euros[11].

Help USA, Canada, Turkey and Chile

The USA, Canada, Turkey and Chile will give to Ukraine support in fight against hackers. The bill of ensuring cyber security of Ukraine is submitted for consideration of the U. S. Congress at the beginning of 2017. It is planned that the American specialists will be used for installation in the Ukrainian state structures of the security systems providing protection of critical infrastructure. Also the USA proposed to render assistance to Kiev in "creation of own potential in the field of cyber security"[12].

The State Concern "Ukroboronprom" intends to cooperate with the Chilean companies on the projects connected with development of unmanned aerial vehicles, aircraft industry and ensuring cyber security. The Ministry of Defence of Ukraine is going to adopt experiment of the Canadian colleagues on counteraction to cyber attacks. The Turkish state corporation Havelsan will provide to the Ukrainian specialists the developments of information and prospecting complexes and systems of IT management.

Help of NATO

In July, 2017 Ukraine can receive the equipment for fight against cyber attacks with a total cost of 1 million euros from NATO. The scale of losses from the Petya virus became the reason of the help. By estimates of Eset company which specializes in solutions in information security field 75% of all attacks using Petya were the share of Ukraine.

The vice-prime minister of Ukraine on problems of the European and Euro-Atlantic integration Ivanna Klimpush-Tsintsadze said that the recent attack of the Petya virus led to the fact that the country will receive the equipment for the organization of cyber defense of the critical systems of the country from NATO. Besides, she expects increase in financial aid. "I think that, actually, week when it comes here to Ukraine" — she reported. Delivery will be executed through trust fund NATO which volume is 1 million euros[13] for today[14].

300 thousand euros within cooperation were selected by NATO for the equipment and training of security service specialists of Ukraine for fight against cyberthreats. Such statement was made at the beginning of 2017 by the deputy assistant to the secretary general of the North Atlantic Alliance concerning new calls of security Jimmy Shea. The special equipment will be delivered to Ukraine and installed until the end of spring. "We needed to pass some normal administrative formalities of procedures of import/export, but we hope that we will be able to make it very quickly. Our purpose consists in that by summer everything was set, tested and started", – the representative[15] emphasized[16].

Also told the She about allocated funds on equipment procurement and training of specialists: "In NATO there is the relevant trust fund which is headed by Romania, but donors of this fund are many countries. We spent over 300 thousand euros to help the Ministry of Foreign Affairs of Ukraine and also the Ukrainian intelligence agencies with training of employees and improvement of the equipment for the best detection and reflection of cyber attacks". According to him effectively to organize opposition to cyberthreats not only the equipment, but also special knowledge is necessary. The mission of NATO in this case consists in assistance to the Ukrainian specialists from the SSU as in financing, and training.

Amnesty International condemned the information doctrine of Ukraine

The chief executive of Amnesty International human rights organization Tatiana Masur criticized the information doctrine of Ukraine. She considers that regulation of monitoring of media and public resources of the Internet for the purpose of detection of information prohibited in Ukraine is direct violation of the commonly accepted freedoms. "Freedom of speech? No, did not hear. It is possible to counteract promotion only by one method – creating qualitative and objective content. But if it is difficult, it is much simpler to go way of bans though it and not that way which is necessary to developing country", – she emphasized[17].

Doctrine "About threats of cyber security of the state and urgent measures for their neutralization"

The president of Ukraine Petro Poroshenko approved at the beginning of a year as the presidential decree the action program, directed to gain of cyber security in the country. The program contains in the decision of the National Security and Defense Council (NSDC) "About threats of cyber security of the state and urgent measures for their neutralization", accepted in December, 2016[18].

As the purpose of the doctrine refining of the principles of formation and implementation of the state information policy is designated, first of all on counteraction to "destructive information influence of the Russian Federation in the conditions of the hybrid war launched by it"[19].

According to provisions of the doctrine, an obligation for tracking of publications in media and the Internet for the purpose of detection of information which dissemination is forbidden in Ukraine it is assigned to the Ministry of information policy. Also the ministry should create priorities of the state information policy and exercise control of their implementation. Besides, department is obliged to develop strategy of "information support of process of release and reintegration of temporarily occupied territories".

A number of tasks is also assigned to the Ministry of Foreign Affairs of Ukraine, the Ministry of Defence, the SSU, Public service of special communication and data protection, prospecting bodies and National Institute of strategic researches. ​

Regulations on data storage

In the solution the NSDC, in addition, suggests to provide to the Ukrainian law enforcement bodies wider data access of users. The Verkhovna Rada will consider the bill under which operators and providers will have to store necessary data within 90 days, in the long term up to three years. The so-called electronic proofs found the investigation will begin to be involved in the Ukrainian criminal cases.

Besides, operators will have to provide identification data on providers of services and report along what routes these providers transfer information. In addition, the NSDC suggests to give the Ukrainian courts the right to make decisions on blocking of resources. The relevant bill will be submitted the Verkhovna Rada within three months.

Substitution of the Russian products

The important place in the Ukrainian program of cyber defense is allocated to Russia. In particular, the decision of the NSDC orders the Russian equipment and software to replace with the Ukrainian analogs. Think up as it can be done in a public sector, the Security Service of Ukraine (SSU) and Civil service of Special Communications and Information Service and data protection of Ukraine during 2017 should. In six months it is going to develop the plan of stimulation of the Ukrainian production in this sphere. The government and the SSU should propose measures which will solve a problem of use of the Russian equipment and software on objects of critical infrastructure.

Besides, it is going to develop a method of blocking of the Russian payment systems in the territory of Ukraine. On considering of a legal side of this question the National Bank of Ukraine has a month.

State cyber security

Also the decision of the NSDC suggests to ensure information security of the state objects and critical infrastructure, and it is not only about prohibition of the Russian products in this sector. The Cabinet of Ministers of Ukraine should approve the protocol of combined actions of all authorized instances on detection and prevention of cyber attacks to such objects and liquidations of their effects.

For state structures it is going to create national telecommunication network. Also the main and reserve data centers for data storage of the state information resources will be created on what six months are allotted.

Except everything listed, at the decision of the NSDC there are two secret provisions.


Ukraine accused the Russian Federation of cyber attacks to critical infrastructure

The Security Service of Ukraine accused the hackers connected with Russia of a series of the cyber attacks directed to the power and financial systems and also objects of other infrastructure of the country. In cyber attacks the new type of the malware intended for intervention in industrial processes was used. The Reuters news agency with reference to the chief of staff of the SSU Alexander Tkachuk reports about it [20].

According to him, not only the personnel staff of the Russian intelligence agencies are involved in the attacks, but also the private IT companies and hackers who act on the territory of Ukraine, and, most likely, are creators of the malware BlackEnergy.

As declare in the SSU, only in November and December, 2016 critical infrastructure of the country underwent 6.5 thousand cyber attacks which are presumably performed by the hackers sponsored by the Russian Federation. Tkachuk gave examples of the attacks in December of the last year against key objects of the state system of Ukraine - State treasuries, National Bank and the Ministry of Finance.

According to Tkachuk, the mechanism which received the conditional name Telebots was involved in the last attacks for infection of computers from which control over infrastructure is exercised. As believe in ESET companies, this mechanism is derivative of the malware BlackEnergy.

Other CyberX company specializing in cyber security announced a campaign for cyber espionage as a result of which more than 60 objects, including the Ministry of Energy and research institute were compromised.

Information security doctrine

The concept of national security of Ukraine was adopted by the National Security and Defense Council (NSDC) of the country at the end of 2016.

Development and protection of ICT infrastructure of providing Information Security (information security) of Ukraine and also providing a complete covering of the territory of the country with digital broadcasting are called among the main priorities of state policy in the information sphere.

The doctrine was developed by expert advice of Mininform and considered in the office of the NSDC. Notes from the Ministry of Education, committee of BP concerning freedom of speech and information policy, the SSU, National Institute of strategic researches were also considered in the document.

The Russian hackers were accused of cracking of the application of the Ukrainian gunners

At the end of 2016 the Ministry of Defence of Ukraine commented on the report of the analytical CrowdStrike group[21]in which it was said that the Russian hackers from the Fancy Bear grouping can be involved in cracking of the application used by the Ukrainian gunners reported the UNIAN[22][23].

In the report it was said that in the Popr-D30.ark and Ukrop applications used by the Armed Forces of Ukraine for simplification of calculations during the work of artillery the packet tab for remote access was detected X-Agent. This packet allows to get the GPS data access and cellular communication and, thus, to point to exact positions of artillery. According to the independent military analytical agency International Institute for Strategic Studies, ​ AFU lost about 80% of howitzers of D-30 during the conflict in the southeast of Ukraine.

The press service of the Ministry of Defence said that information on destruction of 80% of howitzers as a result of cracking by hackers of the software is not true. According to command of rocket troops and artillery of ground forces of AFU, during this time losses of arms of artillery were many times less mentioned in the report and are not connected with the specified reason.

About creation of division of cyberpolice

On October 15, 2015 the prime minister Arseniy Yatsenyuk and the Minister of Internal Affairs of Ukraine Arsen Avakov announced creation of division of cyberpolice. The department of cyberpolice will be engaged in information security support in the country. The division will be a part of national police, number will be it 400 people. The salary of the inspector of cyberpolice will be 6 thousand UAH (about 17 thousand rubles).

In addition, the main requirements to the inspector of department of cyberpolice were called. He should be more senior the citizen of Ukraine than 21 years, have skills of the experienced user of the computer, know the legislation of Ukraine, know English also Ukrainian languages and also not to have criminal record. Existence of the higher legal education is desirable.

The position of the special agent of cyber security will require also language skills of programming, experience with ADP equipment and existence of the higher technical education. Its salary will be already from 25 thousand to 30 thousand UAH (about 80 thousand rubles).

Hackers hacked accounts of the Ministry of Defence and National Guard of Ukraine in social networks

Accounts of the Ministry of Defence and National Guard of Ukraine in social networks underwent the hacker attack on August 24. On twitter of the Ministry of Defence the message that the account is hacked by group of hackers of Sprut was published, being followed by a collage with a text "Ukraine more is not present" and "The country is not found". The same message appeared also in official Instagram of the Defense Ministry of Ukraine. As of 2:30 p.m. Moscow time, the Ministry of Defence did not recover access to the accounts in social networks.

The USA will help Ukraine to investigate cyber attack to power objects

The U.S. Department of Homeland Security announced in January, 2016 assistance to Ukraine in investigation of cyber attack to Prikarpatyeoblenergo as a result of which more than 80 thousand people remained without electricity, transferred Reuters.

Incident occurred on December 23, 2015. The Security Service of Ukraine stated that the attack was made by intelligence agencies of Russia. As noted, the staff of the SSU detected the malicious software in networks of the separate regional power enterprises. The USA connected this attack with actions of the Russian hacker Sandworm grouping.

As reported in department, the attack was followed by continuous calls on numbers of technical support regional power.

Kiev connected a hacker attack to Boryspil International Airport with Russia

The cyber attack to the Kiev Boryspil International Airport performed in January, 2016 was carried out from the Russian server. It was said by the speaker of Administration of the President of Ukraine concerning ATO Andrey Lysenko[24].

On January 16, Lysenko reported at a briefing that specialists of Public service of special communication and data protection of Ukraine (Gosspetssvyaz) prevented a hacker attack to Boryspil International Airport which, perhaps, was organized from Russia.

According to the colonel, specialists found out that one of workstations at the Kiev airport was infected with the Black Energy virus. Earlier the same virus was found during a hacker attack to power supply system in Ivano-Frankivsk in the west of Ukraine in December, 2015.

See Also

  1. Cybercriminals from Ukraine cracked servers to order
  2. The cyberpolice neutralized network of the call centers enticing money
  3. [ In the SSU
  4. announced neutralization of the international hacker grouping]
  5. - the multilevel modular malicious software with universal opportunities using which it is possible to carry out both cyberinvestigation, and destructive transactions.
  6. CNews: Poroshenko: Ukraine intercepts data from the Russian satellites
  7. of the SSU blokuvat at Ki¾v_ d_yaln_st an of_sa prokreml_vsky haker_v
  8. [1]
  9. of the Server of Ministry of Justice of Ukraine underwent the hacker attack, hundreds of gigabytes of data are stolen
  10. of the USA intend to help Ukraine to strengthen its cyber security
  11. , the European Investment Bank will help Ukraine in the field of cyber security
  12. the USA, Canada, Turkey and Chile will help to provide cyber security of Ukraine
  13. [ the Equipment for 1 million euros for fight against cyberthreats
  14. Ukraine will receive from NATO]
  15. [ of alliance NATO
  16. helped Ukraine with fight against cyberthreats for 300 thousand euros]
  17. Amnesty International condemned the information doctrine of Ukraine
  18. In Ukraine the Yarovaya package with bans, blocking and the anti-Russian import substitution appeared
  19. Poroshenko approved the information security doctrine of Ukraine
  20. Ukraine accused the Russian Federation of cyber attacks to critical infrastructure
  21. of the Russian hackers accused of cracking of the application of the Ukrainian gunners
  22. of the Ministry of Defence commented on "attack" of the Russian hackers to artillery of AFU
  23. Kiev responded to the report on losses of artillery because of hacker cracking
  24. Kiev connected a hacker attack to Boryspil International Airport with Russia